Topic 'Re: Wireless setup with my new WRT54GS' in forum 'Wireless Networking' - dslreports.com

Re: Wireless setup with my new WRT54GS

Fri, 24 Jun 2005 21:56:16 EDT

illJazz posted : Your discussion is interesting, but extremely OT. Oh well. I guess this thread fulfilled its purpose anyway.

:)

Re: Wireless setup with my new WRT54GS

Fri, 24 Jun 2005 21:45:15 EDT

Komputerguy posted : I guess we just have to agree to disagree. You may think that you can pull this off consistently with less than a second error or less than .1 percent error on data rate recording, but I disagree. You can't combine the two and make it 6oo seconds. Your method is basically doing two 300 second measurements. Your measurement implied accuracy of at least .1 percent. Even at one only second error over 600 seconds (which is very unlikey, IMO), you've exceeded that. If you eliminate the stopwatch effect by starting the data transfer beforehand and stopping watch before it's done, you still have inaccuracy between the data values that you record when you start and stop the stopwatch which gives a similar effect for error that it would be for starting and stopping the stopwatch. Using the computer to do this work for you is much more accurate and eliminates these human errors. And if you think about it, if the person can handle setting up an encyrpted wireless network, they should easily be able to handle setting up something like SpeedTest from racoonworks, it is just not that hard. I used it right after I made the post. It took me less than 5 minutes to set up.

I'd agree that wstccp is more for technically adept people. When I first starting to use it, it took me quite a while to get the hang of it. But I was after something different - raw throughput across my wired LAN. I found that there was significant difference in the performance of (tuned) TCP stacks among the various Windows OS's. I finally found that using the UDP transfer largely removed this effect and gave me results that were much closer to the true raw real world throughput of the LAN.

wsttcp is even more accurate than SpeedTest. It uses RAM to send and recieve data in the transfer. This eliminates potential erroneous results due to hard drive data transfer rates influencing the outcome. If you have a new computer with a nice fast hard drive this may not be too much of an issue, but it can be a significant influence with an older machine.

--

What can possibly go wrong?

Re: Wireless setup with my new WRT54GS

Fri, 24 Jun 2005 15:41:11 EDT

funchords posted :

said by Komputerguy:

No, a stop watch is not an accurate measurement in this case. Not for the accuracy that you were reporting. And certainly not exactly accurate. There are areas of significant error. For example, how do you know that you started the stopwatch exactly when the data transfer started?

Actually, you start the stopwatch when you press "Reset" ... you start the datastream first so that you're timing throughput, not ramp-up time.

If you're off by one second once during the test, then you're off by 1/600th of the test -- less than one half of one percent.

If your reaction time is such that you're off by several seconds, you probably shouldn't be driving a car. :D:o:p:)

Remember what we're testing here -- how encryption affects throughput on someone's personal AP. This isn't a test you'd run long term or passively. And, by the time you find a tool that new users can understand and trust, you can have the more manual method done.

I personally use Ixia Qcheck for my network sanity checks. It works and I'm going to keep it because I already have it deployed throughout my home LAN, but I'm not extremely fond of it (it uses extremely small TCP samples). So I wouldn't make it a strong recommendation for other technical people and I definitely wouldn't recommend it to a user who doesn't know the difference between TCP and UDP.
--
Robb Topolski
http://www.funchords.com/
Hillsboro, Oregon USA
Kindness is treating someone better than they deserve.

Re: Wireless setup with my new WRT54GS

Fri, 24 Jun 2005 09:01:08 EDT

Komputerguy posted : No, a stop watch is not an accurate measurement in this case. Not for the accuracy that you were reporting. And certainly not exactly accurate. There are areas of significant error. For example, how do you know that you started the stopwatch exactly when the data transfer started? There is no way you can. There is latency when you click the button (or whatever) to start the application for data transfer, there is latency between when the there is anything displayed visually, and when the transfer actually started. Only the application internally itself can do that accurately. Same thing with stopping. Multiple latency problems. Also on with your method, you have to keep track of the data transferred, which also introduces another source of error. There can be several seconds of error on both ends. Now it may be marginally ok to get a rough order of magnitude idea of data transfer, but I am extremely dubious on the idea that it could consistently and accurately measure data transfer differences down to the tenth of a percent. Over a 5 minute period a error as small as only 1 second would represent over 3 tenths of a percent of error. This method could easily procduce several seconds of error.

