RE: Current state of security features

From: Keith Heinemann (khmann_at_performance-data.com)
Date: 2002-03-07 03:08:07 UTC

• Next message: Jouni Malinen: "Re: Current state of security features"
• Previous message: Kristian Hoffmann: "WDS linux-wlan-ng sources"
• Maybe in reply to: David: "Current state of security features"
• Next in thread: David: "Re: Current state of security features"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

> One feature I have seen on Cisco Aironet APs is the ability to
deny

> inter-client forwarding (i.e. all traffic must go out the
ethernet port) -

> can this be done on the AP software for Linux ?
        

        I have in the past faked this kind of thing on ethernet by blocking broadcast/multicast frames. if you block broadcasts, machines can no longer find each other, though they communicate just fine if you use static arps. this isn't perfect from a security standpoint if evestropping is employed, but it will keep a casual user from 'pinging around' in their subnet.

        disabling inter-client repeating would be a great feature!         

        later.

        -keith

• application/ms-tnef attachment: winmail.dat

• Next message: Jouni Malinen: "Re: Current state of security features"
• Previous message: Kristian Hoffmann: "WDS linux-wlan-ng sources"
• Maybe in reply to: David: "Current state of security features"
• Next in thread: David: "Re: Current state of security features"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]