Annotation of src/etc/hostapd.conf, Revision 1.9
1.9 ! reyk 1: # $OpenBSD: hostapd.conf,v 1.8 2005/11/03 23:06:48 david Exp $
1.5 reyk 2: # sample hostapd configuration file
3: # see hostapd.conf(5)
4:
5: # "wavelan is a battle field"
6:
7: #
8: # Macros
9: #
10:
11: # Define macros for the interfaces to be used by hostapd. The "wlan"
1.8 david 12: # interface is optional.
1.5 reyk 13: wlan="ath0"
14: wired="sis0"
15:
16: #
17: # Tables
18: #
19:
20: # Define the MAC addresses (BSSIDs) for your accesspoints in a table.
21: table <myess> {
22: 00:90:4b:0d:fd:c8,
23: 00:02:6f:21:ea:8b
24: }
25:
26: # Address masks are providing a simple way to match by MAC vendor ID.
27: #
28: # table <senao> { 00:02:6f:ff:ff:ff & ff:ff:ff:00:00:00 }
29:
30: #
31: # Global options
32: #
33:
1.7 aanriot 34: # Comment this option to run hostapd in passive IAPP logging mode.
1.5 reyk 35: set hostap interface $wlan
36:
1.7 aanriot 37: # Use default radiotap mode.
1.5 reyk 38: set hostap mode radiotap
39:
1.7 aanriot 40: # Use multicast (according to the revised standard).
1.5 reyk 41: set iapp interface $wired
42: set iapp mode multicast
1.9 ! reyk 43:
! 44: # The following mode is compatible to some pre-standard IAPP implementations
! 45: #set iapp mode broadcast port 2313
1.5 reyk 46:
47: #
48: # Event rules
49: #
50:
1.7 aanriot 51: # Log probe requests.
1.5 reyk 52: hostap handle type management subtype probe request \
1.8 david 53: with iapp type radiotap
1.5 reyk 54:
1.7 aanriot 55: # Log and annoy foreign accesspoints.
1.5 reyk 56: #
57: # This will be logged as well but the important thing is to
58: # annoy other accesspoints in your wireless territory.
59: hostap handle type data bssid !<myess> \
60: with frame type management subtype deauth reason auth expire \
61: from &bssid to ff:ff:ff:ff:ff:ff bssid &bssid
62:
1.6 reyk 63: # The first de-auth example will not work with some newer stuff, like
1.5 reyk 64: # iwi(4)/ipw(4) "centrino", because they ignore management frames to
65: # the broadcast address as a countermeasure against the "void11"
1.8 david 66: # attack.
1.5 reyk 67: #
68: # hostap handle type data bssid !<myess> \
69: # with frame type management subtype deauth reason auth expire \
70: # from &bssid to &from bssid &bssid
1.6 reyk 71:
72: # Detect flooding of management frames except beacons.
73: # This will detect some possible Denial of Service attacks
74: # against the IEEE 802.11 protocol (like "void11").
75: hostap handle skip type management subtype ! beacon \
76: with log \
77: rate 100 / 10 sec
1.5 reyk 78:
79: # Finally log any rogue accesspoints limited to every second.
80: hostap handle skip type management subtype beacon bssid !<myess> \
81: with iapp type radiotap limit 1 sec
1.7 aanriot 82: