Gaming adapter as access point

In connecting to open freely provided 3rd-party APs, all within range,
These questions assume no local wireless network, only wireless to
ethernet connection to more than one computer.

Is there any difference between a client bridge, a gaming adapter and a
router that works in client mode? I have seen adapters advertised under
all three terms that allow multiple ethernet connections to several
devices at once.

If so what is the difference? Which alone or in combination gives the
best security from incoming hacking attempts and access to local hard
drives? Or is the terminology so loose that you never know what you're
getting until you buy and try?

Can a software firewall be used with a client gaming adapter or client
bridge to provide as good of security as a router in client mode?
Since testing often involves shutting down the firewall, how are
rulesets generally written to provide quick security in the initial
setup?

(E-Mail Removed) hath wroth:

>In connecting to open freely provided 3rd-party APs, all within range,

Ok, you're hacking into the neighbors wi-fi access point or mooching
off the local coffee shop wireless. Got it.

>These questions assume no local wireless network, only wireless to
>ethernet connection to more than one computer.

Ok, one wireless client adapter and multiple computers. Note that not
all wireless client adapters and game adapters will do this. Also
note that your Subject line is wrong. Your game adapter is NOT being
used as an access point. The game adapter is connecting to an access
point.

>Is there any difference between a client bridge, a gaming adapter and a
>router that works in client mode? I have seen adapters advertised under
>all three terms that allow multiple ethernet connections to several
>devices at once.

See the FAQ at:
| http://en.wikibooks.org/wiki/FAQ_for...ireless_Bridge
The term "bridge" has been severly mis-used and abused. There is no
specific term for a "wireless client adapter bridge that will only
bridge one MAC address" versus a "wireless client adapter bridge that
will bridge more than one MAC address". Whew.

>If so what is the difference?

Can I pass? I'm not 100% I understand the difference and really don't
wanna dive into the protocols tonite.

>Which alone or in combination gives the
>best security from incoming hacking attempts and access to local hard
>drives?

There's no connection between security and the type of adapter or
bridge. It's the encryption level that offers security. WPA-PSK with
a long key is good enough for home use. If you're running a corporate
LAN, WPA-RADIUS is better. If you're really paranoid, an IPSec VPN is
the best.

>Or is the terminology so loose that you never know what you're
>getting until you buy and try?

Yep. The current trend is to disclose as few techy details as
possible to prevent confusing the customer and insuring a satisfactory
out of box experience. Be sure to thank the marketing department for
the insipid data sheets and product description.

>Can a software firewall be used with a client gaming adapter or client
>bridge to provide as good of security as a router in client mode?

Again, no amount of firewalling is going to keep some wireless hacker
off your LAN unless you have decent encryption. Well, you can run a
VPN and also run an open unencrypted system and be quite safe. Routers
do not have a "client mode". I thought you didn't want to install a
router between your multiple computers and your wireless game adapter
client whatever bridge. Also, routers don't have a client mode.

Are you perhaps worried that someone is going to attack your
unprotected home computers via your wireless game adapter? That's not
going to happen unless you accidently setup an ad-hoc wireless
network. You can be attacked from the LAN side of whatever hot spot
you're connecting to, but not directly.

>Since testing often involves shutting down the firewall, how are
>rulesets generally written to provide quick security in the initial
>setup?

Dunno. I usually don't write rulesets unless it's a Cisco router.
Were you planning to buy a Cisco router? There are plenty of example
IOS configs on the internet for every ocassion.

Methinks you would be better served if you use your wireless game
adapter in client mode to connect to whatever you're connecting to,
and then install a common ethernet router between the wireless client
adapter and your computers. That will provide NAT for distributing
multiple IP's, and firewall protection.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

>
>Jeff Liebermann <(E-Mail Removed)> answered:
>
>(E-Mail Removed) hath wroth:
>
>>In connecting to open freely provided 3rd-party APs, all within range,
>
>Ok, you're hacking into the neighbors wi-fi access point or mooching
>off the local coffee shop wireless. Got it.
>

Only partly right, main AP will be a free taxpayer paid for AP.

