Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Wireless Defense Bubble - $200

    Scheduled Pinned Locked Moved Expired/Withdrawn Bounties
    6 Posts 4 Posters 4.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kingfisher
      last edited by

      I know this is a subject people get nervous about, but if I can find a legitimate use for it, I am sure others can too.

      What I am looking for is a way to block APs on a network. The company I work for owns the entire 3 story building we are in. We have contractors coming in all of the time and many of them like to hook up their own access points. We have advised them that this is against policy, but occasionally the marketing types like to put one past us and hide one. We do sweeps on a regular basis, but I had a thought for a better way.

      How about sending deauthentication frames to in affect, jam clients from getting on rogue access points. What I was thinking was 3 options. Block this AP (specified by MAC or SSID) and allow all others, allow this AP (specified by MAC or SSID) and block all others, and lastly, block all.

      Since this isn't RF jamming, there shouldn't be an issue with the FCC. We could selectively jam APs. The system would also need to be able to detect new APs and handle them based on the list of rules (block, allow, etc.).

      ideally, this would work better on a AP converted to handle this like a WRT, but I thought with the power and flexibility that pfsense has, this may be the place to start.

      What are your thoughts?

      BTW, I understand that Aruba APs have this feature.

      1 Reply Last reply Reply Quote 0
      • S
        sullrich
        last edited by

        This would require OpenBSD's hostapd IIRC and would be a bit of work to port.  In addition if we ported their hostapd I am not sure if we would loose any features.

        1 Reply Last reply Reply Quote 0
        • K
          kingfisher
          last edited by

          What sort of bounty do you think would make this workable?

          1 Reply Last reply Reply Quote 0
          • B
            billm
            last edited by

            @sullrich:

            This would require OpenBSD's hostapd IIRC and would be a bit of work to port.  In addition if we ported their hostapd I am not sure if we would loose any features.

            Yeah, their hostapd, or more likely at this point, merge their security functions into the madwifi hostapd.  Neither is an easy task and I think we'd lose WPA.

            –Bill

            pfSense core developer
            blog - http://www.ucsecurity.com/
            twitter - billmarquette

            1 Reply Last reply Reply Quote 0
            • T
              trendchiller
              last edited by

              losing WPA is a bad thing…  :-
              please don't do so...

              1 Reply Last reply Reply Quote 0
              • B
                billm
                last edited by

                @trendchiller:

                losing WPA is a bad thing…  :-
                please don't do so...

                I doubt anyone is gonna jump on this bounty anyway.  The amount of work involved would require someone who was motivated by much more than the bounty.

                –Bill

                pfSense core developer
                blog - http://www.ucsecurity.com/
                twitter - billmarquette

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.