following on from
http://www.ex-parrot.com/pete/upside-down-ternet.html
I was having a little think about how to make this concept more secure.
its easy enough to separate known and unknown clients out via MAC address.
but that system is easier to break than it is to set up
either, sniff out a mac address already connected to the system, and spoof that address.
or, more simply, set a static IP on your wifi device, and avoid the redirection completely.
so, is anyone aware of a relatively straight forward setup that would allow me to identify clients on my network without relying on MAC address, would more forcefully separate out known and unknown hosts (vlan??).
As well as doing so without alerting them to the fact, and without requiring known hosts to do anything special, or install software. Or requiring any more hardware than I have already.
(hardware = a debian box with 2 NIC's acting as a gateway between all internal network, and the billion router which handles the outside world not getting in, and a WAP attached to the internal side of the network. also somewhere I have a wifi card that I could attach to the server to replace the AP)
I assume some sort of authentication mechanism is required, but I dont know much more past that.
any ideas?