>
<snip for brevity>
>
>>Is there any difference between a client bridge, a gaming adapter and a
>>router that works in client mode? I have seen adapters advertised under
>>all three terms that allow multiple ethernet connections to several
>>devices at once.
>
>See the FAQ at:
>| http://en.wikibooks.org/wiki/FAQ_for...ireless_Bridge
>The term "bridge" has been severly mis-used and abused. There is no
>specific term for a "wireless client adapter bridge that will only
>bridge one MAC address" versus a "wireless client adapter bridge that
>will bridge more than one MAC address". Whew.
>

I've already read it all, and there seems to be alot of confusion.
Main thing is as you said below, they don't tell you up front. Guess
we need a new standards board to enforce some standards?

>
If so what is the difference?
>
>Can I pass? I'm not 100% I understand the difference and really don't
>wanna dive into the protocols tonite.

Sure I was just wondering if there's anyway to tell before you buy what
the box does; I guess there isn't.

>
>>Which alone or in combination gives the
>>best security from incoming hacking attempts and access to local hard
>>drives?
>
>There's no connection between security and the type of adapter or
>bridge. It's the encryption level that offers security. WPA-PSK with
>a long key is good enough for home use. If you're running a corporate
>LAN, WPA-RADIUS is better. If you're really paranoid, an IPSec VPN is
>the best.

One of the APs used will be unencrypted, so thinking of using Tor or
have to study VPN (sheesh, got enough to do already).

>>Or is the terminology so loose that you never know what you're
>>getting until you buy and try?
>
>Yep. The current trend is to disclose as few techy details as
>possible to prevent confusing the customer and insuring a satisfactory
>out of box experience. Be sure to thank the marketing department for
>the insipid data sheets and product description.
>
>>Can a software firewall be used with a client gaming adapter or client
>>bridge to provide as good of security as a router in client mode?
>
>Again, no amount of firewalling is going to keep some wireless hacker
>off your LAN unless you have decent encryption. Well, you can run a
>VPN and also run an open unencrypted system and be quite safe. Routers
>do not have a "client mode". I thought you didn't want to install a
>router between your multiple computers and your wireless game adapter
>client whatever bridge. Also, routers don't have a client mode.

I thought some routers could act as both APs and routers
simultaneously? How hard is it to set up VPN? Briefly, what's involved?

>
>Are you perhaps worried that someone is going to attack your
>unprotected home computers via your wireless game adapter? That's not
>going to happen unless you accidently setup an ad-hoc wireless
>network. You can be attacked from the LAN side of whatever hot spot
>you're connecting to, but not directly.

I meant how can someone running the "hotspot" I am connecting to use it
to get to my hard drive (assuming file sharing is off) or download a
virus, malware on my machines? And will it be sufficient to use a good
software firewall to prevent this, or MUST I get a router in addition?

>
>>Since testing often involves shutting down the firewall, how are
>>rulesets generally written to provide quick security in the initial
>>setup?
>
>Dunno. I usually don't write rulesets unless it's a Cisco router.
>Were you planning to buy a Cisco router? There are plenty of example
>IOS configs on the internet for every ocassion.

Very funny. Wouldn't be here if I was planning on a Cisco router most
likely.

>
>Methinks you would be better served if you use your wireless game
>adapter in client mode to connect to whatever you're connecting to,
>and then install a common ethernet router between the wireless client
>adapter and your computers. That will provide NAT for distributing
>multiple IP's, and firewall protection.

How about a brand/model recommendation for the router to work in
connection with a Buffalo gamer/AP/bridge device?

>
>Jeff Liebermann <(E-Mail Removed)> answered:
>
>(E-Mail Removed) hath wroth:
>
>>In connecting to open freely provided 3rd-party APs, all within range,
>
>Ok, you're hacking into the neighbors wi-fi access point or mooching
>off the local coffee shop wireless. Got it.
>

Only partly right, main AP will be a free taxpayer paid for AP.

>
<snip for brevity>
>
>>Is there any difference between a client bridge, a gaming adapter and a
>>router that works in client mode? I have seen adapters advertised under
>>all three terms that allow multiple ethernet connections to several
>>devices at once.
>
>See the FAQ at:
>| http://en.wikibooks.org/wiki/FAQ_for...ireless_Bridge
>The term "bridge" has been severly mis-used and abused. There is no
>specific term for a "wireless client adapter bridge that will only
>bridge one MAC address" versus a "wireless client adapter bridge that
>will bridge more than one MAC address". Whew.
>

I've already read it all, and there seems to be alot of confusion.
Main thing is as you said below, they don't tell you up front. Guess
we need a new standards board to enforce some standards?