A stopwatch is not an integrated part of a software application that both tracks the data transferred and the elapsed time simultaneously.

With respect to the numbers suggested, there is some statistical scientific basis for the concept of doing large samples several times and averaging to reduce the effect of error. As far as the exact numbers, no there is no formula involved in my suggestions. But using just 1 measurement is not a good idea.

Yes, there are advantages to your method. My issue is that it is tradeoff between accuracy and simplicity. There are other applications that are much easier to use than wsttcp. I found a handful of them about 2 years ago. If anyone is interested I can try to dig them up. One I just found is called SpeedTest at »www.raccoonworks.com but I haven't really tried to use it so I don't know how well it works.

There are also multiple applications available that are simple Bandwidth measurement utilities that passively track bandwidth and accurately report data rates over a secified period of time that would work better than a stopwatch.
--

What can possibly go wrong?

Re: Wireless setup with my new WRT54GS

Fri, 24 Jun 2005 00:47:02 EDT

funchords posted :

said by Komputerguy:

That's going to have a lot of inaccuracy in it.

With respect, no, it's exactly accurate.

said by Komputerguy:

You need to do a complete large (>100 MB) transfer multiple times (probably at least 5) for each configuration and take an average of both configurations.

If you are getting at least 300 KBps, the test I recommended transfers 180 MB (90 MB in each direction). Running it for 5 minutes in each direction is a hedge against network instability -- which is probably the same reason you recommend running it multiple times.

Neither of us has any scientific basis for these amounts and durations. It's more finger in the wind, "Two is not enough, 8 is too much -- how about 5?"

said by Komputerguy:

Don't use a stopwatch. Use an application that keeps track of the elapsed time.

A stopwatch is an application that keeps track of the elapsed time.

said by Komputerguy:

There are several small applications that benchmark local network throughput. The best one I found was wsttcp at »www.pcausa.com/Utilities ··· ttcp.htm

I appreciate the tip. I went to the page. It could be good, I haven't tried it. But after reading the page and the history, I'm not sure Joe Everyday User would understand what it does and what the results mean.

My way is simple to understand, completely transparent as to how it is implemented, open to critique (as you have done), is repeatable, and uses no unusual tools other than those readily available.

I find tools are often used as a substitute for processes. Because of that tendancy, we use the tool and become satisfied that we have done something, when in fact we haven't accomplished it. (Examples: MAC filtering and SSID hiding in the "Security" section of most wireless routers.)

The advantage my test has is that even a brand new user can understand how to do it and understand why it is right.

The disadvantage my way has over "Use Tool X" is that mine is more labor intensive. (If I had to run such tests more than once, I'd automate it or find a tool with an open methodology).
--
Robb Topolski
http://www.funchords.com/
Hillsboro, Oregon USA
Kindness is treating someone better than they deserve.

Re: Wireless setup with my new WRT54GS

Thu, 23 Jun 2005 18:41:28 EDT

Komputerguy posted :

said by funchords:

said by illJazz:

How can you measure that?

Make sure your network is relatively quiet. This includes channel users in the surrounding neighborhood (don't do this during prime time).

Use the Networking tab on Task Manager (taskmgr.exe), and then do View - Choose Columns, and choose Bytes Received and Bytes Sent.

Start a file copy of a movie file from a wired machine on the router to your wireless machine.

Click File, Reset and start a stopwatch. At 5 minutes, record the number of bytes received.

Start a file copy of a movie file to the wired machine on the router from your wireless machine.

