Hello Everyone,

What prevents a technically competent non-ham from loading a used Linksys router and joining a local BBHN mesh?

As I understand it, the NW-MESH community uses a distributed credential to digitally sign the routing table, thus constraining network access.  [The adequacy of this is another topic...]

Is there something built in to BBHN that addresses this topic?

If this has been discussed elsewhere, please point me in the right direction.

Bob

KO2F

for the NW-Mesh group I believe you are referring to the OLSRD Secure Module

We actually used this module in versions prior to 1.0.0.

See BBHN->ticket:37 for more details on it being restored back in the next release of BBHN.

If you use the normal default code, than any person can join the network if they have a default build.  The advantage in this case of the code existing is you can at least argue at that point that you took measures to protect your node from speaking to non hams.

If you decide to change the code for a region to take more control than the nodes will become more like a 'closed repeater' where everyone has to have the same code (just like on voice you have to have the correct PL tone)

It doesn't fully secure a node in itself but it does provide some (in my opinion) basis to argue that the node was attempting to not be accessible to non-hams.

When the does don't match a node just throws away the packet without responding to it.

There are still some openings, but the attack surface does get decreased.

You may also want to read:

www.broadband-hamnet.org/hsmm-mesh-forums/view-postlist/forum-1-general/topic-809-what-if-anything-keeps-the-bad-guys-out.html

And as i said once in the past (I believe in that same topic ) "the more people who speak up on about access control features the more likely it is to be worked on sooner"

I personally would like to see OLSRD Secure Module  as an available BBHN option.  Preferably with an interface that would allow the node owner to easily upload the key file.

I know the next firmware release will be rolling out soon.  If someone in the know could comment as to whether or not this will be in the mix, the data point would be appreciated.

Bob, KO2F

At the moment, the version that went out to beta does not expose the setting via the user interface.

The key will be able to be changed by either ssh or telnet into the node and editing a file, or by using a SCP client to copy the file that has the key into place.

Can you please elaborate as to what you would be looking for in "basic security is needed." ?

Basic can have many different opinions (such as changing the olsrd code as noted above) or any other number of items so if you could provide a bit more details it would be appreciated.

Don't really want to bring up an old thread, but it is the most relevant to my concerns. I have 2-3 nodes up here in the center of town. My neighborhood can only be described as "crackwhore infested". My building has already had trouble with our WLAN because of the neighbors. I secured it with an 8 character WPA2, they cracked it. When I locked down the MAC's, they spoofed it. I increased the password and they haven't come back. My question is, what's to keep them from going after my meshes?

Something as simple as a password for Las Vegas mesh nodes that only the hams know would be great.

Or disabling SSID. the nodes would still be able to connect, but I would be "invisible"

I need to be invisible in this neighborhood.

Yes Vegas, wonderful town, never turn on your computer when near the Defcon convention, bad things may happen.

The feature to add a code was added in version 1.1.0, however on tracking down the stability problems of 1.1.x  the Secure module was found to have numerous code problems that increased the level of instability in the release and had to be pulled for further testing. It has been retasked to be dug into in the future.

You can't disable SSID in an AdHoc network as it's needed to know that devices exist and associate (not to mention hidden SSID doesn't really hide anything.