Hi!
Mesh networks and open source routing protocols we are using in general
have a lousy security properties because at least until know development
was mostly concentrated on getting routing itself to work properly (no
loops and so on) in a all the time changing wireless networks with
packet losses, where anybody can join in and add their own routing
device. In comparison, Internet itself has very similar bad security
properties, but there not everybody can deploy a BGP router. In mesh
networks, people can deploy an equivalent to the BGP router. Which is
what we want.
Cjdns is trying to address some of this issues:
https://en.wikipedia.org/wiki/Cjdns
But from what I understand it is more of a Internet overlay network, so
using VPN tunnels, and not really for wireless mesh networks. It can
work in wireless mesh as it is transport agnostic, but I am a bit
skeptical about performances there. Which is probably reasonable,
because it is a trade-off between security and usability. Still, the
security and privacy of end-users (those connecting through APs) is
another question.
There were some other proposals made in time, but at general you have
always the same issue: if you allow untrusted (in security sense of
trusted) devices to route in your network, you have a hard problem. A
problem which is scope of much scholarly research and publications.
Mitar
On Wed, Nov 20, 2013 at 10:50 PM, Mitar
<mitar(a)tnode.com> wrote:
I would be more interested in what happens to the
arp table. Does it grow?
It appears to be staying up-to-date. At this very moment there are 5
obsolete dhcp leases hanging around, but none shows up in
/proc/net/arp
After a week of this, I'm wondering if it's better to dissociate this
stuff entirely from the network logic. Maybe all interfaces should
just be randomized at boot time and/or every 24 hours, no matter what
the network is doing. Seems a lot less complicated.
I'm also now skeptical that a malicious network couldn't work around
any of these tricks as long as you remain in their range. If one
device appears as soon as the other leaves, at the same location, they
can make a good guess that it's still you.
_______________________________________________
mesh mailing list
mesh(a)lists.sudoroom.org
http://lists.sudoroom.org/listinfo/mesh
--
http://mitar.tnode.com/
https://twitter.com/mitar_m