Click File, Reset and start a stopwatch. At 5 minutes, record the number of bytes sent.

That's going to have a lot of inaccuracy in it. You need to do a complete large (>100 MB) transfer multiple times (probably at least 5) for each configuration and take an average of both configurations. Don't use a stopwatch. Use an application that keeps track of the elapsed time. There are several small applications that benchmark local network throughput. The best one I found was wsttcp at »www.pcausa.com/Utilities ··· ttcp.htm
--

What can possibly go wrong?

Re: Wireless setup with my new WRT54GS

Thu, 23 Jun 2005 18:30:25 EDT

Komputerguy posted :

said by GeeTek1:

If you have things on your computer that are valuable and sensitive enough for an experienced hacker to want to crack basic security to get, wouldn't it be better to let him crack it and get what he wants ? If you enable the high power encryption to keep out these "Tough Guy" hackers, then they will be coming through your window at 3 in the morning and stealing the whole CPU anyway. Get real. Ask yourself who you are hiding from and why. If it is all that serious then you would not even want to be using wireless. Run fiber optics for best security, or at least CAT5 ! There is way too much ado about this paranoia over security.

Let us know when you get off the crack pipe.
--

What can possibly go wrong?

Re: Wireless setup with my new WRT54GS

Thu, 23 Jun 2005 16:25:02 EDT

TranceAddict2 posted : thanks for all the info , gentlemen.... well, i am gonna enable it now and check it out.... i'll post again soon and let you know how it turns out....

Jason

Re: Wireless setup with my new WRT54GS

Thu, 23 Jun 2005 03:33:37 EDT

illJazz posted : Hmmmm.. sounds like a method like that could be plaged by inaccuracy due to so many factors being involved, but maybe it is fairly accurate. Since I only have my laptop, I won't be able to do any such testing. Thanks for explaining though. I may be able to do it later.
--
IMHO. As always.
Opera!
DonationCoder.com - Excellent Software Discussion/Review Site

Re: Wireless setup with my new WRT54GS

Thu, 23 Jun 2005 02:23:41 EDT

funchords posted :

said by illJazz:

How can you measure that?

Re: Wireless setup with my new WRT54GS

Thu, 23 Jun 2005 00:32:41 EDT

illJazz posted :

said by funchords:

said by TranceAddict2:

thanks for the info... ok, another quickie question. does enabling encryption slow the connection at all?

Yes, but it's negligible. It's also going to depend on your product. On my D-Link (mostly) gear, encryption slows me down by 2.5 percent.

How can you measure that?
--
IMHO. As always.
Opera!
DonationCoder.com - Excellent Software Discussion/Review Site

Re: Wireless setup with my new WRT54GS

Wed, 22 Jun 2005 23:50:14 EDT

funchords posted :

said by TranceAddict2:

thanks for the info... ok, another quickie question. does enabling encryption slow the connection at all?

Yes, but it's negligible. It's also going to depend on your product. On my D-Link (mostly) gear, encryption slows me down by 2.5 percent.
--
Robb Topolski
http://www.funchords.com/
Hillsboro, Oregon USA
Kindness is treating someone better than they deserve.

Re: Wireless setup with my new WRT54GS

Wed, 22 Jun 2005 23:47:33 EDT

illJazz posted :

said by TranceAddict2:

thanks for the info... ok, another quickie question. does enabling encryption slow the connection at all?

From what I've read, it's supposed to, very slightly, but I notice none of it. It's fast :)
I guess you just gotta try it and decide that way.
--
IMHO. As always.
Opera!
DonationCoder.com - Excellent Software Discussion/Review Site

Re: Wireless setup with my new WRT54GS

Wed, 22 Jun 2005 23:32:45 EDT

TranceAddict2 posted : thanks for the info... ok, another quickie question. does enabling encryption slow the connection at all?

