Sharing only internet connectivity with wireless router
shimi
linux-il at shimi.net
Wed Apr 6 11:25:30 IDT 2011
On Wed, Apr 6, 2011 at 11:17 AM, Elazar Leibovich <elazarl at gmail.com> wrote:
>
>
> On Wed, Apr 6, 2011 at 10:26 AM, shimi <linux-il at shimi.net> wrote:
>
>>
>> Changing your MAC is pretty trivial...
>>
>
> Yeah, but guessing which MAC is in my whitelist is less so. So if an
> attacker want to spoof his MAC address he has to sniff for a MAC address,
> (which means he can do that only when my computer is on). I'm not familiar
> with the WiFi protocol, but I'm sending the MAC only in the handshake phase
> it's even harder to spoof your MAC.
>
> I'm not trying to avoid the NSA, the attack vector I'm trying to prevent is
> a random vandals. A vicious attacker can simply knock on my door and ask to
> use my computer to check when his flight is leaving.
>
You don't need to guess if you can passively get them, courtesy to active
network traffic... "my computer isn't always on" is like putting your head
in the sand :)
If you want to stop random vandals, just have your network with encryption
and don't publish the key. If you open anonymous access... it would be open.
If not going VLAN-way, your other choice is to not allow connections coming
from the outside at all (to all the computers in your LAN - easy in Linux,
difficult if you also have Redmond) - and just run some OpenVPN server on
the Linux to have things open (authentication + encryption).
-- Shimi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20110406/f7fd3a89/attachment.html>
More information about the Linux-il
mailing list