Hacking Hotspot
RouterOS general discussion

117 posts   •   Page 1 of 3   •   1, 2, 3
User avatar
nazadnan2003
newbie
 
Posts: 31
Joined: Tue Sep 05, 2006 10:12 am
Location: Iraq

Hacking Hotspot

by nazadnan2003 » Tue Oct 31, 2006 9:43 am

I Have a Hotspot with web proxy enabled, and some hackers can hack my hotspot by using scanning programs which can scan the active IPs and their MACs and use one of them (by change MAC) to get the same IP of the authorized MAC and then access the Internet without asking to authenticate because its already authenticated.[/b]

User avatar
sergejs
MikroTik Support
MikroTik Support
 
Posts: 6221
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia

by sergejs » Tue Oct 31, 2006 6:09 pm

'ip hotspot user profile' contains 'shared-users' option, 'shared-users=1' allows only 1 client to use the same login/password simultaneously.
1 session means, that only one user are able to use the particular HotSpot login. It might cause problems, as 'bad' user authenticated firstly and then 'good' client is unable to authenticate.

To resolve this,
- use login/password for the HotSpot authentication;
- if bad user has stolen IP/MAC-address and HotSpot login/password, then only managed switches help to protect wired network from unauthorized access (WPA/WPA2 encryption for the wireless network).

User avatar
nazadnan2003
newbie
 
Posts: 31
Joined: Tue Sep 05, 2006 10:12 am
Location: Iraq

by nazadnan2003 » Wed Nov 01, 2006 11:01 am

Dear sergejs:

I alrady use "shared-users=1" , and use login/password for the HotSpot authentication.
The "bad users" stole IP/MAC-address by using scanning programs, and chose one of the active IP/MAC-address.
If the stolen address is alrady autherized in the hotspot, then the "bad users" will recive Internet service as well as the 'good client' (both in the same time and the same IP/MAC-address).

:!: :?:

User avatar
sergejs
MikroTik Support
MikroTik Support
 
Posts: 6221
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia

by sergejs » Wed Nov 01, 2006 12:45 pm

Do you have wireless or wired clients ?
For wireless clients you might use encryption WPA or WPA2, to protect network from unauthorized accesss.
For wired/Ethernet clients management switch might help you, if swith could make restrictions by MAC-address<--->port.

Duplicate IP and MAC-addresses on the newtowk cause problem for 'good' and 'bad' clients, internet will not work correctly for both them, if clients simultaneosly exists on the same network.

PPPoE server might be used instead to protect network from uathorized access.

User avatar
nazadnan2003
newbie
 
Posts: 31
Joined: Tue Sep 05, 2006 10:12 am
Location: Iraq

by nazadnan2003 » Sat Nov 04, 2006 6:24 pm

I have external Access Points connected to the MT Router.
I don’t use encryption WPA or WPA2, and I do not want to do so.

In my case both (Good and Bad users) use the Internet in the same time by using the same IP/MAC-address. Theoretically this is impossible, and internet will not work correctly for both of them. But practically it is work on both sides.

I need a way to prevent this from happened.

What can Managed Swatch do to me in my case?

User avatar
andrewluck
Forum Veteran
Forum Veteran
 
Posts: 702
Joined: Fri May 28, 2004 9:05 pm
Location: Norfolk, UK

by andrewluck » Sat Nov 04, 2006 6:49 pm

A managed switch would help if your clients were all using ethernet. You could restrict MAC addresses to a single port each. That way, if the port changes the switch won't talk to them.

Unless you change to some form of controlled access you can't stop these MAC / IP hijacks.

Regards

Andrew

jo2jo
Forum Veteran
Forum Veteran
 
Posts: 770
Joined: Fri May 26, 2006 1:25 am

by jo2jo » Sat Nov 04, 2006 9:10 pm

the switch idea is correct but i'm assuming this guy is in a wireless enviroment since he says the "hackers" are using scanners and are cloning active athenticated MAC addys...


in which case serge is right u need to use wpa or wpa2 and that will solve this.



what are your "good" clients using to connect? windows laptops? CPEs? and if its laptops u could always use a vpn session and give each good user a user id and password with that....you woudl not need any wpa or wpa2 encrytpion since the hackers coud conect to the ap but not through the vpn and thus no net access..