>
If so what is the difference?
>
>Can I pass? I'm not 100% I understand the difference and really don't
>wanna dive into the protocols tonite.

Sure I was just wondering if there's anyway to tell before you buy what
the box does; I guess there isn't.

>
>>Which alone or in combination gives the
>>best security from incoming hacking attempts and access to local hard
>>drives?
>
>There's no connection between security and the type of adapter or
>bridge. It's the encryption level that offers security. WPA-PSK with
>a long key is good enough for home use. If you're running a corporate
>LAN, WPA-RADIUS is better. If you're really paranoid, an IPSec VPN is
>the best.

One of the APs used will be unencrypted, so thinking of using Tor or
have to study VPN (sheesh, got enough to do already).

>>Or is the terminology so loose that you never know what you're
>>getting until you buy and try?
>
>Yep. The current trend is to disclose as few techy details as
>possible to prevent confusing the customer and insuring a satisfactory
>out of box experience. Be sure to thank the marketing department for
>the insipid data sheets and product description.
>
>>Can a software firewall be used with a client gaming adapter or client
>>bridge to provide as good of security as a router in client mode?
>
>Again, no amount of firewalling is going to keep some wireless hacker
>off your LAN unless you have decent encryption. Well, you can run a
>VPN and also run an open unencrypted system and be quite safe. Routers
>do not have a "client mode". I thought you didn't want to install a
>router between your multiple computers and your wireless game adapter
>client whatever bridge. Also, routers don't have a client mode.

I thought some routers could act as both APs and routers
simultaneously? How hard is it to set up VPN? Briefly, what's involved?

>
>Are you perhaps worried that someone is going to attack your
>unprotected home computers via your wireless game adapter? That's not
>going to happen unless you accidently setup an ad-hoc wireless
>network. You can be attacked from the LAN side of whatever hot spot
>you're connecting to, but not directly.

I meant how can someone running the "hotspot" I am connecting to use it
to get to my hard drive (assuming file sharing is off) or download a
virus, malware on my machines? And will it be sufficient to use a good
software firewall to prevent this, or MUST I get a router in addition?

>
>>Since testing often involves shutting down the firewall, how are
>>rulesets generally written to provide quick security in the initial
>>setup?
>
>Dunno. I usually don't write rulesets unless it's a Cisco router.
>Were you planning to buy a Cisco router? There are plenty of example
>IOS configs on the internet for every ocassion.

Very funny. Wouldn't be here if I was planning on a Cisco router most
likely.

>
>Methinks you would be better served if you use your wireless game
>adapter in client mode to connect to whatever you're connecting to,
>and then install a common ethernet router between the wireless client
>adapter and your computers. That will provide NAT for distributing
>multiple IP's, and firewall protection.

How about a brand/model recommendation for the router to work in
connection with a Buffalo gamer/AP/bridge device?

On 13 Feb 2006 13:46:23 -0800, (E-Mail Removed) wrote:

> Only partly right, main AP will be a free taxpayer paid for AP.

Hint. It's not free if your taxes are paying for it.
Ask yourself how many small WISP (wireless ISP) vendors would be in
business if they didn't have to compete with the local government.

>I've already read it all, and there seems to be alot of confusion.

That's why I wrote it. I'm not absolutely sure that I got it perfect.
I'm constantly seeing new abuse of the term "bridge". The point to
remember is that *ALL* 802.11 wireless is bridging.

>Main thing is as you said below, they don't tell you up front. Guess
>we need a new standards board to enforce some standards?

Right. The radio standards enforcement squad. Swoops down on
unsuspecting marketing departments and fines them for metaphor abuse
and engaging in technobabble. The public must be protected from such
obvious evil. Maybe have wireless considered to be a drug and have
the FDA do the enforcement.

>Sure I was just wondering if there's anyway to tell before you buy what
>the box does; I guess there isn't.

I can't tell except from experience. I know that the following will
do more than one MAC address:
Linksys WET11, WET54G
Linksys WRT54G/GS with DD-WRT firmware in client mode.
I'll have a list at home of those that will only do one MAC address.
Later (if I find it).

>One of the APs used will be unencrypted, so thinking of using Tor or
>have to study VPN (sheesh, got enough to do already).

