Wireless Networks II

[Paul]

i have a belkin router with upto 54g capability inc older specifications..

and a laptop with 11b built in.

i have set it up so its only accessable with mac addresses and turned the broadcasting bit off on my router, so only those that know its there can see it...

and its working a treat. can browse the net, and shared drives on my desktop etc.

but if i enable WEP 64k my wireless connection seems to get interrupted and disconnected, and i have to keep connecting to the wireless lan, depite having excellent signal strength and being only 1m from router.....

why might that be?

do i even need wep at home, when using mac addresses?

my next option is to use my bundled 54g PCMCIA card and dabble with that, but seems a shame to have a card sticking out of side of laptop when the built in 11 b is more than adequate for browsing the net with 512k broadband.

have to admit in new to wireless and wep,mac etc, so any ideas welcome.

cheers.

[dannymacca]

Its probobly something to do with your WEP settings, are you sure that your keys are identicle on both the router and the computer your using?

Depending on the router you may need to use an alpha-numeric key or the hex code for an alpha-numberic key.

Regarding the MAC address issue, its better to use some encryption because otherwise people wouldnt be able to join your network but would still be able to receive the data both you and your router are broadcasting with no troubles.

[Paul]

keys are the same.

i have 128K wep and 64K wep

laptop only allows the 64K wep on the built in wireless, as it doesnt give enough space to fit a 128K key.

i still have the option of trying the matching 54G belkin card, but wanted to see if i could get it sorted on the built in first.

[Gaunty]

It sounds like its not authenticating properly.

I found this that might help.

http://support.microsoft.com/default.aspx?scid=kb;en-us;814123

You could try this too if the first one doesn't help: http://support.microsoft.com/default.aspx?scid=kb;en-us;826942

[Colin M]

I wouldn't bother with 128 bit WEP keys, it's just not worth it for a home network and the security calls just slow everything down.

[Paul]

Cheers Gaunty.

I have run through the first one, and all appears ok laptop end, its set up as it suggests...

also will try router on 11b only

rather than 11b + 11g mode.

Now reading through option 2.

[Paul]

option No.2 applied to laptop, other end is a belkin router.

also dropped mode to 11b only to see if it makes a difference... may change it back later..

funny thing with updates is it appears to have slightly chabged the options in the "configure menu" for wireless, yet i have laptop set to "get all updates automatically " from microsoft and it has done so at least twice since i had it, inc one earlier today.

you would have thought it would have already got this update..?

switching to laptop to see if its more stable.

[Paul]

option 2 seems to have cracked it Gaunty mate!

havent lost connection once since.

inc being back on 11b+11g

Cheers

[Gaunty]

No probs mate, glad to be of help. I think that Micro$oft intended this update only for computers with the problem.

[Foggy]

[ QUOTE ]

I wouldn't bother with 128 bit WEP keys, it's just not worth it for a home network and the security calls just slow everything down

[/ QUOTE ]

I would go exactly the opposite way Colin, the option is there so turn it on, the overhead is negligible.

I think we all agree that you really should tie down your wireless access point.

To do this you have to require encryption.

If you are going to encrypt using WEP why use 64 bit when you can use 128bit.

If you don't require WEP then you are leaving you access point open to everyone.

Whilst WEP isn't anywhere near as good as WPA, it is enough to stop people bothering to try and use your bandwidth, or more seriously explore your internal network, when they can simply drive a few doors down and use your neighbours open access point

[Paul]

it doesnt appear the built in wireless in laptop will go to 128k wep as there isnt enough room in the box to allow the full string of digits.

if i used the bundles 54g card i believe it does upto 128k wep and or WPA, but then you got a lump sticking out the pcmcia slot.

[Foggy]

For 128 bit WEP you need to be able to enter 26 hex digits, so as long as you can do that you should be able to have 128 bit

For those that did the math, you can see that this doesn't quite tally.

A hex digit can be represented by 4 bits, and therefore 26 hex digits give you 104 bits. This is why you may see some vendors refer to 104 bit WEP. The last 24 bits are an initialisation vector

309369 How to Make Your 802.11b Wireless Home Network More Secure http://support.microsoft.com/?id=309369

[Paul]

the box provided only allows 23 digits on the built in wireless.

not bothered with the PCMCIA card yet

[Frodo]

Which is better WEP or WPA? Should you stop broadcasting ID of the wirless network once you have connected the servers?

[Viraje]

As I understand it, WPA offers stronger encryption, but isn't part of the 802.11G standard, and so isn't available on all hardware. So you may be forced to use WEP if using older equipment, (ie. embedded wireless).

[Frodo]

Cool I've got a IBM laptop which can use WPA and a Netgear wireless router and they seem to converse without problem, although only at 11mb/s. But I don't care cos broadband is only 2mb/s

[Foggy]

The reason why WEP has been superseded is because it uses the same encryption key for every packet so if you capture enough traffic you can calculate what the key is and then decrypt anything else that is sent.

