Router dieing?

[heymrdj]

I'm trying to diagnose my router. A few days ago my router started getting really slow. Then, it just kicked everyone from the network. Anything that attempts to join wireless with security (WEP is a bit more successful, but WPA is a no go at connecting) goes attempting to join, acquiring IP, (sometimes connected), disconnected. Happens on mobile device (HTC Touch Pro), an XP Pro desktop, XP home laptop, and two Vista Ultimate laptops. So i'm fairly sure it's not our fault.

If security is disabled, I can maybe get two devices to connect, after that it just starts dropping us all again. The dropped packets are crazy if it does connect and the network runs hella slow. The wired seems unaffected by all this unless it tries to talk with a wireless client.

I took a pic of a continuous ping running the router page. Notice the poor signals, and these devices are basically in a 15ft. raidius of the router, and have worked for 5 months (since August 10 last year) with 0 config changes. Also you'll see that the pings are very strange. This was from a Vista laptop. The XP desktop and XP laptop show the same results.

http://img353.imageshack.us/img353/6764/networkgd0.jpg

 

[spidey07]

Sounds like interference. Change channels. Your ping replies are very troubling, looks like you have duplicate IP addresses some how or another router on your network (proxy arp). (notice the reply from .125 of destination unreachable) Your driver or stack may also be fubarred.

Basically this looks like a configuration problem, not a network problem.

 

[heymrdj]

I see, well I'll do some channel changing tomorrow. Also will bring in a laptop that's never seen the router before, see how it acts on the network. I'll let you know after more diagnosing tomorrow .

 

[fwei]

Do you have dd-wrt or tomato on it? If so run a site survey and see which channels the neighbor routers are on, and pick the one that is least used (1, 6, 11).
If not then use net stumbler and see which channels are being used.
Stick with 1,6, and 11 unless there is a huge reason to use the interemediate channels.


and try a router reset, and put your settings back in. Sometimes the router firmware will slowly glitch up.

 

[heymrdj]

I've reset it up 3 times now, it's running DD-WRT. I'm starting to check out the channels now. I'm pretty sure it's setup related now as the IP's never are pointing right. The computers will ping themselves and stupid junk like that. But it can't be the computers themselves because we can jump to the college's wireless network and all will act fine. It's just the settings in this router are somehow screwed up. I'm wanting to say bad DNS or gateway pointing, but I'm not sure. The router is just using DHCP mode to pull and IP from the campus network.

 

[spidey07]

If this is a college campus your router could very well be attacked by the college network and wireless system.

You are considered a rogue access point and the system is trying to stop it and stop clients from joining it.

 

[heymrdj]

Originally posted by: spidey07
If this is a college campus your router could very well be attacked by the college network and wireless system.

You are considered a rogue access point and the system is trying to stop it and stop clients from joining it.

Sounds strangely fun .

 

[fwei]

Originally posted by: spidey07
If this is a college campus your router could very well be attacked by the college network and wireless system.

You are considered a rogue access point and the system is trying to stop it and stop clients from joining it.

If that is the case, then you need to connect directly using one of your computers. Get it authorized and setup. Then tell dd-wrt to copy the computer's mac address. Thus the campus network will see one device with an already known mac address. All your devices will be behind a NAT.

 

[spidey07]

Originally posted by: fwei

Originally posted by: spidey07
If this is a college campus your router could very well be attacked by the college network and wireless system.

You are considered a rogue access point and the system is trying to stop it and stop clients from joining it.

If that is the case, then you need to connect directly using one of your computers. Get it authorized and setup. Then tell dd-wrt to copy the computer's mac address. Thus the campus network will see one device with an already known mac address. All your devices will be behind a NAT.

That's not going to stop the rogue detection and mitigation. They probably did an upgrade over christmas. Now that I know it's on a college campus it make that possibility much more likely and the symptoms make sense. The system actively interferes with not only the RF, but the management frames used for clients to connect to his AP.

 

[fwei]

Originally posted by: spidey07

Originally posted by: fwei

Originally posted by: spidey07
If this is a college campus your router could very well be attacked by the college network and wireless system.

