diff options
| author | Reyk Floeter <reyk@cvs.openbsd.org> | 2005-09-29 23:24:57 +0000 |
|---|---|---|
| committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2005-09-29 23:24:57 +0000 |
| commit | a6d93171107741d568c10c46a24976c7a904bc17 (patch) | |
| tree | 778a96dd9db5eaa227fb210ea114877a8bb9797f /etc/hostapd.conf | |
| parent | 1ee15299323f55297826d3a16f09b8905af92e29 (diff) | |
some examples with descriptions for hostapd.conf
"inspired" by deraadt@
Diffstat (limited to 'etc/hostapd.conf')
| -rw-r--r-- | etc/hostapd.conf | 75 |
1 files changed, 74 insertions, 1 deletions
diff --git a/etc/hostapd.conf b/etc/hostapd.conf index df3e3b0c4fd..facb834e656 100644 --- a/etc/hostapd.conf +++ b/etc/hostapd.conf @@ -1 +1,74 @@ -reyk is a lazy slacker +# $OpenBSD: hostapd.conf,v 1.5 2005/09/29 23:24:56 reyk Exp $ +# sample hostapd configuration file +# see hostapd.conf(5) + +# "wavelan is a battle field" + +# +# Macros +# + +# Define macros for the interfaces to be used by hostapd. The "wlan" +# interface is optional. +wlan="ath0" +wired="sis0" + +# +# Tables +# + +# Define the MAC addresses (BSSIDs) for your accesspoints in a table. +table <myess> { + 00:90:4b:0d:fd:c8, + 00:02:6f:21:ea:8b +} + +# Address masks are providing a simple way to match by MAC vendor ID. +# +# table <senao> { 00:02:6f:ff:ff:ff & ff:ff:ff:00:00:00 } + +# +# Global options +# + +# Uncomment this option to run hostapd in passive IAPP monitoring mode. +set hostap interface $wlan + +# Should be the default, the opposite is "pcap" without radiotap headers. +set hostap mode radiotap + +# According to the revised standard, multicast is used. hostapd supports +# broadcast for IAPP messages as well. +set iapp interface $wired +set iapp mode multicast + +# +# Event rules +# + +# Log probe requests +hostap handle type management subtype probe request \ + with iapp type radiotap + +# Log and annoy foreign accesspoints +# +# This will be logged as well but the important thing is to +# annoy other accesspoints in your wireless territory. +hostap handle type data bssid !<myess> \ + with frame type management subtype deauth reason auth expire \ + from &bssid to ff:ff:ff:ff:ff:ff bssid &bssid + +# The first deauth example will not work with some newer stuff, like +# iwi(4)/ipw(4) "centrino", because they ignore management frames to +# the broadcast address as a countermeasure against the "void11" +# attack. +# +# hostap handle type data bssid !<myess> \ +# with frame type management subtype deauth reason auth expire \ +# from &bssid to &from bssid &bssid + +# Finally log any rogue accesspoints limited to every second. +# The skip keywords instructs hostapd to ignore further IAPP +# processing. +hostap handle skip type management subtype beacon bssid !<myess> \ + with iapp type radiotap limit 1 sec |