Forums > Technical

Monitoring Connections.

Posts (11)

  • Lein

    Lein

    #13904660 - 9 years ago

    I apologize if a thread concerning this issue has already been posted, but I wasn't having any luck with the search. Feel free to give me a good backhand if there's already a thread for this somewhere. smiley4.gif

    Anyways, I live at a summer camp. Living at the ass end of nowhere, we don't have the option of wi-fi or whatever for the campus, so we simply have an antenna that boosts the routers signal, providing a connection to most of the campus. Unfortunately, having one set password, or even rotating the password allows people who aren't patrons of the camp to get a connection via word of mouth and they do devilish and naughty things, such as using torrents (the provider has a strict 'no torrents' policy, and they start sapping bandwidth if they detect such torrenting).

    So, is it possible for me to somehow set things up so that I have to personally allow someone to access the connection, and gives me the ability to block a connection to a certain computer if need be?

    We have a 5mb wireless connection.

    Using this Router.

    Again, my apologies if this has been posted somewhere or is just considered to be a stupid question in general.

    Thanks for the help!

  • johnnyricoMC

    johnnyricoMC

    #13904663 - 9 years ago

    In reply to Lein, #1:

    My school uses NoCat for the wifi. Students have to log in with their ldap number and password for their NIC's mac address to be granted WAN access. Generate too much traffic and we get blocked.
    Generate P2P traffic and we get blocked too.

    nocat.net/

    It seems you need a linux-based router or access point for it.

    Give everyone their personal number and a certain traffic quotum (with instant ban when using forbidden protocols) and you'll see the amount of people passing logins on to outsiders plummet.


    Now for that specific router: It doesn't seem to be supported by OpenWRT yet. So your best bet is MAC address filtering.
    Problem is MAC addresses can be spoofed with relative ease.

    Post edited 6/03/10 4:13AM

  • Kull

    Kull

    #13904915 - 9 years ago

    In reply to Lein, #1:

    Another possibility to check out: MikroTik RouterOS. It will do RADIUS authentication and MAC filtering, two different ways to address your problem.

  • Fhajad

    Fhajad Forum Games Moderator

    #13905009 - 9 years ago

    In reply to johnnyricoMC, #2:

    Not if you put it into an approved list only and kick out all others.

    Then the spoofers would have a fun time trying to spoof a computer already using the connection.

  • johnnyricoMC

    johnnyricoMC

    #13907396 - 9 years ago

    In reply to Fhajad, #4:

    It'd probably create packet collisions.

  • Lein

    Lein

    #13908373 - 9 years ago

    In reply to johnnyricoMC, #2:

    In reply to Fhajad, #4:

    In reply to Kull, #3:

    Hmm, I'll definitely look into the router OS, but in the meantime the MAC address filtering should do the trick. I doubt the vast majority of people who would be using the camp's connection would have the knowledge to be able and ''spoof' anything.

    Thanks for all the help!

  • johnnyricoMC

    johnnyricoMC

    #13908393 - 9 years ago

    In reply to Lein, #6:

    spoofing is incredibly easy. There are very easy-to-use Windows tools that can do it.

    Knowledge isn't such a huge requirement, only the will to do so is.

  • papercup

    papercup

    #13909687 - 9 years ago

    So . . you are at a remote summer camp . .only one shaky connection trying to cover the whole camp . . . and you are going to cut off an unknown individual's connection?

    I've seen this one. When he can't download his porn, he's going to get an axe and come for all of you. Definitely don't make out with anyone there either . . . he'll get you first. Have you considered maybe it's in your best interest to keep him at his pc?

    You'll be there, machete sticking out of your femur, crawling to your wifi enabled phone that you dropped at the small cave mouth you hid in . . you reach it, try to dial 911 via skype . . . oops, you forgot to put your phone's mac address in to the router. You wail in frustration . . the hockey mask turns suddenly at the outcry . . . and you've been zero'd in.

    Don't say you weren't warned.

  • Lein

    Lein

    #13909809 - 9 years ago

    In reply to papercup, #8:

    You make a morbidly good point. smiley4.gif

  • Fhajad

    Fhajad Forum Games Moderator

    #13909945 - 9 years ago

    In reply to johnnyricoMC, #7:

    You could do it right in the Properties of the network adapter. It's stupidly stupid simple.

  • johnnyricoMC

    johnnyricoMC

    #13909954 - 9 years ago

    In reply to Fhajad, #10:

    apps that do this = just fancy frontends that make the registry changes.