Gaming adapter as access point

In connecting to open freely provided 3rd-party APs, all within range, These questions assume no local wireless network, only wireless to ethernet connection to more than one computer.

Is there any difference between a client bridge, a gaming adapter and a router that works in client mode? I have seen adapters advertised under all three terms that allow multiple ethernet connections to several devices at once.

If so what is the difference? Which alone or in combination gives the best security from incoming hacking attempts and access to local hard drives? Or is the terminology so loose that you never know what you're getting until you buy and try?

Can a software firewall be used with a client gaming adapter or client bridge to provide as good of security as a router in client mode? Since testing often involves shutting down the firewall, how are rulesets generally written to provide quick security in the initial setup?

Reply to
steve317jones
Loading thread data ...

snipped-for-privacy@airpost.net hath wroth:

Ok, you're hacking into the neighbors wi-fi access point or mooching off the local coffee shop wireless. Got it.

Ok, one wireless client adapter and multiple computers. Note that not all wireless client adapters and game adapters will do this. Also note that your Subject line is wrong. Your game adapter is NOT being used as an access point. The game adapter is connecting to an access point.

See the FAQ at: |

formatting link
term "bridge" has been severly mis-used and abused. There is no specific term for a "wireless client adapter bridge that will only bridge one MAC address" versus a "wireless client adapter bridge that will bridge more than one MAC address". Whew.

Can I pass? I'm not 100% I understand the difference and really don't wanna dive into the protocols tonite.

There's no connection between security and the type of adapter or bridge. It's the encryption level that offers security. WPA-PSK with a long key is good enough for home use. If you're running a corporate LAN, WPA-RADIUS is better. If you're really paranoid, an IPSec VPN is the best.

Yep. The current trend is to disclose as few techy details as possible to prevent confusing the customer and insuring a satisfactory out of box experience. Be sure to thank the marketing department for the insipid data sheets and product description.

Again, no amount of firewalling is going to keep some wireless hacker off your LAN unless you have decent encryption. Well, you can run a VPN and also run an open unencrypted system and be quite safe. Routers do not have a "client mode". I thought you didn't want to install a router between your multiple computers and your wireless game adapter client whatever bridge. Also, routers don't have a client mode.

Are you perhaps worried that someone is going to attack your unprotected home computers via your wireless game adapter? That's not going to happen unless you accidently setup an ad-hoc wireless network. You can be attacked from the LAN side of whatever hot spot you're connecting to, but not directly.

Dunno. I usually don't write rulesets unless it's a Cisco router. Were you planning to buy a Cisco router? There are plenty of example IOS configs on the internet for every ocassion.

Methinks you would be better served if you use your wireless game adapter in client mode to connect to whatever you're connecting to, and then install a common ethernet router between the wireless client adapter and your computers. That will provide NAT for distributing multiple IP's, and firewall protection.

Reply to
Jeff Liebermann

Only partly right, main AP will be a free taxpayer paid for AP.

formatting link
The term "bridge" has been severly mis-used and abused. There is no

I've already read it all, and there seems to be alot of confusion. Main thing is as you said below, they don't tell you up front. Guess we need a new standards board to enforce some standards?

If so what is the difference?

Sure I was just wondering if there's anyway to tell before you buy what the box does; I guess there isn't.

One of the APs used will be unencrypted, so thinking of using Tor or have to study VPN (sheesh, got enough to do already).

I thought some routers could act as both APs and routers simultaneously? How hard is it to set up VPN? Briefly, what's involved?

I meant how can someone running the "hotspot" I am connecting to use it to get to my hard drive (assuming file sharing is off) or download a virus, malware on my machines? And will it be sufficient to use a good software firewall to prevent this, or MUST I get a router in addition?

Very funny. Wouldn't be here if I was planning on a Cisco router most likely.

How about a brand/model recommendation for the router to work in connection with a Buffalo gamer/AP/bridge device?

Reply to
steve317jones

Only partly right, main AP will be a free taxpayer paid for AP.

formatting link
The term "bridge" has been severly mis-used and abused. There is no

I've already read it all, and there seems to be alot of confusion. Main thing is as you said below, they don't tell you up front. Guess we need a new standards board to enforce some standards?

If so what is the difference?

Sure I was just wondering if there's anyway to tell before you buy what the box does; I guess there isn't.

One of the APs used will be unencrypted, so thinking of using Tor or have to study VPN (sheesh, got enough to do already).

I thought some routers could act as both APs and routers simultaneously? How hard is it to set up VPN? Briefly, what's involved?

I meant how can someone running the "hotspot" I am connecting to use it to get to my hard drive (assuming file sharing is off) or download a virus, malware on my machines? And will it be sufficient to use a good software firewall to prevent this, or MUST I get a router in addition?

Very funny. Wouldn't be here if I was planning on a Cisco router most likely.

How about a brand/model recommendation for the router to work in connection with a Buffalo gamer/AP/bridge device?

Reply to
steve317jones

Hint. It's not free if your taxes are paying for it. Ask yourself how many small WISP (wireless ISP) vendors would be in business if they didn't have to compete with the local government.

That's why I wrote it. I'm not absolutely sure that I got it perfect. I'm constantly seeing new abuse of the term "bridge". The point to remember is that *ALL* 802.11 wireless is bridging.

Right. The radio standards enforcement squad. Swoops down on unsuspecting marketing departments and fines them for metaphor abuse and engaging in technobabble. The public must be protected from such obvious evil. Maybe have wireless considered to be a drug and have the FDA do the enforcement.