There are ways and means to avoid this which essentially involves changing the keys regularly. Anyone that has had to type in a 26 digit WEP key can imagine how annoying that would be just doing their own 2 or 3 PC network let alone an entire corporation so to work around this they would use certificates and a Public Key Infrastructure

The reason that WPA offers better protection than WEP is because after the initial key exchange every packet uses a different key and is therefore not subject to the same vulnerability

[Frodo]

Thanks for the reply "localhost", very informative. So for a home network the best method of protection is WPA?

[Foggy]

The best for every network is WPA, if your cards and access point support it that is. It seems the card Paul has only supports 64 bit WEP so no chance of WPA there.

I forgot to answer your other question about SSID...

I do turn mine off just so average Joe with his new wireless laptop can't find it but the plain fact of the matter is that apps like Net Stumbler will find these networks even if you do turn it off.

One thing to be aware of, which I haven't confirmed is that the Wireless Zero Configuration service in XP prefers to connect to networks that advertise their SSID. So lets say you disable yours and then your neighbour installs a new access point that is advertising you may end up flipping to his network all the time

[Frodo]

I'd be interested to know more. So how else can you protect your wireless laptop and router from snooping. Or do you just have relie on secure passwords and firewalls?

Did you also see my other message thread on increasing recption through antenna?

[Foggy]

Firstly, with respect to your laptop people won't be able to connect directly to it through wireless unless you set up an ad-hoc or computer to computer wireless network.

A firewall is used to prevent unwanted machines speaking to your machine if they have a medium on which to do this. If I get as far as using a password I have managed find a medium and get through your firewall and I am ‘speaking’ directly to the device

With an access point all machines connect to the network and to each other through it which is why you need to protect it to stop the conversation even happening

The thing with wireless is that the packets are squirted literally everywhere so the physical security of the medium that you would get with wire isn't there. This means that anyone with a sniffer and wireless card can capture the data that is being sent / received.

The main layers of wireless protection are MAC address filtering and encryption (WEP / WPA)

MAC address filtering does prevent people from connecting to your access point if their physical address isn't in a table that you populate, however a network sniffer or a tool of the same ilk will very quickly capture the packets your send through the air and consequently your MAC address can be obtained quite easily. Many cards allow the MAC address to be changed, so I could simply change my MAC address to the same as yours and I would have overcome that layer. It would be very confusing for the access point if we were both online with the same MAC address, but I would just need to make sure I wasn't online with you.

The WEP key (Wired Equivalent Privacy incidentally, not Wireless Encryption Protocol as lots of people seem to think) is not a password, it's a shared secret.

The key is used to provide parameters to an encryption algorithm which then outputs, in essence, complete gibberish. However because a legitimate client knows the key it can take the gibberish and decrypt it.

As per my last post, the problem with WEP is that this key is the same for every packet sent so if you capture enough data it is possible to work out what the key is and therefore your hacking friend can also see your data. Take a look at something like WEP crack if you are interested.

To be honest, the capture and decryption of data is of very little concern for a home network, but what the key does do is prevent people connecting to you if you don't want them to

To boil all that wordy shite down, encrypt your network and you will be safe from people trying to get to you through your wireless network.

Sorry about the last point, I have never looked into additional antenna so I don't know he answer to that

[Paul]

[ QUOTE ]

The best for every network is WPA, if your cards and access point support it that is. It seems the card Paul has only supports 64 bit WEP so no chance of WPA there.

[/ QUOTE ]

built in laptop 11b appears to only support 64K wep but i also have a PCMCIA card that will do WPA etc, just trying to avoid using it as its an overkil for simple web surfing , and something else to plug in and stick out of laptop.

my wep seems to be playing up again now.

tried new keys and its erratic again. even more erratic than last time.!

[Paul]

this wep lark is starting to feck me off.

just had to system restore back to before patch applied and re-download it.

before this it just would not connect with wep enabled regardless of the copious amount of keys i generated for it.

working for now, but for how long! something obviously upset it.

last resort will be PCMCIA card

[Paul]

sodding wep.. or rather windows auto updates...

wep stopped working AGAIN. This time pin pointed to a set of updates that requires a reboot. I always tend to defer this till i naturally shut down the pc.

one of the following fecks it up.

Windows update : <ul type="square">

[*]KB833407

[*]KB839645

[*]KB841873

[*]KB840315

[*]KB842773

[*]UPDATE V4

revert back to before these updates and alls perfect.

so updates disabled for now.

would i be better off using xp pro over xp home.... i may update operating system...

[Foggy]

Paul,

In my experience access points sold into the home market aren't so hot, especially if my SMC is anything to go by. Check to see if there is a firmware upgrade available for your unit