Creating an open, public WLAN?

[FOBSIDE]

I was thinking about creating a WLAN that is open for public access, but I want to somehow log individuals connected and their activity. That means I want to have the MAC address of every wireless device that connects to the WLAN. Does anyone know a way to do this? What would the costs be for hardware/software to do something like this? I want this to be a free service, so if costs could be kept to a minimum, that would be great.

I don't know if this next request is possible, but when users connect to the WLAN, can I give them a popup or notice of some sort, letting them know they are connected to my WLAN and a simple message possibly?

 

[n0cmonkey]

arpwatch

Filter them through a proxy, and have it automatically bring up a big brother page. I personally think you're just asking for trouble though

 

[AFB]

Originally posted by: n0cmonkey
arpwatch

Filter them through a proxy, and have it automatically bring up a big brother page. I personally think you're just asking for trouble though

I agree, without a proxy and filtering,your just asking for people to look at child pr0n and such.You will be the one to get in trouble for it.

 

[FOBSIDE]

Right. That is what I am concerned about. What they do while they are on the Internet will be my responsibility. I'll look into it more. Any other suggestions would be greatly appreciated.

 

[gunrunnerjohn]

I don't think it's that clearcut that you are responsible for what people view on a public link. Everyone has an ISP, and they don't get prosecuted for computer crimes committed using their service. Does the telephone company get prosecuted because a mob hit was ordered by phone?

 

[FOBSIDE]

Good point. I will check with the ISP on this one, but I'd still like to prevent stuff like that. Maybe I wouldn't necessarily prevent it, but I would let them know "I'm watching," so it would inhibit them from doing it.

 

[loup garou]

D-Link (surprisingly) makes a great public hotspot gateway that has configurable filters, etc. It's reasonably priced as well.

 

[n0cmonkey]

arpwatch, snort, squid should all be helpful.

 

[FOBSIDE]

Do you know if there are any wireless access points that I can load those onto or am I going to need a whole separate computer for this stuff? I was considering just using a tower as the access point, but that is a little high on the price.

 

[raftman]

sorry i can't help - but i have a question. so even if you log the MAC address of devices connecting to your lan, how can that ultimately help you find the individual? sure, you can identify who made their network/wireless card... but that's all right?

 

[n0cmonkey]

Originally posted by: FOBSIDE
Do you know if there are any wireless access points that I can load those onto or am I going to need a whole separate computer for this stuff? I was considering just using a tower as the access point, but that is a little high on the price.

I use a home made access point. I don't know if the junk at best buy will let you do anything fun at all.

 

[n0cmonkey]

Originally posted by: raftman
sorry i can't help - but i have a question. so even if you log the MAC address of devices connecting to your lan, how can that ultimately help you find the individual? sure, you can identify who made their network/wireless card... but that's all right?

Changing a MAC address is easy enough that the information would be next to worthless.

 

[zetter]

Originally posted by: n0cmonkey

Originally posted by: raftman
sorry i can't help - but i have a question. so even if you log the MAC address of devices connecting to your lan, how can that ultimately help you find the individual? sure, you can identify who made their network/wireless card... but that's all right?

Changing a MAC address is easy enough that the information would be next to worthless.

You could possibly alleviate this problem by requring your users to register their MAC addresses with you before allowing them to use your network and only allowing registered MAC addresses to use your WLAN, thus, you'd know who each MAC belonged to and stop people from using fake/changed MAC addresses.

 

[n0cmonkey]

Originally posted by: zetter

Originally posted by: n0cmonkey

Originally posted by: raftman
sorry i can't help - but i have a question. so even if you log the MAC address of devices connecting to your lan, how can that ultimately help you find the individual? sure, you can identify who made their network/wireless card... but that's all right?

Changing a MAC address is easy enough that the information would be next to worthless.

You could possibly alleviate this problem by requring your users to register their MAC addresses with you before allowing them to use your network and only allowing registered MAC addresses to use your WLAN, thus, you'd know who each MAC belonged to and stop people from using fake/changed MAC addresses.

Unless they fake a registered MAC address.

 

[anandfan]

What a coincidence! I came here tonight to ask about doing almost the same thing, but I won't hijack your thread. Are you going to allow users to access the internet through your LAN?

 

[FOBSIDE]

That was the plan. I was hoping to provide others with access to the Internet through my LAN.

 

[DrVos]

Most intriguing! I am looking into trying to accomplish something very similar. A cafe that I am working with is looking for a way to provide free wireless access to customers (and hopefully woo some business from a nearby Starbucks). I was thinking that we could provide memberships (free/with coffee/etc) use some sort of MAC filtering. MAC filtering w/ disabled SSID broadcast seems like the least intrusive way of having (some) control over who can access the connection.

My concerns are controlling what content the users are accessing and protecting our LAN. Would the best course be to have two IP's split at a switch and behind their own firewalls?

 

[AFB]

My concerns are controlling what content the users are accessing and protecting our LAN. Would the best course be to have two IP's split at a switch and behind their own firewalls?

Yes, or a VLAN solution.

 

[spidey07]

.

 

i thought that with the new law (patriot act or some other one enacted with it) If any illegal stuff done on a completely insecure connection, the person who owns the connection is at fault. Along the same lines, I think you have to keep a log of like everything that happens for like 6 months or more. Something like that.

 

[xenocyd3]

do you have to have the program installed on a computer with a wireless card? can i install it on a computer with no wireless access?

 

[HKSturboKID]

Originally posted by: gunrunnerjohn
I don't think it's that clearcut that you are responsible for what people view on a public link. Everyone has an ISP, and they don't get prosecuted for computer crimes committed using their service. Does the telephone company get prosecuted because a mob hit was ordered by phone?

Don't tell that to the people that pass the Digital Music Act (or whatever they call it). All they did was to see what IP downloaded a lot of music and prosecute them regardless of who is behind the line. If you are the name on the bill then you are busted.