Either will work. When using a public wireless system, you have to
bring your own encryption and encapsulation. From the FAQ, list of
VPN service providers:
| http://en.wikibooks.org/wiki/FAQ_for...vice_Providers

>I thought some routers could act as both APs and routers
>simultaneously?

Yes, but only for incoming connection. In these routers, the
wireless part is just another (bridged) port on the LAN side. There
are few sold that will act as a wireless client on the WAN side, and
then act as a router on the LAN side. There are a few that will do
this such as a modified version of the Lucent AP1000 firmware. Some
of the WISP providers have such clients. However, the bulk of the
commodity hardware cannot move the wireless to the WAN side of the
router.

You could roll your own using a Linux based router, where a client
mode adapter can be easily simulated. I don't have any handy links
but can find some if you want to go this route. It's not too
horrible. The hardware is usually based on either an old PC
motherboard, or a dedicated SBC such as:
http://www.soekris.com
http://www.pcengines.ch

>How hard is it to set up VPN? Briefly, what's involved?

It varies from trivial to the configuration nightmare from hell.
The thing to remember about VPN's is that they have to terminate
somewhere. It can be terminated in the wireless router, in an ISP's
server farm, or in the destination's router or server. The basic
types are SSL/TLS, PPTP, and IPSec. SSL/TLS aren't really a true
tunnel, but they provide similar functions by encrypting all the
traffic. These are usually terminated in web servers. PPTP is
Microsoft's simplistic VPN. These are terminated in NT4 and W2K
servers, as well as dedicated router. My WRT54G with DD-WRT is
sometimes running a PPTP VPN between my house and office. I can see
all the computahs from both ends. IPSec is the most secure, but also
the most complex. Lots of layers of encryption, authorization, and
authentication. Not too horrible once you've done it a few times, but
a real pain the first time.

Light reading:
http://www.practicallynetworked.com/...t/VPN_help.htm
Follow the links.

>I meant how can someone running the "hotspot" I am connecting to use it
>to get to my hard drive (assuming file sharing is off) or download a
>virus, malware on my machines? And will it be sufficient to use a good
>software firewall to prevent this, or MUST I get a router in addition?

If you have a firewall between your client adapter and your computers,
they will not be able to go backwards, through the router, into your
system. If you have a mess of redirected IP ports (i.e. holes) in
your firewall, it's possible.

Most municipal LAN's have a feature called "client isolation" (which
is often misnamed "AP isolation"). It prevents one wireless client
from bridging to another wireless client. All traffic goes to the
access point and then to the internet.

If your municipal LAN assigns your client radio a routeable IP
address, it is also possible to be attacked from the internet. For
such an arrangement, you must get something to protect your machines.

If your municipal LAN assigns your client radio a non-routeable IP
address (10.xxx.xxx.xxx, 192.168.xxx.xxx, etc) IP address, then you're
relying on their router to protect you from access via the internet.
Since most such municipal router are intentionally porous so that peer
to peer applications function, you'll still need to get something to
protect your machines. Such protection can be personal software
firewalls, but I suggest a hardware router as generally more
effective.

The real danger is sniffing. With a wide open access point and zero
encryption, someone can sniff your traffic and extract all kinds of
good info. That's where the VPN comes in. Some ISP's supply VPN
client and terminations such as:
http://www.sonic.net/hotspots/portal/
No clue what your municipal wireless provider offers. In any case,
these will protect against hijacking the connection, sniffing, and
attacking your client computers directly.

>>Dunno. I usually don't write rulesets unless it's a Cisco router.
>>Were you planning to buy a Cisco router? There are plenty of example
>>IOS configs on the internet for every ocassion.
>
>Very funny. Wouldn't be here if I was planning on a Cisco router most
>likely.

Well, you can write your own iptables rules for the Linux based
wireless routers. I would dump the config from my WRT54G with DD-WRT
but it's a bit long. The nice thing about using Linux is that like
Cisco IOS, there's plenty to copy from. There are also rule set
generators available. Methinks for what you're doing, a seperate
wireless client bridge radio (i.e. access point in client mode), and a
seperate ethernet router that's fairly configurable would be best. I'm
not sure what to recommend. Used Cisco 25xx and 26xx series isn't all
that overpriced. (I just hate the fan noise).

>How about a brand/model recommendation for the router to work in
>connection with a Buffalo gamer/AP/bridge device?

