Network

From SHA2017 Wiki
Revision as of 14:34, 3 August 2017 by Lukas (talk | contribs) (edit connect section, add disconnect)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Team:NOC has tried to build and support the fastest network for you: a network comparable to a medium sized ISP, built up in just a couple of days. It might not be perfect all the time. We will be providing blanket wireless coverage and wired network access to both venues and camping tents. If you have any questions, please contact the NOC helpdesk located at the infodesk tent.

TL;DR

  • To use the camp WiFi on most modern devices, connect to the SHA2017 network with a username of sha2017 and a password of sha2017. (You may have to select "Don't check certificate")
  • If you want a wired connection to the network, lay your own cable neatly from your tent back to the nearest datenklo (Data Toilet) and put it through the loop (add appropriate amount of slack ~2m so that there is enough play to connect it in the Datenklo).
  • If you want your cable to be disconnected, coil it up in front of the datenklo.
  • You have a public IPv4 & IPv6 address and there is no network firewall or filtering.

Rules of Conduct

  • Be fair! Do not do to others what you do not wish done to yourself!
  • We cannot be held responsible for any damage your computer may face due to attachment to our network. Be reminded that both internet access and the local network are unfirewalled and unfiltered. Even well-maintained systems can be attacked and get hacked, even more so at a hacker event.
  • Do not operate your own WiFi access point. This causes a major slow-down for everybody else.
  • If you are operating anything else in the 2.4GHz or the 5GHz spectrum, please clear the frequencies in advance with us.
  • Do not run your own DHCP server! Doing so is harmful.
  • Do not send IPv6 Router Advertisements.
  • Do not ARP spoof or otherwise impede the operation of the network!
  • If you are connecting an embedded device to the network please make sure it is using a unique MAC address. Many of the code examples for such devices use an identical MAC address and this will cause problems - if you aren't sure contact us.
  • You are only allowed one uplink from your switch to our network - do not attempt to connect multiple cables or to connect to multiple datenklos! The datenklo switchport allows for a maximum of 64 stations.
  • While we are generally quite able to find and disconnect you in case of network misuse if necessary, we still prefer to not have to do so and that everybody respects the other visitors.
  • Think twice before you do something that affects others! If you hack someone, you might be prosecuted. Be aware that we cannot prevent law enforcement from acting within or related to our network.
  • For special requests please contact NOC via noc-requests@sha2017.org.

Uplink

We are planning for a 100 Gbps uplink to our router in Amsterdam. From there we will have various transits to the rest of the world, supplied by various supporters.

Wireless

The whole field has been covered with many wireless access points to ensure the best possible coverage and to allow you to roam seamlessly without interruption. Naturally, there is additional coverage in popular areas such as the talk tents. The following wireless networks will be available:

SHA2017
This is 5GHz and should you should use this one in preference, if you can see it. The username is "sha2017" with password "sha2017". This is the most secure, WPA2-Enterprise.
SHA2017-legacy
This is 2.4GHz and less resistant to interference, use it only if you have to. The username is "sha2017" with password "sha2017". This is also WPA2-Enterprise.
SHA2017-insecure
Warning: insecure This is both 5GHz and 2.4GHz, and is for older devices that don't support WPA2-Enterprise. It's unencrypted, and people will likely intercept your traffic.
spacenet
This is 2.4GHz + 5GHz and WPA2-Enterprise, you can connect with a valid account if your hackerspace offers spacenet.
eduroam
This is 2.4GHz + 5GHz and WPA2-Enterprise, you can connect with a valid account if your university/college/school is offering eduroam. More information can be found at eduroam.org.

Even if you are using an encrypted network, you should still encrypt your connection to prevent snooping. Although some SSIDs offer encryption, it is only over-the-air.

We have airtime fairness configured on our wireless controllers, so if you wish to download large files please use a wired connection (there will be plenty about).

