Re: Slashback!

["Dino A. Dai Zovi" <ddz () theta44 org>]

> I ran into exactly this same scenario - a good personal firewall helps
> since the laptop must be joined to a "friendly" network to have a
> "friendly" policy applied. But this causes the occasional denial of
> service if you're working wired and your wireless adapter joins the
> "unfriendly" network since the policy switches from "friendly" to
> "unfriendly" mode midway through a session. Not a big deal for me, but
> I'm sure it stumps users all the time.

Hello Gord,

Do you know how the firewall identifies a "friendly" network?  Does  
the firewall tap into the wireless layer in Windows to get out the  
SSID and base station MAC address, or does it just verify the  
subnet?  I don't actually "use" any of my windows boxes, so I have  
never used this kind of stuff :).

For example, Windows has something called "Network Location  
Awareness" that applications can use to identify the network they are  
actually on.  However, it just identifies the network by DNS domain  
name, and if there is none, by subnet.  Obviously, by this criteria,  
all 'linksys' base stations are the same network.

I would hope that in future versions of Windows, NLA factors in the  
MAC address of the base station to uniquely identify "trusted"  
networks and more applications make use of NLA so they don't send  
sensitive info or mitm/client-side-exploitable requests over  
untrusted networks.

MacOS X is pretty bad about this too.  I'd love to be able to  
classify the trust level of the wireless networks I join.  E.g. when  
it asks "Add this network to your trusted networks?", I have a drop  
down to qualify how much I trust it.  If I don't trust it very much,  
my laptop won't do Bonjour/Rendezvous stuff over it, etc.  However,  
at least I get to join and network and tell the OS that this is a one- 
off, and it won't try and automatically join it in the future.

Cheers,

-Dino