On 17/07/2017 10:55, Johnny B Good wrote:
On Mon, 17 Jul 2017 09:07:23 +0100, [email protected] wrote:
On 16/07/2017 22:08, Adrian Caspersz wrote:
If I wander in there with n devices connected to their wifi, can the
interfaces talk to each other as well as the net?
I'm hoping the answer is no... as I'm dreaming up a shared internet
facility trying to keep student users roughly isolated on a simple
switch (no VLAN support).
Current plan is multiple DHCP leases, all individually on their own
local lan subnets, each subnet connected to the internet but nowhere
Does anyone do an out-of-the-box software build for this DHCP that runs
on a rPI? Extra points if it has a nice GUI....
... or I'll have to sit down and script one for DNSmasq
Its virtually impossible to secure the wireless side.
You can make it more difficult but someone with the will and knowledge
can break it in a matter of seconds to hours depending on what you
There is nothing you can do to stop people monitoring the wireless and
its easy to crack the current encryption standards.
If you want security you *need* to only allow access to a VPN server
with strong encryption. Then the server rules determine who can access
If all you want to do is stop wireless clients talking to each other
then look for an AP that has a setting to prevent this. My old netgear
had such a setting. Once set clients could only see the wired side and
not other wireless clients.
You probably need to download the manual and look as its doesn't appear
as a feature in the sales stuff on many AP.
The Tweepadock in the room is that this by itself won't prevent an
enterprising hacker from using a laptop as a fake AP in order to run a
MITM intercept operation.
The VPN server will as the MITM won't be able to decrypt anything.
Then a one time password will prevent any replay attacks too.
Its a bit much for the average user to need though.
I do run a VPN server but I use pre shared keys which stops the MITM but
not a replay. It doesn't matter much as the banking apps have their own