Hellbound
Long time Member
Long time Member
 
Posts: 505
Joined: Tue Oct 26, 2004 11:21 am

Re: Hacking Hotspot

by Hellbound » Tue Dec 05, 2006 6:07 pm

nazadnan2003 wrote:I Have a Hotspot with web proxy enabled, and some hackers can hack my hotspot by using scanning programs which can scan the active IPs and their MACs and use one of them (by change MAC) to get the same IP of the authorized MAC and then access the Internet without asking to authenticate because its already authenticated.[/b]


to be honest with you I hacked my ISP in such fashion 5 years ago myself, the only way I can think of is PPPoE authentication method.

Mikrotik RouterOS does not offer any solution for this, specially for wireless side.

at this moment there is no wireless hotspot to detect two radio with duplicate mac address and doing managed switch mac filtering is just a headache...

I've been thinking a lot of how to prevent this hack attempt since I did it myself. I can say the only answer might be in finding the culprit... by detecting its signal and location.

However I have other theories of using special java and cookie to read computer's hard disk serial number locally in login page and store it in server ro if another user cloned

User avatar
sergejs
MikroTik Support
MikroTik Support
 
Posts: 6221
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia

by sergejs » Wed Dec 06, 2006 12:53 pm

Hellbound, where is the problem to use encryption protocols (WPA, WPA2) for wireless users ? If your users will not distribute security configuration, then 'bad' user will not have any possibility to establish connection with AP without encruption configuration.

Mikro-Man-Tik
just joined
 
Posts: 18
Joined: Sat Dec 31, 2005 11:40 am

by Mikro-Man-Tik » Wed Dec 06, 2006 3:09 pm

He sergejs...
The problem is when we using the encryption protocols (WPA, WPA2) for wireless users the New User can't connect to network and test the service if we use the hotspot service.

User avatar
sergejs
MikroTik Support
MikroTik Support
 
Posts: 6221
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia

by sergejs » Wed Dec 06, 2006 3:12 pm

One of the workaround for this problem is Virtual AP created on HotSpot AP, where you can create trial HotSPot users and apart HotSpot server, but normal users will connect to the AP running encryption.

User avatar
111111
Member Candidate
Member Candidate
 
Posts: 185
Joined: Thu Oct 05, 2006 1:39 am
Location: BG,SOFIA

by 111111 » Wed Dec 06, 2006 3:51 pm

As Hellbound sad LOGIN ca get some extra info for user
OS, Browser, User account name (many PHP ex.)
hardware numbers, partition number,

User avatar
sergejs
MikroTik Support
MikroTik Support
 
Posts: 6221
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia

by sergejs » Wed Dec 06, 2006 4:14 pm

111111,
what is the problem with encryption protocol configuration ?
Encryption protocol has unique configuration settings, that might be accepted from client with correct configuration, if you will not give them or user who paid for HotSpot will not give them further, nobody could not access to your AP without correct settings.

Hellbound
Long time Member
Long time Member
 
Posts: 505
Joined: Tue Oct 26, 2004 11:21 am

by Hellbound » Wed Dec 06, 2006 8:56 pm

sergejs wrote:Hellbound, where is the problem to use encryption protocols (WPA, WPA2) for wireless users ? If your users will not distribute security configuration, then 'bad' user will not have any possibility to establish connection with AP without encruption configuration.


this is where you can force all user to enable encryption? but how many network with wide coverage is using that?

unfortunately if you take out encryption, there is almost nothing left to protect users.

User avatar
111111
Member Candidate
Member Candidate
 
Posts: 185
Joined: Thu Oct 05, 2006 1:39 am
Location: BG,SOFIA

by 111111 » Wed Dec 06, 2006 10:14 pm

sergejs
WPA 64bit 5 simbol pass is nead around 30min to be decripted
128bit 10 simbol ~ 8h

WPA2 is not supported by each AP client device

User avatar
cmit
Forum Guru
Forum Guru
 
Posts: 1551
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

by cmit » Wed Dec 06, 2006 11:48 pm

I think you meant WEP encryption when giving those times to decrypt/brute-force an encryption key.

WPA still goes as uncracked, I would suppose...

