Well, that is always an option. 

I tend to prefer to find balance, a method that allows an acceptable level of risk to reward.

No computer based system will ever be 100% secure, the only way to do that is as you mention to unplug.  One does need to understand the risks involved to judge for themselves the risk/reward.

The point to be made though is a BBHN network is much more complex in a computer security nature than most other protocols are.  The next closest protocol is Packet with an IP stack but that never really took off so much of the ham radio security side was never developed, after that Packet with a BBS(Winlink over  falls into this category as well)   Much less flexible, limited risk vectors compared to WIFI.

"1. Few hams even know this technology exists let alone non hams."

I would be less worried about the hams,  worry about the 13-16 year old down the block who enjoys a computer networking challenge (I've been there, done that myself -- I was almost running the networks for the local school district back when I was a student (Elementary through High School) as I was often the go-to student who could point out the issue.

Also with beacons up to 10x a second with the default SSID your not exactly hidden either.

"2. The use of directional antennas that are horizontally polarized greatly reduces how many people are even in range of a node."

That is not really security, but yes it will reduce the number of people whom can directly get to a node, however all you need to do is get to ANY node and your on the entire network and maybe make it more likely that your actions will be seen.

"3. Nodes do have custom passwords for changing the settings so at least control of the node is protected."

This is true, so long as you don't log in over WIFI (no encryption)  it protects the node from being taken over until the password is found (brute force attack -- nothing is built in to lock users out on repeat incorrect passwords.) Worse yet, once the GUI password is found it is also the ROOT password for the node itself letting an attacker install anything they want.

"4. Each node lists all nodes it is connected to or has been connected to. This list contains call signs. A quick search online will tell you if the callsign is real or not. If not then alert your local ham clubs that you need help tracking down someone who is illegally operating."

So you know you have a bad egg but you can't do anything to stop them. IF its a bogus callsign you still have to track them down,  this wont be easy or fun.  Point 2 comes back to haunt you now,  now you have to be IN THE PATH of the signal,  you can get a good idea of where it is with some highly directional antennas but than you still have to get there and get close (as you will be relying on non beam path signal to guide you)  The node in question would also need to still be online while searching.

"5. Various devices that you would connect to a node such as a computer, regular wifi hotspot, file servers, webcams, and other devices have their own configuration software that typically allows the use of a password to protect access to that device."

Well that will keep them off the device (again pay attention to passwords, if your in an area that allows encryption than they are fairly safe, if no encryption is allowed than the passwords may be sent every time you log into the device) 

We are talking about computers which are known for security vulnerabilities however no matter what so we can't guarantee this will stop an attacker.   Even if it does, you still have the issue of all other nodes helping in distributing traffic.

Background:

My day job has me titled as a Sr. Systems Enginer -- I deal with consulting on and deploying security solutions from the desktop up to the infrastructure layer

I have a setup question for the community.  What I'm trying to end up with is a MESH network for two SAR communication trucks that the wired and wireless devices on the network are on the same IP network so I can print to either trucks printers.

Currently I setup a MESH node and linked a standard Linksys AP in each truck but this setup would require additional manual routing for them to work.

Please let me know if there is a solution to my needs.

Thank you,

Ryan Kelley

Hi Andy,

I agree that we should be concerned with malicious access to our nodes. However I believe there are several factors that greatly reduce the likelihood of this occurring.

1. Few hams even know this technology exists let alone non hams.
2. The use of directional antennas that are horizontally polarized greatly reduces how many people are even in range of a node.
3. Nodes do have custom passwords for changing the settings so at least control of the node is protected.
4. Each node lists all nodes it is connected to or has been connected to. This list contains call signs. A quick search online will tell you if the callsign is real or not. If not then alert your local ham clubs that you need help tracking down someone who is illegally operating.
5. Various devices that you would connect to a node such as a computer, regular wifi hotspot, file servers, webcams, and other devices have their own configuration software that typically allows the use of a password to protect access to that device.

Short Answer: Absolutely Nothing

BBHN nodes are basically the same as an open voice repeater with no PL tone set.

Now the setup is a bit more complicated than just connecting to the SSID, you would need to run a few additional programs to actually transmit data over the network.

The default deployment keeps random devices from doing too much (except sending “HEY IM HERE” ) but does nothing to stop a rouge BBHN device from connecting or a rouge person whom has the skill to understand just what they are looking at.

Has core looked into any method to solve this: I don't know to be honest.

Have I looked into ways to solve this: Yes, but none of them are that great unless it makes it into a core build they all honestly need some work before I blurt them out (need a lot more testing and thought)

I haven't seen that many people ask this question (which I believe is a good question). I would say the more people speak up and specify it as something they need to be able to deploy the more likely it would be to land on a desk and be looked at

Hi All,

I'm new to BBHN, and I've set up a toy network with three nodes.  So far, I am very impressed.  I'm looking to get our local club (W1EE, Stamford Amateur Radio Association) working with this technology.

One thing that concerns me about a wide-area deployment in a populated region is the potential for interference.  If I understand correctly, the only thing that one needs to join a BBHN mesh is the SSID of that mesh, which is standardized and broadcast.  This means that a curious person, be they well-intentioned or malicious, could with a little effort join a mesh and cause a variety of problems.  I understand that the whole point of BBHN is to make it easy for nodes to connect, but human nature being what it is, there is potential for disruption.

Am I correct? And if so, has any thought been given to how to exclude malicious nodes?

73,

Andy, N2CN

MESH Alive and Well in Frederick.

At least two Ops with multiply nodes.

Thank you Mike!  There are a couple other devices being updated soon, so I'll wait to update the chart until then.

We appreciate the help.

73,

Andre, K6AH

Hope this helps 73 de mike

XM.v5.3# cat /etc/board.info

board.sysid=0xe232

board.name=NanoBridge M2

board.shortname=NB2

board.subtype=

board.hwaddr=00272230AD07

board.reboot=30

board.upgrade=150

board.phycount=1

radio.1.name=

radio.1.shortname=

radio.1.bus=pci

radio.1.subsystemid=0xe232

radio.1.subvendorid=0x0777

radio.1.txpower.max=23

radio.1.txpower.offset=2

radio.1.antennas=1

radio.1.def_antenna=4

radio.1.antenna.1.id=4

radio.1.antenna.1.name=Combined

radio.1.antenna.1.gain=18

XM.v5.3#

   My wrt54l is now in unknown state. No dhcp from the router, default router ip are not there.

I am unable to connect to the router. Arp shows no broadcast from the router. I hope I am not hose.

I  have installed bbhn 1.0.0

  Thanks you.

   My wrt54l is now in unknown state. No dhcp from the router, default router ip are not there.

I am unable to connect to the router. Arp shows no broadcast from the router. I hope I am not hose.

I  have installed bbhn 1.0.0

  Thanks you.

That would be great Remi.  Wow, first I've encountered the NanoBeam.  What a cool product.

Thanks for your help!

Andre, K6AH

I have had a similar experience, except i originally lost ethernet, but after configuring the 1.0 firmware (just setting call sign and password) i lost wireless as well. Any help would be greatly appreciated.

The Ubiquiti version uses a newer core operating system (openwrt  10.03.1). Compared to Linksys (using  7.09). For better hardware and software support.  This means some files are changed in how they are handled around setting configurations.

To set the time zone for a node edit /etc/config/system under system add timezone per

http://wiki.openwrt.org/doc/uci/system. (Pay close attention to the TZ value   per the table )

you may need to put that in /etc/config.mesh/system as well so it isn't overwritten on a config save.

As for a GUI timezone setting this is the first I've heard of it do I can't really comment  to that.