On Sat, Sep 21, 2013 at 12:40:15AM +0200, Björn Persson wrote: > >> Anyone can broadcast an SSID. How does FirewallD authenticate the > >> network connection? > >FirewallD is not responsible for such authentication/AP validation. > >Firewall as such is not meant to assure you're connecting to where you > >want. > It's FirewallD that introduces the zone concept. FirewallD is therefore > responsible for ensuring that the network has been authenticated before > it switches to a zone that assumes an isolated and friendly network. Of > course FirewallD can delegate the authentication to another program, > but simply stating that FirewallD is not responsible doesn't answer the > question. I haven't looked, but I assume that it's not actually the SSID that makes them unique but rather done by NetworkManager UUID. See <https://wiki.gnome.org/NetworkManagerConfiguration>. So, the attack I think you're talking about would be someone making a network with the same SSID as one you trust. NetworkManager won't automatically connect to that, and it even if you do, it won't automatically put them in the same zone. -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm@xxxxxxxxxxxxxxxxx> -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
