|
|
Enhanced wi-fi security patch for FreeBSD
Roland van Laar has a new, significant wi-fi patch for FreeBSD 5.1 and higher. The patch blocks clients with an empty or "ANY" ssid and disables ssid broadcasting. SSID (Service Set ID) is used to identify wireless clients to a wireless / wired gateway. Wireless devices from the same manufacturer generally ship with the same default SSID. A beacon is a type of packet/frame that contains the SSID of a network. It is used to sync clocks on client devices and to make it easy for new network clients to see what networks are available. Preventing others from using your ssid is a means (although not foolproof!) of securing your wireless network.
[Read announcement]
From: "The MiP RvL" <the_mip_rvl@myrealbox.com>
To: freebsd-hackers@freebsd.org
Date: Thu, 25 Dec 2003 01:07:31 +0100
Subject: enhanced security patch for if_wi
Hello
This is a patch for which a couple of wi-fi fans have been waiting to get :=
) And now it's there, just before Christmas ;)
This patch is against FreeBSD 5.1, I didn't have current installed and 5.0 doesn't work in hostap mode with 1.7.4 firmware.
http://wleiden.webweaving.org:8080/.../enh-sec-patch/
For the enhsec option to work you need a prism 2,2.5,3 with firmware 1.6.3 or higher.
To give a small explaination:
It uses a firmware feature: 0xFC43
# wicontrol -i iface -E 0|1|2|3
This sets the WI_RID_CNFENHSECURITY flag.
0 = "disabled"
1 = hide SSID in beacon frames
2 = ignore clients with a "ANY" SSID
3 = 1 and 2 combined
It blocks clients with a "" or "ANY" ssid
And disables ssid broadcasting.
I checked it today, and it worked,
but please do acknowledge the fact that I haven't been
able to test this function on a real network, with real data going over the link.
I haven't had the time yet to make it work with ifconfig, so until then, use wicontrol.
Regards,
Roland van Laar
Report this post to a moderator | IP: Logged |
|
IP卡
狗仔卡
发表于 2003-12-28 21:13:25
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