If anyone can advise what the security implications are of implementing an ad-hoc (IBSS) WLAN over a WLAN using AP's, it would be appreciated. Can you still configure MAC access lists and WEP without an AP? I've tried finding info on the subject already, however when ever you search for this type of info is says "Blah blah WEP, blah blah Security, blah blah and it does ad-hoc", but nothing specific on the info I'm after. My largest concern is preventing access to the WLAN as opposed to protecting data.

--
Cheers,
Peter
peter@rtfm.co.nz

Repete,

Ad-Hoc mode, AFAIK, implies by definition that no more than two nodes at a time can connect to one another. They also require that the two devices know each other's ipaddress, and I also don't believe that any information is broadcasted by either of the computers in ad-hoc mode. It is exactly those three features that make it easy for any one to find a Wi-Fi AP, but it will make it more difficult (although not impossible) to implement via ad-hoc.

HTH
--Yonah

Thanks for the follow-up yonah. However I've found heaps of info that would seem to indicate that ad-hoc supports more than just two peer connections. An example can be found at:

http://www.homenethelp.com/web/howto/windows-xp-bridge-setup.asp

...as you'll notice they have three WLAN adaptors in ad-hoc mode, and other documentation I have read has not mentioned this limitation.

Cheers,
Peter

I'm not sure if I understand exactly what you're looking for, but maybe a tutorial on ad hoc mode I recently wrote might help. You can view the tutorial at http://www.80211-planet.com/tutorials/article/0,4000,10724_1451421,00.html

Thanks for that Jim. It was a good read to fill in a couple of holes, and you might what to add a section regarding "security implications/considerations" if you can.

What I'm trying to achieve is the following:

I have a wired LAN. In one of the workstations I am going to fit a USB WLAN adaptor and use Windows XP's network bridging to supply access to the wired network to wireless clients. I want to prevent access to the wired and wireless networks to casual, unauthorised wireless users. I don't want them getting a leased IP address, I don't want them to be able to browse the infrastructure. I don't care if they can tell there is a WLAN active. I just don't want them to know anything more that that.

I was fairly happy with a MAC access list (Which I am unsure if this is possible in ad-hoc mode) as if someone is happy to spoof a MAC address then they are going to a lot of trouble, but then I wanted WEP on top of that. Even if someone goes to the trouble to spoof a MAC and crack WEP, then they really want to get in (Unlikely in the case of this network). As I say. This query stems from a desire to prevent casual access to the network.

Cheers,
Peter Hamilton
peter@rtfm.co.nz

There is a client to client solution for you. Email me at joe@ab2m.net so that mentioning it here will not be construed as advertising.