Annotation of src/etc/hostapd.conf, Revision 1.11
1.11 ! david 1: # $OpenBSD: hostapd.conf,v 1.10 2006/12/31 03:29:19 reyk Exp $
1.5 reyk 2: # sample hostapd configuration file
3: # see hostapd.conf(5)
4:
5: # "wavelan is a battle field"
6:
7: #
8: # Macros
9: #
10:
11: # Define macros for the interfaces to be used by hostapd. The "wlan"
1.8 david 12: # interface is optional.
1.5 reyk 13: wlan="ath0"
14: wired="sis0"
15:
16: #
17: # Tables
18: #
19:
20: # Define the MAC addresses (BSSIDs) for your accesspoints in a table.
21: table <myess> {
22: 00:90:4b:0d:fd:c8,
23: 00:02:6f:21:ea:8b
24: }
25:
26: # Address masks are providing a simple way to match by MAC vendor ID.
27: #
28: # table <senao> { 00:02:6f:ff:ff:ff & ff:ff:ff:00:00:00 }
29:
30: #
31: # Global options
32: #
33:
1.7 aanriot 34: # Comment this option to run hostapd in passive IAPP logging mode.
1.5 reyk 35: set hostap interface $wlan
36:
1.7 aanriot 37: # Use default radiotap mode.
1.5 reyk 38: set hostap mode radiotap
1.10 reyk 39:
1.11 ! david 40: # Uncomment these options to jump to the next channel every 2 seconds.
1.10 reyk 41: #set hostap hopper interface $wlan
42: #set hostap hopper delay 2000
1.5 reyk 43:
1.7 aanriot 44: # Use multicast (according to the revised standard).
1.5 reyk 45: set iapp interface $wired
46: set iapp mode multicast
1.9 reyk 47:
48: # The following mode is compatible to some pre-standard IAPP implementations
49: #set iapp mode broadcast port 2313
1.5 reyk 50:
51: #
52: # Event rules
53: #
54:
1.7 aanriot 55: # Log probe requests.
1.5 reyk 56: hostap handle type management subtype probe request \
1.8 david 57: with iapp type radiotap
1.5 reyk 58:
1.7 aanriot 59: # Log and annoy foreign accesspoints.
1.5 reyk 60: #
61: # This will be logged as well but the important thing is to
62: # annoy other accesspoints in your wireless territory.
63: hostap handle type data bssid !<myess> \
64: with frame type management subtype deauth reason auth expire \
65: from &bssid to ff:ff:ff:ff:ff:ff bssid &bssid
66:
1.6 reyk 67: # The first de-auth example will not work with some newer stuff, like
1.5 reyk 68: # iwi(4)/ipw(4) "centrino", because they ignore management frames to
69: # the broadcast address as a countermeasure against the "void11"
1.8 david 70: # attack.
1.5 reyk 71: #
72: # hostap handle type data bssid !<myess> \
73: # with frame type management subtype deauth reason auth expire \
74: # from &bssid to &from bssid &bssid
1.6 reyk 75:
76: # Detect flooding of management frames except beacons.
77: # This will detect some possible Denial of Service attacks
78: # against the IEEE 802.11 protocol (like "void11").
79: hostap handle skip type management subtype ! beacon \
80: with log \
81: rate 100 / 10 sec
1.5 reyk 82:
83: # Finally log any rogue accesspoints limited to every second.
84: hostap handle skip type management subtype beacon bssid !<myess> \
85: with iapp type radiotap limit 1 sec
1.7 aanriot 86: