Re: Question about MAC addresses

In article <1140545472.768065.86290@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
blixel@xxxxxxxxx <blixel@xxxxxxxxx> wrote:


I have a custom wireless access point that I am setting up which is
using FreeBSD 6.x. The WAP itself is a tiny, embedded computer. It
boots from Compact Flash, read only. I will have several of these
devices around an area.

I need a way to control who can connect to these WAP's. The current
thinking is that we will setup an authentication server in a central
location. The authentication server will simply contain a list of MAC
addresses for clients that are allowed to connect to our WAP's. (We
know how easy it is to spoof MAC addresses. Regardless...)

We do not want to do mirroring of the master list to all the WAP's.
What we want to do instead is set a default rule of "Deny all MAC
addresses". Then, when a person tries to connect to a WAP, the WAP
will query the authentication server to determine if the client is
allowed or not. If it is allowed, the WAP will add a rule to allow
their MAC address.

The problem I'm running into though is I can't figure out a way to make
that query happen. When I associate my laptop with the WAP, I don't
see any place where the MAC address is listed. It doesn't show up in
"dmesg", I don't see it in the log files, etc...

Does anyone know of any way to do what we are trying to do? We are
willing to change our methods a little if it will ultimately accomplish
the goal. Is there a daemon I can run that will simply monitor the
wireless card and report MAC addresses? Better yet, is there a
client/server tool that will do what I want?

I'm really hurting for ideas at this point.


Have you checked the ARP table?

arp -a -n


Also, did you know that the Linksys WRT54G runs Linux with the full source
code available? You might could tweak nocatauth, which has been ported
to it, to do what you want.


Ted
.

Relevant Pages

  • [fw-wiz] Re: Wireless
    ... somewhat limited when it comes to a national or international network. ... started toying with the 'wired' side looking at the WAP MAC addresses. ... this area on the Cisco network. ...
    (Firewall-Wizards)
  • Question about MAC addresses
    ... I have a custom wireless access point that I am setting up which is ... The authentication server will simply contain a list of MAC ... addresses for clients that are allowed to connect to our WAP's. ... Then, when a person tries to connect to a WAP, the WAP ...
    (comp.unix.bsd.freebsd.misc)
  • Re: Bigger isnt always better!
    ... when I said the Mac doesn't play well with others. ... much anything wireless beyonf plain vanilla. ... Tell me of a WAP that has the Enterprise WPA and I will give it a go. ...
    (comp.os.vms)
  • Re: WLAN security question
    ... >> it feasible for someone to do say a brute force attack on the WAP ... >> hold of my laptop and get the MAC address from that? ... >MAC addresses in use is a trivial process once WEP has been cracked. ... >You should carefully exam your Firewall configuration also. ...
    (comp.security.misc)
  • Problem with my wireless network
    ... LinkSys eq.'s WAP 11. ... All wap's have private ip's with public ip's at clients servers. ...
    (Focus-Linux)