[geeks] cheap 802.11?
R. Lonstein
ross-sunhelp at lonsteins.com
Fri Feb 28 16:12:00 CST 2003
On Fri, Feb 28, 2003 at 02:34:26PM -0700, Gary Nichols wrote:
[snip]
> 1> Don't broadcast your ESSID please. [0]
[snip - other good ideas]
I want mine broadcast: nycwireless.net :)
> 4) FIrewall off your AP from your network only allowing the secure
> traffic.
You betcha. The AP sits alone on it's own leg of an OpenBSD firewall,
hands out addresses from the not-publicly-routable 172.16 range, is
NATed, can only go to public internet, all packets get scrubbed in and
out, ftp and http are transparently proxied and just a few ports are
open. Security starts at home :)
> 5> Bonus: add a honeypot to your wireless realm and watch the fun!
Might be fun if I find time. I see plenty of crap with snort on the
public side. Interestingly, I didn't see much when the SQL Slapper
worm erupted but still see daily scans from NIMDA and some twink in
Europe who runs whisker all the time.
- Ross
More information about the geeks
mailing list