VPN advice (was Re: [ale] [OT] WEP auth modes)

Joe jknapka at earthlink.net
Wed Mar 5 20:09:55 EST 2003


Synco Gibraldter <synco at xodarap.net> writes:

> hey... here's the difference:
> 
> open system means that, even without the correct key, the user can
> transfer data with the access point or another machine on the network...
> if you were to send out an arp flood to identify machines in the area, you
> could do this successfully without a key.  the routing isn't handled
> without a key, so actual connectivity isn't possible without the key.
> 
> shared key means that absolutely no communication is possible without the
> key, so if you're not testing or debugging and you only want people with
> the key to find and use your wlan, then use this mode.

Thanks.

> how are they the same?  they're both ridiculously insecure and in either
> one of these modes, wep can be broken very very very quickly.  wep is
> basically a big waste of time and i'd advise you to use a vpn.  if you
> want more information, just run a google search for something like "wep
> insecurity" and you'll have a few days worth of reading.

I know it's insecure. And I've decided I've got to do something about
that.  My wireless boxen are a WinXP box (gag, retch), a WinME box
(choke, hurl), and a laptop that may have a number of different OS's
on it in the near future, including Gentoo Linux (installing now),
FreeBSD, OpenBSD, Red Hat 8, and Lycoris Linux.  I need a VPN solution
that will work for all those. I admit to being frightened of IPsec,
but I suspect it's the only game in town. Is there some good
documentation (web site, book, whatever) that will make it possible to
get IPsec working on all these platforms without losing much more
hair? I've done the "PPP-over-SSH" thing before, between Linux
boxen, but I doubt there's a Windows solution that will play that
way. Am I wrong?

Also, my AP is on the same Ethernet segment as all my other machines.
I suspect that's bad, and I should put a firewall between the
AP and the rest of my network. Presumably that FW would be one end
of the VPN. It seems to me that folks will still be able to sniff
my wifi network and find out MAC addresses and so forth, even with
a VPN in place, correct?

Thanks,

-- Joe Knapka
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale






More information about the Ale mailing list