[lug] Question about Mesa Networks

Lee Woodworth blug-mail at duboulder.com
Thu Apr 22 11:18:55 MDT 2004 

On 21 Apr 2004 at 18:52, Paul E Condon wrote:

> I've just got connected to internet via Mesa Networks. Since it is
> local, I'm supposing that others who have been with then longer than
> I are members of this list. Mesa uses fixed wireless, but otherwise
> seems to offer always on service much like Comcast. My question is:
> 
> What special security considerations are there when using Mesa Networks?
> I'm worried because their informational materials make it sound as if
> there are no problems, but I wonder...
I've been using Mesanetworks for 2 years. Security-wise your radio traffic 
could be sniffed but not with off the shelf hardware. They started out with
802.11b devices and switched to something else awhile ago. The roof top
antennas have a fairly narrow beam (thus requiring fairly precise alignment).
Somebody would have to be along the path to get much of a signal.

However, the radios are bridges so subscribers in the same area could
possibly see your unicast ip traffic. They can definitely see your broadcast
traffic. I see broadcasts from win boxes all the time.

> My security concerns are rather modest. I run a small LAN, 2 Linux, 
> 2 iMacs, 1 print server. I have been using dial-up, so this is the
> first time that I have to confront the nasty aspects of always-on
> internet service.
Its nasty. I see probes all the time. Some may even be linux specific.
This happens for DSL and cable clients too, so you need packet filtering.

Use an internal and an external network (Mesa being the external one).
Get a NAT/Firewall router device to route between the internal and
external networks. You could also equip one of your systems with
two NICs and use iptables for NAT/firewall functions.

Walmart in Longmont has a Linksys 4-port Cable/DSL roouter for ~$40.
Model NR041-WM. Fairly easy to setup. You should check all of the 
settings to make sure they are secure.

If Mesa gave you a box with more than one ethernet port, it is likely a NAT
device. But it may not do packet filtering. Even if it does you probably
can't configure it since you could also then fiddle with your service
parameters (e.g. bandwidth limit).

More information about the LUG mailing list