I can't tell except from experience. I know that the following will do more than one MAC address: Linksys WET11, WET54G Linksys WRT54G/GS with DD-WRT firmware in client mode. I'll have a list at home of those that will only do one MAC address. Later (if I find it).

Either will work. When using a public wireless system, you have to bring your own encryption and encapsulation. From the FAQ, list of VPN service providers: |

formatting link

Yes, but only for incoming connection. In these routers, the wireless part is just another (bridged) port on the LAN side. There are few sold that will act as a wireless client on the WAN side, and then act as a router on the LAN side. There are a few that will do this such as a modified version of the Lucent AP1000 firmware. Some of the WISP providers have such clients. However, the bulk of the commodity hardware cannot move the wireless to the WAN side of the router.

You could roll your own using a Linux based router, where a client mode adapter can be easily simulated. I don't have any handy links but can find some if you want to go this route. It's not too horrible. The hardware is usually based on either an old PC motherboard, or a dedicated SBC such as:

formatting link
formatting link

It varies from trivial to the configuration nightmare from hell. The thing to remember about VPN's is that they have to terminate somewhere. It can be terminated in the wireless router, in an ISP's server farm, or in the destination's router or server. The basic types are SSL/TLS, PPTP, and IPSec. SSL/TLS aren't really a true tunnel, but they provide similar functions by encrypting all the traffic. These are usually terminated in web servers. PPTP is Microsoft's simplistic VPN. These are terminated in NT4 and W2K servers, as well as dedicated router. My WRT54G with DD-WRT is sometimes running a PPTP VPN between my house and office. I can see all the computahs from both ends. IPSec is the most secure, but also the most complex. Lots of layers of encryption, authorization, and authentication. Not too horrible once you've done it a few times, but a real pain the first time.

Light reading:

formatting link
the links.

If you have a firewall between your client adapter and your computers, they will not be able to go backwards, through the router, into your system. If you have a mess of redirected IP ports (i.e. holes) in your firewall, it's possible.

Most municipal LAN's have a feature called "client isolation" (which is often misnamed "AP isolation"). It prevents one wireless client from bridging to another wireless client. All traffic goes to the access point and then to the internet.

If your municipal LAN assigns your client radio a routeable IP address, it is also possible to be attacked from the internet. For such an arrangement, you must get something to protect your machines.

If your municipal LAN assigns your client radio a non-routeable IP address (10.xxx.xxx.xxx, 192.168.xxx.xxx, etc) IP address, then you're relying on their router to protect you from access via the internet. Since most such municipal router are intentionally porous so that peer to peer applications function, you'll still need to get something to protect your machines. Such protection can be personal software firewalls, but I suggest a hardware router as generally more effective.

The real danger is sniffing. With a wide open access point and zero encryption, someone can sniff your traffic and extract all kinds of good info. That's where the VPN comes in. Some ISP's supply VPN client and terminations such as:

formatting link
clue what your municipal wireless provider offers. In any case, these will protect against hijacking the connection, sniffing, and attacking your client computers directly.

Well, you can write your own iptables rules for the Linux based wireless routers. I would dump the config from my WRT54G with DD-WRT but it's a bit long. The nice thing about using Linux is that like Cisco IOS, there's plenty to copy from. There are also rule set generators available. Methinks for what you're doing, a seperate wireless client bridge radio (i.e. access point in client mode), and a seperate ethernet router that's fairly configurable would be best. I'm not sure what to recommend. Used Cisco 25xx and 26xx series isn't all that overpriced. (I just hate the fan noise).

Later... customers cometh

Reply to
Jeff Liebermann

Strangely, I've had some limited success with reporting non-compliance of newly minted products to the WiFi.org folks, when the product in question (for instance) doesn't support WPA. Since that's a requirement for WiFi certification, they coughed up the new firmware in short order. 8*)

Reply to
William P.N. Smith

Jeff Liebermann wrote in news: snipped-for-privacy@4ax.com:

Which few?

Reply to
yomama

StarOS:

formatting link
two CPE client radios will do NAT which allows connecting more than one computah to the client radio.

There's also Karlnet firmware that runs on an Orinoco AP-1000 which turns it into a client radio with NAT. I had a few of these deployed several years ago. $50 for the Karlnet license. The URL requires CISPA member login. Sorry.

There are also custom Mikrotik RouterOS client radios with built in router features:

formatting link
formatting link
There are similar radio/router combinations put together by various WISP vendors for their clients.

A Linux based SBC (single board computah) can be convinced to include a wireless client and also run a router. Actually, the hard part is using the wireless card as an access point (using HostAP), while using it as a client radio is fairly easy. I'll look for a link or instructions later. (I seem to be having problems finding the right combination of Google search terms).

Reply to
Jeff Liebermann

reply inline:

Jeff Liebermann wrote in news: snipped-for-privacy@4ax.com:

Thanks, but will not order from a company that does not accept ANY returns.

It's ok, never would pay a licensing fee.

Order only 10 at a time? Surely, they jest? (no wonder so many companies go belly up)

Another project entirely for me.

Reply to
yomama

Jeff Liebermann promises, promises:>

Or recommendation for ANY ethernet router (w/firewall) available at bestbuy, compusa, officedepot, or officemax for under $100 that has a good track record and will work with Buffalo Gamer AP? Thanks for your help.

Reply to
steve317jones

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.