- Aug 25, 2001
- 56,587
- 10,225
- 126
Ok, I'm not a wireless guru. Yet. I've been reading as much as I can on various things in the WiFi world, and have come to some tentative conclusions. Compatibility, of anything other than plain-vanilla 802.11b and most 802.11g devices, is iffy at best. Things like WDS, allowing a router/AP to talk to one another wirelessly (which I naively assumed would work out-of-the-box, just like standard wired ethernet), are really only non-standard, vendor-specific extensions. What a joke compatibility is! Thank heavens, many of the routers/APs are based on Linux, and therefore can be hacked to add features.
But after ditching the idea of using two routers to talk to each other wirelessly (via WDS, which requires 3rd-party firmware), and instead opting for the more "plain-vanilla" installation method, one wireless router in infrastructure mode, and one USB wireless NIC client in infrastructure more, I've decided to turn my current attention towards security. During the installation, I discovered two other WLANs within range of my client NIC. Both had 128-bit WEP enabled, which is good, except that my WLAN did not, since I was still setting it up. Unfortunately, that also meant that the broadband login information was also accessable via the router (although it did have a password), and therefore I changed that immediately (after disabling the wireless entirely). Also of note, one of the WLANs showing, disappeared after my client NIC went "live", I thought that was interesting.
From what I can understand from prior reading, although I've not directly experimented with it yet, is that WEP, both 40/64-bit and 128-bit, can be cracked, within the span of approx a week at most, possibly sooner. That means that WEP is an entirely unsuitable method for long-term WiFi network installations. So either I manually update WEP keys daily by sneakernet (kind of making the reason for the WiFi net superfluous), or find a better, longer-term solution. I don't know much about WPA yet, but I do know that my newly-purchased LinkSys USB 2.0 802.11g adaptor will only support WPA under WinXP with the newest drivers, and not W2K. It won't support Win9x, period. I was very disappointed to learn that after looking up and downloading the newest drivers, since the drivers on the CD do not install correctly in W2K. (Beware!)
I also recall reading once, about a WISP discussion about using PPPoE over a WLAN. To me, that actually sounds like a nearly-perfect solution in some ways, and I'm curious about what the security differences would be between that and WEP or WPA, if any of the experts that read this forum feel like chiming in.
At this point, with security foremost in mind, I'm actually considering scrapping the WiFi experiment entirely, and just running a nice long CAT5 cable between the rooms. It would be fairly difficult to sniff *that*, I would think. Is it possible that WiFi's relatively poor security, outweighs its convenience, at least for highly security-concious people like myself, and is still yet unsuitable to be deployed?
Edit: Finally, now up and running on my own 'g' WLAN. Unfortunately, I'm also starting to get a headache. I'm wondering if this thing is going to be able to stay; I generally also get severe headaches from using a 900Mhz cordless phone for more than 5-10 minutes too. All I can think of is that line from the Wierd Al song... "stick your head in the microwave and give yourself a tan.. dare to be stupid, dare to be stupid!". Considering that I'm now broadcasting low-level microwave frequencies in the open airspace near my living/sleeping quarters, I'm wondering if Wierd Al was a bit ahead of his time in his apparent predictions about WiFi.
Also, again about security, I noticed something funny. I can set the WRT54G router to WEP, and type in a passphrase, and it shows four lines hex numbers. It also has a radio box to select the "transmit key", 1-4. The USB2 'G' adaptor, however, only has a single line to input a hex string, and has a drop-down listbox to select the transmit key, again, numbers 1-4. Yet it seems that it only really depends on that first hex string matching, in order to give access with WEP. I would have thought that it required all four strings to match, since entering a passphrase and clicking "generate" creates all four of them; I assumed that they were only four fragments of the whole key. But apparently only the first one is used? I don't get that.
I'm thinking that I might just leave up my secondary 'b' wireless router as a honeypot, seeing as I've seen two different sets of "other" wireless nodes showing up recently - I don't think that they are all my neighbors... I'll leave it as an "open system", with DHCP enabled, and it will log the MACs of the wireless clients that try to associate with it, at least for now.
But after ditching the idea of using two routers to talk to each other wirelessly (via WDS, which requires 3rd-party firmware), and instead opting for the more "plain-vanilla" installation method, one wireless router in infrastructure mode, and one USB wireless NIC client in infrastructure more, I've decided to turn my current attention towards security. During the installation, I discovered two other WLANs within range of my client NIC. Both had 128-bit WEP enabled, which is good, except that my WLAN did not, since I was still setting it up. Unfortunately, that also meant that the broadband login information was also accessable via the router (although it did have a password), and therefore I changed that immediately (after disabling the wireless entirely). Also of note, one of the WLANs showing, disappeared after my client NIC went "live", I thought that was interesting.
From what I can understand from prior reading, although I've not directly experimented with it yet, is that WEP, both 40/64-bit and 128-bit, can be cracked, within the span of approx a week at most, possibly sooner. That means that WEP is an entirely unsuitable method for long-term WiFi network installations. So either I manually update WEP keys daily by sneakernet (kind of making the reason for the WiFi net superfluous), or find a better, longer-term solution. I don't know much about WPA yet, but I do know that my newly-purchased LinkSys USB 2.0 802.11g adaptor will only support WPA under WinXP with the newest drivers, and not W2K. It won't support Win9x, period. I was very disappointed to learn that after looking up and downloading the newest drivers, since the drivers on the CD do not install correctly in W2K. (Beware!)
I also recall reading once, about a WISP discussion about using PPPoE over a WLAN. To me, that actually sounds like a nearly-perfect solution in some ways, and I'm curious about what the security differences would be between that and WEP or WPA, if any of the experts that read this forum feel like chiming in.
At this point, with security foremost in mind, I'm actually considering scrapping the WiFi experiment entirely, and just running a nice long CAT5 cable between the rooms. It would be fairly difficult to sniff *that*, I would think. Is it possible that WiFi's relatively poor security, outweighs its convenience, at least for highly security-concious people like myself, and is still yet unsuitable to be deployed?
Edit: Finally, now up and running on my own 'g' WLAN. Unfortunately, I'm also starting to get a headache. I'm wondering if this thing is going to be able to stay; I generally also get severe headaches from using a 900Mhz cordless phone for more than 5-10 minutes too. All I can think of is that line from the Wierd Al song... "stick your head in the microwave and give yourself a tan.. dare to be stupid, dare to be stupid!". Considering that I'm now broadcasting low-level microwave frequencies in the open airspace near my living/sleeping quarters, I'm wondering if Wierd Al was a bit ahead of his time in his apparent predictions about WiFi.
Also, again about security, I noticed something funny. I can set the WRT54G router to WEP, and type in a passphrase, and it shows four lines hex numbers. It also has a radio box to select the "transmit key", 1-4. The USB2 'G' adaptor, however, only has a single line to input a hex string, and has a drop-down listbox to select the transmit key, again, numbers 1-4. Yet it seems that it only really depends on that first hex string matching, in order to give access with WEP. I would have thought that it required all four strings to match, since entering a passphrase and clicking "generate" creates all four of them; I assumed that they were only four fragments of the whole key. But apparently only the first one is used? I don't get that.
I'm thinking that I might just leave up my secondary 'b' wireless router as a honeypot, seeing as I've seen two different sets of "other" wireless nodes showing up recently - I don't think that they are all my neighbors... I'll leave it as an "open system", with DHCP enabled, and it will log the MACs of the wireless clients that try to associate with it, at least for now.
Facebook
Twitter