You are considered a rogue access point and the system is trying to stop it and stop clients from joining it.

If that is the case, then you need to connect directly using one of your computers. Get it authorized and setup. Then tell dd-wrt to copy the computer's mac address. Thus the campus network will see one device with an already known mac address. All your devices will be behind a NAT.

That's not going to stop the rogue detection and mitigation. They probably did an upgrade over christmas. Now that I know it's on a college campus it make that possibility much more likely and the symptoms make sense. The system actively interferes with not only the RF, but the management frames used for clients to connect to his AP.

How would it interfere with clients behind his router? It can't see anything past his router.

 

[spidey07]

Originally posted by: fwei
How would it interfere with clients behind his router? It can't see anything past his router.

Oh absolutely it can, does and will. It can see and interfere with ANY wireless communication.

 

[heymrdj]

I got it fixed . It was as I thought, a router setup issue. The router was acting as it's own DNS server instead of just passing GSW's DNS information to the devices. Turned off the router's DNS servers ect so that it just passed along what it got, and voila, all it good . Vista laptop and XP Pro desktop certified working, I'll get an HTC Touch test and the other Vista laptop done when they get home from work. Thank you everyone for their input . I'll update again later.

 

[fwei]

Originally posted by: spidey07

Originally posted by: fwei
How would it interfere with clients behind his router? It can't see anything past his router.

Oh absolutely it can, does and will. It can see and interfere with ANY wireless communication.

wait. what? Now it'll interfere with wireless communication? Are you saying the school is implementing wireless jamming of some sort?
What school are you going to? NSA Cadet school?

 

[skyking]

Originally posted by: heymrdj
I got it fixed . It was as I thought, a router setup issue. The router was acting as it's own DNS server instead of just passing GSW's DNS information to the devices. Turned off the router's DNS servers ect so that it just passed along what it got, and voila, all it good . Vista laptop and XP Pro desktop certified working, I'll get an HTC Touch test and the other Vista laptop done when they get home from work. Thank you everyone for their input . I'll update again later.

oops

 

[Aarondeep]

Originally posted by: fwei

Originally posted by: spidey07

Originally posted by: fwei
How would it interfere with clients behind his router? It can't see anything past his router.

Oh absolutely it can, does and will. It can see and interfere with ANY wireless communication.

wait. what? Now it'll interfere with wireless communication? Are you saying the school is implementing wireless jamming of some sort?
What school are you going to? NSA Cadet school?

This is a very common tactic with new corporate/campus wireless gear. I have seen this option on a recent TZ180 sonicwall I setup.

http://en.wikipedia.org/wiki/W...usion_detection_system

This is not uncommon these days. I have heard of others on this forum having issues with a local public school attacking the home access point due to misconfiguration on the schools systems. Educate yourself before arguing.

 

[fwei]

Originally posted by: aarondeep

Originally posted by: fwei

Originally posted by: spidey07

Originally posted by: fwei
How would it interfere with clients behind his router? It can't see anything past his router.

Oh absolutely it can, does and will. It can see and interfere with ANY wireless communication.

wait. what? Now it'll interfere with wireless communication? Are you saying the school is implementing wireless jamming of some sort?
What school are you going to? NSA Cadet school?

This is a very common tactic with new corporate/campus wireless gear. I have seen this option on a recent TZ180 sonicwall I setup.

http://en.wikipedia.org/wiki/W...usion_detection_system

This is not uncommon these days. I have heard of others on this forum having issues with a local public school attacking the home access point due to misconfiguration on the schools systems. Educate yourself before arguing.

Wow. I've never seen this before. I don't understand why schools would spend so much money to bother. btw, What's the range on this? What if you live close to the school? Wouldn't it kill APs that it has no control over?

 

[spidey07]

Originally posted by: fwei
Wow. I've never seen this before. I don't understand why schools would spend so much money to bother. btw, What's the range on this? What if you live close to the school? Wouldn't it kill APs that it has no control over?