WPA2 802.1X, encryption

Due to popular demand (and with security in mind) we provide WPA2 802.1X. This will encrypt your traffic, preventing attackers from sniffing your data. Keep in mind that this won't protect you from other network attacks and you should still be aware that you are at a hacker conference! Your link layer should be secure if you do certificate checking (see below).

You might think: "WTF!? Do I need to register a user and password blah, blah". Fortunately not. You can use any username/password combination using EAP-TTLS with PAP to login (example: "user: fbhfbhiaf pass: bgufwbnkqo" is valid), because we don't care who logs in and who you are. We just want to encrypt your data.

Users which use MSCHAPv2 (like Windows users with default 802.1X supplicant) should use a fixed username and password. You can use "sha2017/sha2017" or "guest/guest" as "username/password".

Client Settings

Also see Network/802.1X client settings for a list of OS-specific client settings. 

SSID: SHA2017 or SHA2017-legacy

EAP-TTLS:

Phase 1: EAP-TTLS
Phase 2: PAP

PEAP:

Phase 1: PEAP
Phase 2: MSCHAPv2 or EAP-MSCHAPv2 or PAP

CN = radius.sha2017.org
CA = DST Root CA X3
SHA256 Fingerprint = 20:CE:02:90:2E:2A:79:8E:B5:40:8D:BD:0A:E4:18:A1:AD:5A:C0:BD:6A:09:02:17:A8:F4:46:99:79:A0:B9:C8

Make sure you check the certificate in order to know you are connecting to the correct network (you should check on both the CN/SAN and the CA). Check here for the complete certificate.

Wired

All camping areas will be within 40m of a datenklo (Data Toilet), please bring around 50-70m of Cat5e/Cat6/Cat7 cable to make sure you have some slack in the cable. We do not supply you with a cable.

Lay your own cable neatly from your tent back to the nearest datenklo, and leave 3m of slack coiled on the floor in front of it. And please lay it so that it can be clearly seen that it needs to be plugged in - or you risk having your cable overlooked. At regular intervals a member of the NOC helpdesk will connect it up.

To be disconnected at the end of the event, leave the whole cable coiled outside the datenklo, and we'll unplug it when we next visit.

All of our access ports are 1Gbit/s (1000BASE-T) or 100Mbit/s (100BASE-TX), plus Auto-MDIX. If you want to connect something else, please contact the NOC-team beforehand at noc-requests@sha2017.org.

We do not support 10Mbit/s. It might work on a few devices, but there is no guarrantee. If you need it for old or embedded things please bring a switch to convert.

FAQ

Can I bring a server?

Sure! You should host your server in your tent/village and connect to the nearest datenklo.

There will be no public-colocation facility available.

Can I use the 2.4GHz/5GHz-band for non-wifi projects?

The following channels are available for adhoc/mesh/other wireless stuff:

  • 2.4GHz: Channel 1 (20 MHz centered on 2412 MHz; 2402 MHz->2424 MHz)
  • 5GHz: Channel 140 (5690->5730 MHz) or channels 149-165 (5735->5835 MHz), if supported (max 25mW EIRP allowed in The Netherlands)

We cannot force you to use these channels, but we are trying to build a functional wireless network for the other attendees too. So please, don't do any experiments on other channels.

Can I bring an access point?

Please don't.

If you are operating a village (using an SHA2017-supplied tent) that has poor coverage, we may be able to arrange to put an access point in it during the event to improve coverage. Stop by the NOC helpdesk and ask.

Can I bring a switch?

Yes. You are however only allowed one uplink from your switch to our network - do not attempt to connect multiple cables or to connect to multiple datenklos! The datenklo switchport allows for a maximum of 64 stations.

Supporters

We'd like to extend special thanks to the following people and organisations who have been instrumental in making SHA2017 Network happen:

Twitter

The SHA2017 NOC team has a Twitter account: @sha2017noc


Retrieved from "https://wiki.sha2017.org/index.php?title=Network&oldid=10118"