Best regards,
Christian Meis

User avatar
111111
Member Candidate
Member Candidate
 
Posts: 185
Joined: Thu Oct 05, 2006 1:39 am
Location: BG,SOFIA

by 111111 » Thu Dec 07, 2006 12:16 am

cmit WPA i mean
officialy yes it is "most secure" like DVD protection
but "read the manual" say other ;)

WPA + RADIUS + some user system info
that's other

User avatar
ahmedramze
Frequent Visitor
Frequent Visitor
 
Posts: 79
Joined: Mon Feb 21, 2005 10:29 am
Location: IRAQ

JAVA hotspot Can't be hack

by ahmedramze » Thu Dec 07, 2006 3:32 am

I'm sure your problem it from your bad configration of hotspot , if you can send the configration by
Code: Select all
/ip hotspot export

Code: Select all
/ip dhcp-server export

Code: Select all
/ip firewall nat export

and send it .

Your problem is happen when you use saim IP for DHCP and Hotspot .
the scanner software that hack the physical layer of network (( MAC )) and get the DHCP IP from your server who allow these ip to connect to your internet .

to remove these you must configer a temperary DHCP network that allow all user to connect to your hotspot , and configure the hotspot with diffrent ip . for example

1-DHCP server work in 192.168.0.1/24 in hotspot interface
2-do a hotspot server work with 10.200.10.1/24
3- allow the hotspot ips to acsess to you internet from from firewall by
Code: Select all
ip firewall nat add chane=src  src-address=10.200.10.0/24 action=masq... out-interface=((yourWAN))

and told me what happen with you , and any one told you JAVA hotspot not secure told him you did not use right configration .

regard

User avatar
sergejs
MikroTik Support
MikroTik Support
 
Posts: 6221
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia

by sergejs » Thu Dec 07, 2006 9:15 am

111111
1) I think you are reading documentation regarding the WEP, as only WEP has 64(40) and 128 (104) bit keys. I did not recommended WEP as encyption method, I said about WPA/WPA2.
Could you post link with this documentation ?

2) Do you manage to steal WPA key for AP running WPA encryption ?

User avatar
janisk
MikroTik Support
MikroTik Support
 
Posts: 5906
Joined: Tue Feb 14, 2006 10:46 am
Location: Riga, Latvia

by janisk » Thu Dec 07, 2006 9:24 am

o boy, that was one good laugh in the morning. decrypt WPA in 30 minutes. Do you woodoo or have access to AP?

please clarify what documentation you read by posting links here, or name and source of materials.

User avatar
normis
MikroTik Support
MikroTik Support
 
Posts: 19266
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

by normis » Thu Dec 07, 2006 11:36 am

not so fast, janisk. it will take longer then 11111 mentioned (I doubt he's done it), but it looks possible in theory:

http://www.google.com/search?q=cracking+wpa

User avatar
sergejs
MikroTik Support
MikroTik Support
 
Posts: 6221
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia

by sergejs » Thu Dec 07, 2006 11:52 am

Of course WPA2 is recommended, as well EAP is preffered to PSK, as well AES-CCM is preferred.
Anyway I doubt that 63 undictionary 'wpa(1)-preshared-key' will be 30 minutes work for regular user.

User avatar
111111
Member Candidate
Member Candidate
 
Posts: 185
Joined: Thu Oct 05, 2006 1:39 am
Location: BG,SOFIA

by 111111 » Fri Dec 08, 2006 12:47 pm

someting interesting for they who not believe :)
WEP less then 5 sec
Code: Select all
I code it ;)
сKуKцKсKфKсKущххKтKцKфKшKр
сKуKцKсKфKсKущххKтKцKфKщKр
сKуKцKсKфKсKущххKтKцKфKсрKр
сKуKцKсKфKсKущххKтKцKфKссKр
сKуKцKсKфKсKущххKтKцKфKстKр
сKуKцKсKфKсKущххKтKцKфKсуKр
сKуKцKсKфKсKущххKтKцKфKсфKр
сKуKцKсKфKсKущххKтKцKфKсхKр
Last edited by 111111 on Fri Dec 08, 2006 12:52 pm, edited 1 time in total.

User avatar
normis
MikroTik Support
MikroTik Support
 
Posts: 19266
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

by normis » Fri Dec 08, 2006 12:48 pm

again WEP - WE ARE TALKING ABOUT WPA!

