Annotation of src/etc/hostapd.conf, Revision 1.8
1.8 ! david 1: # $OpenBSD: hostapd.conf,v 1.7 2005/10/13 09:49:59 aanriot Exp $
1.5 reyk 2: # sample hostapd configuration file
3: # see hostapd.conf(5)
4:
5: # "wavelan is a battle field"
6:
7: #
8: # Macros
9: #
10:
11: # Define macros for the interfaces to be used by hostapd. The "wlan"
1.8 ! david 12: # interface is optional.
1.5 reyk 13: wlan="ath0"
14: wired="sis0"
15:
16: #
17: # Tables
18: #
19:
20: # Define the MAC addresses (BSSIDs) for your accesspoints in a table.
21: table <myess> {
22: 00:90:4b:0d:fd:c8,
23: 00:02:6f:21:ea:8b
24: }
25:
26: # Address masks are providing a simple way to match by MAC vendor ID.
27: #
28: # table <senao> { 00:02:6f:ff:ff:ff & ff:ff:ff:00:00:00 }
29:
30: #
31: # Global options
32: #
33:
1.7 aanriot 34: # Comment this option to run hostapd in passive IAPP logging mode.
1.5 reyk 35: set hostap interface $wlan
36:
1.7 aanriot 37: # Use default radiotap mode.
1.5 reyk 38: set hostap mode radiotap
39:
1.7 aanriot 40: # Use multicast (according to the revised standard).
1.5 reyk 41: set iapp interface $wired
42: set iapp mode multicast
43:
44: #
45: # Event rules
46: #
47:
1.7 aanriot 48: # Log probe requests.
1.5 reyk 49: hostap handle type management subtype probe request \
1.8 ! david 50: with iapp type radiotap
1.5 reyk 51:
1.7 aanriot 52: # Log and annoy foreign accesspoints.
1.5 reyk 53: #
54: # This will be logged as well but the important thing is to
55: # annoy other accesspoints in your wireless territory.
56: hostap handle type data bssid !<myess> \
57: with frame type management subtype deauth reason auth expire \
58: from &bssid to ff:ff:ff:ff:ff:ff bssid &bssid
59:
1.6 reyk 60: # The first de-auth example will not work with some newer stuff, like
1.5 reyk 61: # iwi(4)/ipw(4) "centrino", because they ignore management frames to
62: # the broadcast address as a countermeasure against the "void11"
1.8 ! david 63: # attack.
1.5 reyk 64: #
65: # hostap handle type data bssid !<myess> \
66: # with frame type management subtype deauth reason auth expire \
67: # from &bssid to &from bssid &bssid
1.6 reyk 68:
69: # Detect flooding of management frames except beacons.
70: # This will detect some possible Denial of Service attacks
71: # against the IEEE 802.11 protocol (like "void11").
72: hostap handle skip type management subtype ! beacon \
73: with log \
74: rate 100 / 10 sec
1.5 reyk 75:
76: # Finally log any rogue accesspoints limited to every second.
77: hostap handle skip type management subtype beacon bssid !<myess> \
78: with iapp type radiotap limit 1 sec
1.7 aanriot 79: