Coova Presentation

Blurb

The Joy of Coova, or How I Learned to Stop Worrying and Love Radio Networking

In which your intrepid narrator conquers his paranoia and installs a wifi hotspot on his network, exposing it to the nefarious wiles of all hackers, spammers, and other evil characters within a 100-yard radius of his home, protected only by the fig-leaf of a click-through agreement form.

Featuring coova (http://coova.org), a build-your-own-hotspot kit built on OpenWRT, the linux distribution designed to run on your wifi router. With explicit, never-before-shown details on troubleshooting and other digital hilarity.

Presentation Slides

Slide 1

Wifi Networking Considered Harmful

• Not Secure, even with WEP encryption
  • 265,000 google results for "wep cracking linux"
• Significantly Slower than a Wired Connection
• Requires yet another damn always-on box

Slide 2

Wifi Networking Considered Useful

• Bruce Schneier says "Steal This Wifi", Wired Magazine 01/08
• Many modern devices use solely wireless networking
  • Nokia N810
  • OLPC-XO
  • Nintendo DS
• You Can Always Turn it Off

Slide 3

A Compromise between Paranoid and Trusting: your private Hotspot

• Choose your own usage policy
• Log activities as needed
• Look like a Cool Guy to your neighbors
• Partition your personal network from strangers internet access as needed

Slide 4

Hardware

• Linksys WRT54G series, either pre- 5.0 or the WRT54GL ( Include picture)
• $79 at Fry's (officially)

Slide 5

Software: Introduction to Coova

• http://coova.org
• Open source, based on Debian derivative OpenWRT ( http://openwrt.org)
• Real linux, with ssh, ash, busybox, and vim
• Menu-based configuration ( shell scripts)
• Real-time control of who's doing what on your network
• VPN to router as needed
• Use OpenWRT applications (wireshark!)

Slide 6

First, Catch your Chicken

1. Get the router running with the installed software (unsecured)
2. Copy down the IP addresses and other settings you used

Slide 7

Install Coova

• Remember, you're voiding the warranty at this point.
• Going back to the original installed software is somewhat a PITA
  • tftp clients and the evil Bill Gates Linefeed Trouble.

Slide 8

Configure the Coova Hotspot

• Put in the ip addresses you used to get the thing working
• Set your machines up to authenticate automatically with MAC address or otherwise
• Leave one off the MAC list to experiment with login policies

Slide 9

Login Policy: Simple TOS Page

• Dead stupid easy to set up
• Terms of Service page is sent from coova.org and is not modifiable
• Allows use of MAC authentication (your devices don't go through the redirect)

Slide 10

Login Policy: captive hotspot

• All contained on router (no call out to someone else's servers)
• Allows TOS page, self-registered login, or out-of-band username/password distribution
• Allows you to put your own html and images on login and TOS pages.
• No MAC authentication
• Limited number of username/password pairs available

Slide 11

Login Policy: Radius Authentication

• You can use coova.org's radius server (must sign up separately) or your own.
• You'll have to deliver username/passwords out of band
• Guarantees that you always know who's on the network and what they are doing
• Set up your own RADIUS server if you're brave

Slide 12

Login Policy: Facebook Profile

• Interfaces with facebook to allow your friends/fans wifi access
• Requires both coova.org and facebook IDs. ( and requires both of those sites to be up)

Slide 13

Mistakes you Should Not Make

• Re-installing the default firmware (tftp clients and servers)
• ssh to your router to examine the internals of the system

Slide 14

Other Coova Features

• Walled Garden (sites/hosts allowed access before login)
• proxy
  • Captive Frame -- put your banner on all pages (does not distinguish among users)
  • Post-auth proxy -- run all traffic through a proxy server

Slide 15

Outstanding Issues

• Special routing for my personal machines

-- CharlesShapiro - 03 Oct 2008