Yes, theoretically, if you could attach to the correct tunnel interface on the BSD box and spoof the PPPoE section of the ethernet packet, after doing the WEP breaking and MAC spoofing, then, yes, you could get free service. But you know, if somebody is going through that to get some free internet, then by all means go right ahead. You're only going to get 256kbps or so -- not a big deal to me as a network admin.
As soon as the standards are set 100% and we get firmware & driver updates for everything (I believe a winxp patch is out already?), yes, we will definitely deploy the Wireless Authentication Protocol.
I think the issue is not with "reading" the documentation -- I did this for hours to no avail. I think the real issue is *understanding* what the documentation is saying -- it's with making the leap that:
"note that we use the out modifier so that the rule is not used twice. Remember in fact that ipfw rules are checked both on incoming and outgo-ing packets."
means that *not* doing so results in half-bandwidth. I think that's a huge conclusion to leap to without understanding the internals of how ipfw works, and there is very little documentation of this effect.
On our side, the actual tower itself is pretty cheap. We started out with a single T1, (we're waiting on our third one to go in next week), $350 install for that, $250 for a used cisco 2501 + dsu/csu, we already had the AP and antenna laying around. And our tower is $200/mo... so, the physical setup was, in total, maybe $900? CPE is running us right around $150-200, depending on which model is required.
The OSS backend, though, is what I usually spend my day maintaining. Mail servers, billing, customer management, all that stuff... man. I spend probably 20 hours a week upgrading / tweaking / maintaining. I'm sure that to startup, you could do it all for free with OS stuff, but it would take a lot of work. A *LOT* of work. Especially making everything tie together -- that's the really hard part. So to answer your question... that's the really, really expensive part.
But then you put in a NIC, or put in a router... it takes a reconfig by somebody, which is no fun. Also, if the auth server is farther away than on-LAN, you lose the ability to report MACs (generally).
Our solution abstracts away from the hardware, so replacing a NIC or putting in a router requires no customer contact ($$), and utilizes industry standard protocols to tie everything together instead of a website-based, almost "Coffee Shop" style authentication.
We already have an Alvarion deployment in downtown Colorado Springs, CO... we decided to go with generic 802.11b for this rural project for pure financial reasons. Alvarion CPE is wildly expensive, and Canopy CPE is only a little less cost-prohibitive. Compared to normal 802.11b gear, where you can buy a good, business-class antenna & radio for $200 (less than half the cost of alvarion/canopy gear)... the higher priced ones, although full of neato features, just don't justify the cost in our particular situation.
We thought about doing the walled-garden approach, but decided that it would piss of our customers to much to have to go through a portal page (login) that couldn't be automated (like ppp can be).
Slashdot Mirror
Yes, theoretically, if you could attach to the correct tunnel interface on the BSD box and spoof the PPPoE section of the ethernet packet, after doing the WEP breaking and MAC spoofing, then, yes, you could get free service. But you know, if somebody is going through that to get some free internet, then by all means go right ahead. You're only going to get 256kbps or so -- not a big deal to me as a network admin.
As soon as the standards are set 100% and we get firmware & driver updates for everything (I believe a winxp patch is out already?), yes, we will definitely deploy the Wireless Authentication Protocol.
I think the issue is not with "reading" the documentation -- I did this for hours to no avail. I think the real issue is *understanding* what the documentation is saying -- it's with making the leap that:
"note that we use the out modifier so that the rule is not used twice. Remember in fact that ipfw rules are checked both on incoming and outgo-ing packets."
means that *not* doing so results in half-bandwidth. I think that's a huge conclusion to leap to without understanding the internals of how ipfw works, and there is very little documentation of this effect.
randal
The main reason for this is that very few (cheap) SOHO routers support PPTP. All of them support PPPoE. We use what works and what is cheap.
randal
Hahaha, I knew you'd come chime in ;-)
randal
On our side, the actual tower itself is pretty cheap. We started out with a single T1, (we're waiting on our third one to go in next week), $350 install for that, $250 for a used cisco 2501 + dsu/csu, we already had the AP and antenna laying around. And our tower is $200/mo ... so, the physical setup was, in total, maybe $900? CPE is running us right around $150-200, depending on which model is required.
... man. I spend probably 20 hours a week upgrading / tweaking / maintaining. I'm sure that to startup, you could do it all for free with OS stuff, but it would take a lot of work. A *LOT* of work. Especially making everything tie together -- that's the really hard part. So to answer your question ... that's the really, really expensive part.
The OSS backend, though, is what I usually spend my day maintaining. Mail servers, billing, customer management, all that stuff
randal
Wow, I helped someone out with my whitepaper. My life is complete.
Thanks for reading it!
randal
We utilize CHAP primarily with PAP as a backup. CHAP offers end-to-end encryption of the authorization session, while PAP does not.
Cheers,
randal
But then you put in a NIC, or put in a router ... it takes a reconfig by somebody, which is no fun. Also, if the auth server is farther away than on-LAN, you lose the ability to report MACs (generally).
Our solution abstracts away from the hardware, so replacing a NIC or putting in a router requires no customer contact ($$), and utilizes industry standard protocols to tie everything together instead of a website-based, almost "Coffee Shop" style authentication.
randal
We already have an Alvarion deployment in downtown Colorado Springs, CO ... we decided to go with generic 802.11b for this rural project for pure financial reasons. Alvarion CPE is wildly expensive, and Canopy CPE is only a little less cost-prohibitive. Compared to normal 802.11b gear, where you can buy a good, business-class antenna & radio for $200 (less than half the cost of alvarion/canopy gear) ... the higher priced ones, although full of neato features, just don't justify the cost in our particular situation.
randal
We thought about doing the walled-garden approach, but decided that it would piss of our customers to much to have to go through a portal page (login) that couldn't be automated (like ppp can be).
randal
As an article poster, I saw that it was gonna get hit pretty hard, so here's a mirror:
http://129.19.75.194/~jakalowiw/warta/
Cheers,
Randal
You'd think they would really fool us on this particular day by not duping...
rk
There is a mirror available of the high-res video located below:
_ 64 0.mov
ftp://files.rand0m.org/videos/reloaded_teaser_1
it's not portable, because it's pointless, because it's not Linux. Yet you seem to like Star Wars crap made out of legos...
... makes sense to me ;-)
But see, lego[s] are portable, are mostly-pointless except for creativity, and share the force with linux
"it's you, inside yourself"