User avatar
111111
Member Candidate
Member Candidate
 
Posts: 185
Joined: Thu Oct 05, 2006 1:39 am
Location: BG,SOFIA

by 111111 » Fri Dec 08, 2006 12:55 pm

WPA coding is simple too
just thing how is generated

User avatar
normis
MikroTik Support
MikroTik Support
 
Posts: 19266
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

by normis » Fri Dec 08, 2006 12:56 pm

show us :) somehow, I just don't believe you can do it in minutes

User avatar
111111
Member Candidate
Member Candidate
 
Posts: 185
Joined: Thu Oct 05, 2006 1:39 am
Location: BG,SOFIA

by 111111 » Fri Dec 08, 2006 2:24 pm


User avatar
normis
MikroTik Support
MikroTik Support
 
Posts: 19266
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

by normis » Fri Dec 08, 2006 2:26 pm

did you even read it until the end?

As we've learned, cracking the password is no simple matter. Due to the WPA design, an attacker must have an insider's understanding of how the packets are created and how their data is used to secure a WPA-PSK network (or a tool that does this for the attacker). Our example provided a test using a previously known password. To successfully crack a random network, an attacker must have a large dictionary file, a powerful computer, and a little luck in order to obtain the password. Fortunately, this isn't as easy as it sounds.

User avatar
nazadnan2003
newbie
 
Posts: 31
Joined: Tue Sep 05, 2006 10:12 am
Location: Iraq

by nazadnan2003 » Fri Dec 08, 2006 10:21 pm

Dear ahmedramze can I have your Yahoo ID
for more explenation.

Hellbound
Long time Member
Long time Member
 
Posts: 505
Joined: Tue Oct 26, 2004 11:21 am

by Hellbound » Sat Dec 09, 2006 9:52 pm

normis wrote:did you even read it until the end?

As we've learned, cracking the password is no simple matter. Due to the WPA design, an attacker must have an insider's understanding of how the packets are created and how their data is used to secure a WPA-PSK network (or a tool that does this for the attacker). Our example provided a test using a previously known password. To successfully **** a random network, an attacker must have a large dictionary file, a powerful computer, and a little luck in order to obtain the password. Fortunately, this isn't as easy as it sounds.


why not mikrotik try to detect wireless client with different signal strength with one mac address?

definitely modulation and signal strength can be helpful key to come up with some level of security?

User avatar
smacebr
newbie
 
Posts: 36
Joined: Wed Aug 23, 2006 2:55 pm
Location: Rio de Janeiro, Brazil

Hack PPPOE

by smacebr » Mon Dec 11, 2006 4:21 pm

After we implement MK-PPPOE solution we saw our SSID (even with AP mac cloned) cloned and one PPPOE server was running in that "unknown" AP. They were getting user/password/mac from our customers. We already have one great solution for this. (once it works) But I am curious to know what Mikrotik suggests in these cases? (They always have better solution than ours ;)
Last edited by smacebr on Mon Dec 11, 2006 4:25 pm, edited 1 time in total.

User avatar
sergejs
MikroTik Support
MikroTik Support
 
Posts: 6221
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia

by sergejs » Mon Dec 11, 2006 4:24 pm

smacebr,
use encryption protocols for wireless clients, as it was suggested in the previous posts(WPA/WPA2).

User avatar
smacebr
newbie
 
Posts: 36
Joined: Wed Aug 23, 2006 2:55 pm
Location: Rio de Janeiro, Brazil

wireless encryption

by smacebr » Mon Dec 11, 2006 4:30 pm

but the key is shared by all users in that interface. right?
The problem is that we suspect that who did that has access to our network. (He fixes computers - format, install OS, hardware etc - i've forgotten the word for this kind work). So if the Key is shared by all users in that interface he will be able to get the key when he visits one of our customers. Am I wrong?

User avatar
janisk
MikroTik Support
MikroTik Support
 
Posts: 5906
Joined: Tue Feb 14, 2006 10:46 am
Location: Riga, Latvia

by janisk » Mon Dec 11, 2006 4:36 pm

preferably with eap certificates. but preshared key is also good choice for starters :roll: like me

edit:

you can create virtualAP with different pre-shared key, like one key for group

User avatar
smacebr
newbie
 
Posts: 36
Joined: Wed Aug 23, 2006 2:55 pm
Location: Rio de Janeiro, Brazil

improved authentication

by smacebr » Mon Dec 11, 2006 4:54 pm

I have not checked "eap certificates" before. I must check it then. Any sugestion?

I was thinking about to develop one Dialer (for PCI Wireless Cards) and a customized AP Firmware (just like ApRouter and others) for doing an improved authentication.