Later... customers cometh
--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558 (E-Mail Removed)
# http://802.11junk.com (E-Mail Removed)
# http://www.LearnByDestroying.com AE6KS

Jeff Liebermann <(E-Mail Removed)> wrote:
>Right. The radio standards enforcement squad. Swoops down on
>unsuspecting marketing departments and fines them for metaphor abuse
>and engaging in technobabble. The public must be protected from such
>obvious evil. Maybe have wireless considered to be a drug and have
>the FDA do the enforcement.

Strangely, I've had some limited success with reporting non-compliance
of newly minted products to the WiFi.org folks, when the product in
question (for instance) doesn't support WPA. Since that's a
requirement for WiFi certification, they coughed up the new firmware
in short order. 8*)

Jeff Liebermann <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> There
> are few sold that will act as a wireless client on the WAN side, and
> then act as a router on the LAN side

Which few?

On Wed, 15 Feb 2006 00:04:15 +0000 (UTC), yomama
<(E-Mail Removed)> wrote:

>Jeff Liebermann <(E-Mail Removed)> wrote in
>news:(E-Mail Removed) :
>
>> There
>> are few sold that will act as a wireless client on the WAN side, and
>> then act as a router on the LAN side

>Which few?

StarOS:
http://www.staros.com/specs.php#cpe
These two CPE client radios will do NAT which allows connecting more
than one computah to the client radio.

There's also Karlnet firmware that runs on an Orinoco AP-1000 which
turns it into a client radio with NAT. I had a few of these deployed
several years ago. $50 for the Karlnet license. The URL requires
CISPA member login. Sorry.

There are also custom Mikrotik RouterOS client radios with built in
router features:
http://ecom1.thesupernet.com/sales/home.php?cat=262
http://www.mikrotik.com/Documentation/rb_2019.pdf

There are similar radio/router combinations put together by various
WISP vendors for their clients.

A Linux based SBC (single board computah) can be convinced to include
a wireless client and also run a router. Actually, the hard part is
using the wireless card as an access point (using HostAP), while using
it as a client radio is fairly easy. I'll look for a link or
instructions later. (I seem to be having problems finding the right
combination of Google search terms).

--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558 (E-Mail Removed)
# http://802.11junk.com (E-Mail Removed)
# http://www.LearnByDestroying.com AE6KS

reply inline:

Jeff Liebermann <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> On Wed, 15 Feb 2006 00:04:15 +0000 (UTC), yomama
> <(E-Mail Removed)> wrote:
>
>>Jeff Liebermann <(E-Mail Removed)> wrote in
>>news:(E-Mail Removed) m:
>>
>>> There
>>> are few sold that will act as a wireless client on the WAN side, and
>>> then act as a router on the LAN side
>
>>Which few?
>
> StarOS:
> http://www.staros.com/specs.php#cpe
> These two CPE client radios will do NAT which allows connecting more
> than one computah to the client radio.

Thanks, but will not order from a company that does not accept ANY
returns.

>
> There's also Karlnet firmware that runs on an Orinoco AP-1000 which
> turns it into a client radio with NAT. I had a few of these deployed
> several years ago. $50 for the Karlnet license. The URL requires
> CISPA member login. Sorry.

It's ok, never would pay a licensing fee.

>
> There are also custom Mikrotik RouterOS client radios with built in
> router features:
> http://ecom1.thesupernet.com/sales/home.php?cat=262
> http://www.mikrotik.com/Documentation/rb_2019.pdf

Order only 10 at a time? Surely, they jest? (no wonder so many companies
go belly up)

>
> There are similar radio/router combinations put together by various
> WISP vendors for their clients.
>
> A Linux based SBC (single board computah) can be convinced to include
> a wireless client and also run a router. Actually, the hard part is
> using the wireless card as an access point (using HostAP), while using
> it as a client radio is fairly easy. I'll look for a link or
> instructions later. (I seem to be having problems finding the right
> combination of Google search terms).
>

Another project entirely for me.

Jeff Liebermann <j...@comix.santa-cruz.ca.us> promises, promises:>

>>How about a brand/model recommendation for the router to work in
>>connection with a Buffalo gamer/AP/bridge device?
>
>Later... customers cometh


Or recommendation for ANY ethernet router (w/firewall) available at
bestbuy, compusa, officedepot, or officemax for under $100 that has a
good track record and will work with Buffalo Gamer AP? Thanks for your
help.