blob: 771e6ea01b17a9aeb2e202b316340bbe310b9244 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
# $OpenBSD: hostapd.conf,v 1.10 2006/12/31 03:29:19 reyk Exp $
# sample hostapd configuration file
# see hostapd.conf(5)
# "wavelan is a battle field"
#
# Macros
#
# Define macros for the interfaces to be used by hostapd. The "wlan"
# interface is optional.
wlan="ath0"
wired="sis0"
#
# Tables
#
# Define the MAC addresses (BSSIDs) for your accesspoints in a table.
table <myess> {
00:90:4b:0d:fd:c8,
00:02:6f:21:ea:8b
}
# Address masks are providing a simple way to match by MAC vendor ID.
#
# table <senao> { 00:02:6f:ff:ff:ff & ff:ff:ff:00:00:00 }
#
# Global options
#
# Comment this option to run hostapd in passive IAPP logging mode.
set hostap interface $wlan
# Use default radiotap mode.
set hostap mode radiotap
# Uncomment these options to jump to the next channel every 2 seconds.
#set hostap hopper interface $wlan
#set hostap hopper delay 2000
# Use multicast (according to the revised standard).
set iapp interface $wired
set iapp mode multicast
# The following mode is compatible to some pre-standard IAPP implementations
#set iapp mode broadcast port 2313
#
# Event rules
#
# Log probe requests.
hostap handle type management subtype probe request \
with iapp type radiotap
# Log and annoy foreign accesspoints.
#
# This will be logged as well but the important thing is to
# annoy other accesspoints in your wireless territory.
hostap handle type data bssid !<myess> \
with frame type management subtype deauth reason auth expire \
from &bssid to ff:ff:ff:ff:ff:ff bssid &bssid
# The first de-auth example will not work with some newer stuff, like
# iwi(4)/ipw(4) "centrino", because they ignore management frames to
# the broadcast address as a countermeasure against the "void11"
# attack.
#
# hostap handle type data bssid !<myess> \
# with frame type management subtype deauth reason auth expire \
# from &bssid to &from bssid &bssid
# Detect flooding of management frames except beacons.
# This will detect some possible Denial of Service attacks
# against the IEEE 802.11 protocol (like "void11").
hostap handle skip type management subtype ! beacon \
with log \
rate 100 / 10 sec
# Finally log any rogue accesspoints limited to every second.
hostap handle skip type management subtype beacon bssid !<myess> \
with iapp type radiotap limit 1 sec
|