After the user logs in (user,password,mac,station) in the radius. Our integration server would send one Key to the Dialer/AP(Fw.Customized) if it combines to the last key sent by our server in the previous session, the client (dialer/ap) will send another key back, in case of incorrect Key or not informing it the server will automatically disconected the user from MK. If everything is OK then the server sends the user a new key to be used in the next session. So this way these keys are updated each session and I hope avoid clonning for ever :-)

Mikrotik what do you think about this kind of solution?

User avatar
janisk
MikroTik Support
MikroTik Support
 
Posts: 5906
Joined: Tue Feb 14, 2006 10:46 am
Location: Riga, Latvia

by janisk » Mon Dec 11, 2006 5:18 pm

certificates can be used in this manner: AP and client receives certificate from radius server and then from this certificate keys are generated and they change over time, it is very very safe. :idea:

User avatar
smacebr
newbie
 
Posts: 36
Joined: Wed Aug 23, 2006 2:55 pm
Location: Rio de Janeiro, Brazil

by smacebr » Mon Dec 11, 2006 5:23 pm

Is it the same I talked above or is it diferent?
I need one example of implementing it to understand it better.

User avatar
janisk
MikroTik Support
MikroTik Support
 
Posts: 5906
Joined: Tue Feb 14, 2006 10:46 am
Location: Riga, Latvia

by janisk » Tue Dec 12, 2006 5:35 pm

kind of the same, just already implemented in ROS, windows and Linux.

you have to generate TLS certificate for user and your AP, then set this certificate for router and for user :roll:

ofasa
Member Candidate
Member Candidate
 
Posts: 104
Joined: Tue Jul 20, 2004 11:42 pm

by ofasa » Thu Dec 14, 2006 11:23 am

nazadnan2003 wrote:Dear sergejs:

I alrady use "shared-users=1" , and use login/password for the HotSpot authentication.
The "bad users" stole IP/MAC-address by using scanning programs, and chose one of the active IP/MAC-address.
If the stolen address is alrady autherized in the hotspot, then the "bad users" will recive Internet service as well as the 'good client' (both in the same time and the same IP/MAC-address).

:!: :?:


1. Try disabling 'Universal Client'. (I think this is done by setting the address-pool in the user profile to 'none')

2. Try binding the MAC address to the IP address in the firewall (possibly with a login script in the user profile - if mac is xx-xx-xx-xx-xx-xx and ip is not yy.yy.yy.yy reject/tarpit/drop)

Just a few thoughts.

skynoc
Member Candidate
Member Candidate
 
Posts: 136
Joined: Wed Jul 07, 2004 10:20 pm

hotspot is too weak

by skynoc » Thu Dec 14, 2006 10:28 pm

hi guys ,
i have the same problem with mikrotik .
you should give each client a static ip or there should be a script running which gives each client a subnet of 30 bits , this can solve mikrotik hotspot service .

i m using hotspot with static ip only , and my system is running well ,

User avatar
sergejs
MikroTik Support
MikroTik Support
 
Posts: 6221
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia

by sergejs » Fri Dec 15, 2006 8:55 am

skynoc, do you have HotSpot running on the wireless or Ethernet interface ?

User avatar
nazadnan2003
newbie
 
Posts: 31
Joined: Tue Sep 05, 2006 10:12 am
Location: Iraq

by nazadnan2003 » Sun Dec 17, 2006 1:04 pm

Ahmedramze wrote
I'm sure your problem it from your bad configuration of hotspot...


Dear Ahmedramze:
I'm sure that I follow the right steps described in the PDF Manual to configure the Hotspot, is there any possible that MikroTik make some mistake in their configurations??? !!!!

Ahmedramze wrote
and told me what happen with you...

the same problem still exist
The "bad users" stole IP/MAC-address by using scanning programs, and chose one of the active IP/MAC-address.
If the stolen address is already authorized in the hotspot, then the "bad users" will receive Internet service as well as the 'good client' (both in the same time and the same IP/MAC-address).



Ahmedramze wrote
and any one told you JAVA hotspot not secure told him you did not use right configuration.

Can you pleazzzzzzzz tell me from where this confidence originate abut JAVA Hotspot ????
Did you try to hack your Hotspot by yourself ?
If you are already can prevent this kind of illegal access to your Hotspot ? Can you pleazzzzzzzzz show us who can you do that?

User avatar
sergejs
MikroTik Support
MikroTik Support
 
Posts: 6221
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia

by sergejs » Mon Dec 18, 2006 5:46 pm

nazadnan2003,
it is not very easy to understand, why wireless encryption protocols are not suitable for you ?
Wireless encryption protocols usage allows to protect wireless network from unauthorized users.

