Friday16 Group1
From School2007
Contents |
[edit] A sunny day !
This last day of the second week got off to a slow start??? All participants are very tired. Yersterday was to busy : Outdoor Activity, Very big dinner !!!!!!!!!!!!! OUAOOOOOOOOOOOOOOOOOO
The agenda today is made of mesh networks, security and lab session. The characteristic is that sll lectures were presented by Rob Flickenger
[edit] - MORNING -
[edit] 9:00 - Lecture on "Mesh Networking" by R.Flickenger
This day started with very interesting talk Mesh Networking with OLSR? A mesh network is a network (of course!!!) Rob talk about the Mesh Algorithms like :
AODV Ad'hoc On-demand Distance Vector
HSLS (Hasy Sighted Link State) whish the most popular implementation of HSLS is CUWIN. we can see information on CUWIN here : http://www.cuwireless.net/
SrcRR : High - Throughput Routing Protocol for 802.11 Mesh Networks. SrcRR is a combination of DSR and ETX implementrd by M.I.T. Roofnet project. More information : http://pdos.csail.mit.edu/roofnet/design/
802.11s Amendmend to IEEE 802.11 integrates mesh networking at the MAC layer to make small mesh Networking
and
OLSR Optimized Link State Routing defined by RFC 3626. olsr.org implementation of OLSR
He presented how to implement a network using OLSR to make routing decisions, and a little HOWTO for the network topology visualization plugin olsrd_dot_draw
[edit] - 10:30 - Lecture on "WiFi Security" R.Flickenger
After Coffee Break he talk about WiFi Security. You need to secure your Wireless Networks because Wireless is a shared medium, attackers are relatively anonymous, end users are poorly educated, denial-of-service is very simple, automated malicious attacks are increasingly complex and tmools are freely available. You can have two types of intrusion
INTRUSION | |
Don't worry!!!. This problem have solution. you can protect your wireless network by turning off beacons, by applying a MAC filter to an AP to control which devices may be permitted to connect, by using a WEP (Wired Equivalent Privacy) encryption that provides encryption at layer two, by using WPA (Wi-Fi Protected Access) encryption the future and standard for protected Wi-Fi access, by using good end-to-end security softwares such as SSH (Secure Shell), SSL (Secure Socket Layer), IPSEC (Internet Protocol Security), OPENVPN (Open Virtual Private Network), PPTP (Point to Point Tuneling Protocol).
We are hundreds of free tools that will show you lots of information about your network such as : Network ESSID scanners Wireless protocol analyzers Port scanners / penetration testing tools Packet sniffers Packet creation tools Encryption crackers
At the End if you use the proper tools, you can see precisely what is happening on your network.
[edit] - AFTERNOON -
After lunch we continued the presentation on Wireless Security.
At the end the participants choose to start the lab with the Mesh practice
[edit] 15:30 - LAB : Exercises on Mesh Networking
Here is step by step:
Take a stock WRT54G, connect to it via the web interface. Upload the freifunk firmware. It will reboot, then you can connect to it on the same address: 192.168.1.1. You will do this for all of your WRT54Gs (if you only have one or none, for that matter, you can still build a mesh network with a PC running the OLSR.org software).
Next we configured the boxes to have sane IP addresses, to offer separate blocks of IP addresses to clients, and to maximize the distances they cover. Here are the settings. I copied most of the plan from Florian’s topology diagram. Here are the changes I made from the default settings:
Wireless
WLAN Protocol: Static
IP Address: 10.3.2.1
Netmask: 255.0.0.0
WLAN Mode: Ad Hoc
ESSID:ictp
LAN LAN Protocol: Static LAN IP:192.168.11.1 Netmask: 255.255.255.0 Disable Firewall: Checked
WAN WAN Protocol: DHCP Hostname: group1a
Configuration | ||
The second and third boxes were similar. Differences for the second box:
Wireless IP Address: 10.x.y.z
LAN LAN IP:192.168.Q.A
WAN Hostname: whatever
Once that is done you can power up all of your WRT54Gs. If you have an internet connection from a DSL modem, or a shared internet connection then plug that into the internet port of one of the WRT54Gs. The mesh will then calculate all of the optimum routes to one another, including routes to the closest internet connection. Now connect your clients to them with either an ethernet cable or with a wireless connection. Finished!
If you want to advertise your internal network you have to fist disable nat ( on Admin: Lan) and second (Admin: OLSR) put your network in HNA4: (for us was 192.168.11.0/24)
Configuration | |||
[edit] - Photos of Lab -
Configuration | |||