Because rogue APs are very detrimental to a wireless network and a HUGE security hole. Not to mention they kill performance in the area they are in. If you know what you are doing to can trick clients to join you instead of the "real" wireless network, proxy them and record their data and the client is none the wiser.

You have maps that show where the rogue access points are and you can set boundaries on what is attacked.

 

[thecoolnessrune]

Yeah, I can fully understand why they do it. It really sucks too in a way. I mean, the only reason this is done is because the wireless in this wing of their "brand new" apartment complex is absolutely awful. With dead spaces everywhere along with it going out campus wide for hours at a time several times a week.

Other reason is the same reason rogue detection is implemented by the schools. We can't trust the idiots here. We wanted to make our printer accessible on the network to our roommates but we can't just put it on the network because soon enough some asshole would spam the printer with a 1000 pages saying "FUCK YOU!"

It's all really silly that most of the problems with campus policies and networks is because people are such freaking idiots. :|

 

[UMfanatic]

I recently have had the a similar problem with this router, although mine wasn't that it got slow and then kicked everyone off it just stopped connecting to the internet. I have tried several things including switching it from a gateway to a router, and back, I have also tried it on someone else' internet. Alas I think it is just old age that finally gets the best of this router unless anyone else has a better conclusion.

 

[fwei]

Originally posted by: spidey07

Originally posted by: fwei
Wow. I've never seen this before. I don't understand why schools would spend so much money to bother. btw, What's the range on this? What if you live close to the school? Wouldn't it kill APs that it has no control over?

Because rogue APs are very detrimental to a wireless network and a HUGE security hole. Not to mention they kill performance in the area they are in. If you know what you are doing to can trick clients to join you instead of the "real" wireless network, proxy them and record their data and the client is none the wiser.

You have maps that show where the rogue access points are and you can set boundaries on what is attacked.

I fully understand why they would implement/need such a feature, but I never thought it would be cost effective or even widespread.
Do you know much about this? I'm curious as to how it works exactly.
What about wireless networks that are localized but located within the school?
Also wouldn't multiple NATs effectively "hide" the wireless AP? I mean, if there are multiple NATs the AP has to go through, how would the network determine that it is part of it?

Sorry for hijacking the thread, but I'm interested in how this jamming stuff works now.

 

[fwei]

Originally posted by: thecoolnessrune
Yeah, I can fully understand why they do it. It really sucks too in a way. I mean, the only reason this is done is because the wireless in this wing of their "brand new" apartment complex is absolutely awful. With dead spaces everywhere along with it going out campus wide for hours at a time several times a week.

Other reason is the same reason rogue detection is implemented by the schools. We can't trust the idiots here. We wanted to make our printer accessible on the network to our roommates but we can't just put it on the network because soon enough some asshole would spam the printer with a 1000 pages saying "FUCK YOU!"

It's all really silly that most of the problems with campus policies and networks is because people are such freaking idiots. :|

Isn't there a way to set a password on the printer? (I'm not familiar with your situation, so this is a total guess)

 

[spidey07]

Originally posted by: fwei


I fully understand why they would implement/need such a feature, but I never thought it would be cost effective or even widespread.
Do you know much about this? I'm curious as to how it works exactly.
What about wireless networks that are localized but located within the school?
Also wouldn't multiple NATs effectively "hide" the wireless AP? I mean, if there are multiple NATs the AP has to go through, how would the network determine that it is part of it?

Sorry for hijacking the thread, but I'm interested in how this jamming stuff works now.

Most enterprise solutions have rogue detection and mitigation. I'm most familiar with Cisco's stuff and have designed solutions ranging from 50 to 1000 APs. If you want to learn more go to their site and read your heart out. There are other ways to detect people putting routers in and that's why they aren't allowed - all the problems they can cause. Doubly so for wireless.

It is VERY widespread as at least for the cisco solution it is all included, you don't have to buy anything else.

 

[Engineer]

Wow, cool stuff. Thanks to Spidey, I've got much more of an appreciation for the networking and IT guys!