User avatar
smacebr
newbie
 
Posts: 36
Joined: Wed Aug 23, 2006 2:55 pm
Location: Rio de Janeiro, Brazil

by smacebr » Thu Dec 21, 2006 12:12 am

Even using these wireless encryption protocols we still vulnerable, they can get the key with another customer, IMHO presharedkey does not work for ISP. We need one better solution.

User avatar
sergejs
MikroTik Support
MikroTik Support
 
Posts: 6221
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia

by sergejs » Thu Dec 21, 2006 9:48 am

1. You have to educate customers, that distributing preshared keys over the unauthorized users is not a good idea;
2. Alternative more secure method than preshared key exists EAP. It is better and more secure. As it was described previosly.

User avatar
nazadnan2003
newbie
 
Posts: 31
Joined: Tue Sep 05, 2006 10:12 am
Location: Iraq

by nazadnan2003 » Mon Dec 25, 2006 12:56 pm

sergejs
It is not very easy to understand why MT team can not confess that they couldn’t till now prevent this kind of penetration.
Many reasons make wireless encryption protocols are not suitable for me, these reasons are shortly describe below:
    - My Hotspot is covering a small city with 5 Km diameter with other Hotspots, so it’s very important to my Hotspot to be easy to connect for first look.
    - Most of the users are dummies (in networking skills), so each time a user face some problems in his connection or even in his PC regarding the internet I should support him without any charge.
    - Imagine the time spends with this kink of problems, which can be spend with other users and problems can be charged.


Regards

Hellbound
Long time Member
Long time Member
 
Posts: 505
Joined: Tue Oct 26, 2004 11:21 am

by Hellbound » Tue Dec 26, 2006 8:00 pm

I have an idea

MT make a simple Scanner detector that is trying to scan more than 3 IP in one minute and blacklist the mac address from the network so at least the person won't be able to scan the whole network for alive IP address.

at the other hand MT make dynamic IP and dynamic Gateway in 255.255.255.252 subnetting.

so even in layer 3 we can block scanning.
dynamically create local IP address and dhcp release dynamic setting (for instance)
gateway1: 10.1.1.1
client1: 10.1.1.2
subnet: 255.255.255.252

gateway2: 10.1.1.3/31
client2: 10.1.1.4/31
subnet: 255.255.255.252

and so on...


better than nothing.

thanks

User avatar
janisk
MikroTik Support
MikroTik Support
 
Posts: 5906
Joined: Tue Feb 14, 2006 10:46 am
Location: Riga, Latvia

by janisk » Wed Dec 27, 2006 11:20 am

nazadnan2003 wrote:sergejs
It is not very easy to understand why MT team can not confess that they couldn’t till now prevent this kind of penetration.
Many reasons make wireless encryption protocols are not suitable for me, these reasons are shortly describe below:
    - My Hotspot is covering a small city with 5 Km diameter with other Hotspots, so it’s very important to my Hotspot to be easy to connect for first look.
    - Most of the users are dummies (in networking skills), so each time a user face some problems in his connection or even in his PC regarding the internet I should support him without any charge.
    - Imagine the time spends with this kink of problems, which can be spend with other users and problems can be charged.

Regards


as sergejs wrote - educate your customers

and as i know WPA2 and EAP is available since 2.9.8. so it is more that a year.

and you can provide DEMO with no encryption and no real access to Internet with with virtualAP. so they anyone can connect and see how to configure their interface.

User avatar
smacebr
newbie
 
Posts: 36
Joined: Wed Aug 23, 2006 2:55 pm
Location: Rio de Janeiro, Brazil

by smacebr » Sun Dec 31, 2006 2:50 am

janisk,

I am looking for one path to implement this EAP in my network. Can you point me one tutorial that works with MK?

Thank you.

skynoc
Member Candidate
Member Candidate
 
Posts: 136
Joined: Wed Jul 07, 2004 10:20 pm

by skynoc » Wed Jan 03, 2007 10:22 am

sergejs

i m using wired network on ethernet .

  Next
117 posts   •   Page 1 of 3   •   1, 2, 3

Who is online

Users browsing this forum: Baidu [Spider], Google [Bot], mandrade and 36 guests

It is currently Sun Nov 23, 2014 12:05 am