Broadband-Hamnet™ Forum :: General
Welcome Guest   [Register]  [Login]
 Subject :Security ???.. 2014-05-26- 10:43:52 
KO2F
Member
Joined: 2014-05-24- 13:04:16
Posts: 21
Location

Hello Everyone,

What prevents a technically competent non-ham from loading a used Linksys router and joining a local BBHN mesh?

As I understand it, the NW-MESH community uses a distributed credential to digitally sign the routing table, thus constraining network access.  [The adequacy of this is another topic...]

Is there something built in to BBHN that addresses this topic?

If this has been discussed elsewhere, please point me in the right direction.

Bob

KO2F

IP Logged
 Subject :Re:Security ???.. 2014-05-26- 11:08:33 
KG6JEI
Member
Joined: 2013-12-02- 19:52:05
Posts: 516
Location

for the NW-Mesh group I believe you are referring to the OLSRD Secure Module

We actually used this module in versions prior to 1.0.0.

See BBHN->ticket:37 for more details on it being restored back in the next release of BBHN.

If you use the normal default code, than any person can join the network if they have a default build.  The advantage in this case of the code existing is you can at least argue at that point that you took measures to protect your node from speaking to non hams.

If you decide to change the code for a region to take more control than the nodes will become more like a 'closed repeater' where everyone has to have the same code (just like on voice you have to have the correct PL tone)

It doesn't fully secure a node in itself but it does provide some (in my opinion) basis to argue that the node was attempting to not be accessible to non-hams.

When the does don't match a node just throws away the packet without responding to it.

There are still some openings, but the attack surface does get decreased.

You may also want to read:

www.broadband-hamnet.org/hsmm-mesh-forums/view-postlist/forum-1-general/topic-809-what-if-anything-keeps-the-bad-guys-out.html

And as i said once in the past (I believe in that same topic ) "the more people who speak up on about access control features the more likely it is to be worked on sooner"

IP Logged
Note: Most posts submitted from iPhone
 Subject :Re:Security ???.. 2014-05-26- 12:23:33 
KO2F
Member
Joined: 2014-05-24- 13:04:16
Posts: 21
Location

I personally would like to see OLSRD Secure Module  as an available BBHN option.  Preferably with an interface that would allow the node owner to easily upload the key file.

I know the next firmware release will be rolling out soon.  If someone in the know could comment as to whether or not this will be in the mix, the data point would be appreciated.

Bob, KO2F

IP Logged
 Subject :Re:Security ???.. 2014-05-26- 17:00:20 
KG6JEI
Member
Joined: 2013-12-02- 19:52:05
Posts: 516
Location

At the moment, the version that went out to beta does not expose the setting via the user interface.

The key will be able to be changed by either ssh or telnet into the node and editing a file, or by using a SCP client to copy the file that has the key into place.

IP Logged
Note: Most posts submitted from iPhone
 Subject :Re:Security ???.. 2014-05-28- 17:00:37 
W8MRL
Member
Joined: 2014-05-27- 22:07:35
Posts: 4
Location
Hi all. I just gained access to the forums and I'm trying to gain enough knowledge to see if pursuit of a mesh net is worth the time. On the topic at hand though, so am I understanding by this discussion that there isn't an inherit security system in place in HSMM-MESH? ** back from reading another thread *** I just read the thread: www.broadband-hamnet.org/hsmm-mesh-forums/view-postlist/forum-1-general/topic-809-what-if-anything-keeps-the-bad-guys-out.html - which answers my own question. This is a show stopper for me, basic security is needed. Without it I don't even want to start down the MESH path. Keep up the great work guys. Maybe a secure, scalable, network can be created and if anyone can do it - it will be from the amateur radio community. 73, Rob
IP Logged
 Subject :Re:Re:Security ???.. 2014-05-28- 18:05:23 
KG6JEI
Member
Joined: 2013-12-02- 19:52:05
Posts: 516
Location



Can you please elaborate as to what you would be looking for in "basic security is needed." ?

Basic can have many different opinions (such as changing the olsrd code as noted above) or any other number of items so if you could provide a bit more details it would be appreciated.




[W8MRL 2014-05-28- 17:00:37]:

Hi all. I just gained access to the forums and I'm trying to gain enough knowledge to see if pursuit of a mesh net is worth the time. On the topic at hand though, so am I understanding by this discussion that there isn't an inherit security system in place in HSMM-MESH? ** back from reading another thread *** I just read the thread: www.broadband-hamnet.org/hsmm-mesh-forums/view-postlist/forum-1-general/topic-809-what-if-anything-keeps-the-bad-guys-out.html - which answers my own question. This is a show stopper for me, basic security is needed. Without it I don't even want to start down the MESH path. Keep up the great work guys. Maybe a secure, scalable, network can be created and if anyone can do it - it will be from the amateur radio community. 73, Rob

IP Logged
Note: Most posts submitted from iPhone
 Subject :Re:Security ???.. 2014-12-03- 05:17:17 
KE7TBB
Member
Joined: 2012-02-12- 14:03:41
Posts: 19
Location: Las Vegas, NV
 

Don't really want to bring up an old thread, but it is the most relevant to my concerns. I have 2-3 nodes up here in the center of town. My neighborhood can only be described as "crackwhore infested". My building has already had trouble with our WLAN because of the neighbors. I secured it with an 8 character WPA2, they cracked it. When I locked down the MAC's, they spoofed it. I increased the password and they haven't come back. My question is, what's to keep them from going after my meshes?

Something as simple as a password for Las Vegas mesh nodes that only the hams know would be great.

Or disabling SSID. the nodes would still be able to connect, but I would be "invisible"

I need to be invisible in this neighborhood.

IP Logged
Last Edited On: 2014-12-03- 05:30:26 By KE7TBB for the Reason
Dan KE7TBB

Good on the 'ZED';)
 Subject :Re:Security ???.. 2014-12-03- 05:38:00 
KG6JEI
Member
Joined: 2013-12-02- 19:52:05
Posts: 516
Location

Yes Vegas, wonderful town, never turn on your computer when near the Defcon convention, bad things may happen.

The feature to add a code was added in version 1.1.0, however on tracking down the stability problems of 1.1.x  the Secure module was found to have numerous code problems that increased the level of instability in the release and had to be pulled for further testing. It has been retasked to be dug into in the future.

You can't disable SSID in an AdHoc network as it's needed to know that devices exist and associate (not to mention hidden SSID doesn't really hide anything.

IP Logged
Note: Most posts submitted from iPhone
 Subject :Re:Security ???.. 2014-12-03- 05:45:12 
KE7TBB
Member
Joined: 2012-02-12- 14:03:41
Posts: 19
Location: Las Vegas, NV
 
Copy that on the DEFCON. Im about 2 blocks away from the Rio, and weird stuff DID happen LOL. I guess I'm SOL for now, just add me to the list of people mildly concerned.
IP Logged
Dan KE7TBB

Good on the 'ZED';)
Page # 


Powered by ccBoard


SPONSORED AD: