[Dshield] Wireless MAC Authentication options.

Johannes B. Ullrich jullrich at euclidian.com
Mon Jun 20 15:11:28 GMT 2005


Chris Mitchell wrote:
> I have recently been contracted by a client of mine to implement a wireless
> network for a small school (500 students).  I would like opinions on MAC
> Address Authentication methods.  This is a Windows based network, and the
> solution should be fairly simple so that it is manageable by the client.
> Any input is greatly appreciated.

You are probably looking at something like 'nocat' (http://nocat.net/). 
It works "reasonably well". While it can be bypassed (e.g. by spoofing a 
MAC), it works probably good enough for your scenario.

Nocat can opperate in two different "modes":
- Just display a "banner" for people to click off on.
- Ask people to log in with username/password.

It should run well with 500 users, and can be linked to various backends 
(mysql, postgresql, ldap, radius).

If you need anything more secure, you should use a VPN. Essentially 
allow only traffic from the wireless network to the VPN concentrator, 
and manage your users via whatever VPN solution you use. Once they are 
on the VPN, you can let them "out".






More information about the list mailing list