Re: Wireless setup with my new WRT54GS

Sun, 19 Jun 2005 19:28:36 EDT

alex4life posted :

I'd be more worried about someone using my bandwidth for illegal activities than stealing my data.
--
"For in the final analysis, our most basic common link is that we all inhabit this small planet, we all breathe the same air, we all cherish our children's future, and we are all mortal." - John F. Kennedy

Re: Wireless setup with my new WRT54GS

Sun, 19 Jun 2005 18:22:51 EDT

Anav posted :

YOur being unreasonable, WPA-PSK provides reasonable security for the home owner, and they then can go about using the net without worrying. Its not necessary to run fibre!! I think most people may not have the secret codes to Fort Knox, but they could have some private information, pictures and generally don't want someone poking about in their hard drive or certainly erasing their hard drive. The advice given by Vincent/SW Bill&Co. is very sound, no need to be extreme!!!
--
Ain't nuthin but the blues! "Albert Collins". Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner" LlamaWorks Equipment

Re: Wireless setup with my new WRT54GS

Sun, 19 Jun 2005 18:19:14 EDT

Anav posted :

said by TranceAddict2:

ok, since i have a relatively new wireless network of my own i have a question too.... i am using a linksys WTG54G, no encryption and just mac address filtering... how can this be almost pointless as the poster above says. how easy is it to just clone a mac address? how would someone get the mac adderess of my wireless notebook card?

Very easily. Just use WPA and get on with using the internet (strong random key of at least 25 characters).
--
Ain't nuthin but the blues! "Albert Collins". Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner" LlamaWorks Equipment

Re: Wireless setup with my new WRT54GS

Sun, 19 Jun 2005 09:27:50 EDT

illJazz posted : Hehe.. I just put up a new WPA shared key... nobody will be cracking that one anytime soon. 400bit encryption, looks something like this:

-j}zcwiv8RkT_NmR!qEb#a}Hz]Ew@CJj;H%!tc+;Ya![.u&

Of course that's not it. That's just another random-generated one :p

--
IMHO. As always.
Opera!
DonationCoder.com - Excellent Software Discussion/Review Site

Re: Wireless setup with my new WRT54GS

Sun, 19 Jun 2005 09:27:18 EDT

illJazz posted : meh.. double-post

Re: Wireless setup with my new WRT54GS

Mon, 13 Jun 2005 22:08:01 EDT

Talon88 posted : :::

I think for a Adv. User take 10 sec, a normal user
take 300 sec to clone your mac address.

:::

said by TranceAddict2:

how easy is it to just clone a mac address? how would someone get the mac adderess of my wireless notebook card?

--
[=Talon88=]
»DI-624 Firmware update w/ Crash Recovery Step by S --
»[Info] Some Clue about DI-624 Reboot

Re: Wireless setup with my new WRT54GS

Mon, 13 Jun 2005 22:03:34 EDT

illJazz posted :

Read this: »Wireless Security »MAC Address Filtering
It may help.
--
IMHO. As always.
Opera!
DonationCoder.com - Excellent Software Discussion/Review Site

Re: Wireless setup with my new WRT54GS

Mon, 13 Jun 2005 21:59:14 EDT

TranceAddict2 posted : ok, since i have a relatively new wireless network of my own i have a question too.... i am using a linksys WTG54G, no encryption and just mac address filtering... how can this be almost pointless as the poster above says. how easy is it to just clone a mac address? how would someone get the mac adderess of my wireless notebook card?

Re: Wireless setup with my new WRT54GS

Sun, 12 Jun 2005 22:10:25 EDT

illJazz posted : Of course. All an average home networking user like me needs is a solid and enabled encryption mechanism, which I have. I have nothing sensitive enough in my possession that would make it worthwhile for any hacker in the world to break into my network and system. Besides, even if a hacker were to get on my system, all my important data like bank account information and passwords of things are 128-bit encrypted as well.
It is extremely unlikely that anybody would want to go through the trouble of trying to break through my network's WPA/AES enabled encryption security layer, so I'm not in the least bit worried. And for now, as I said, I have wireless disabled and use plain, good old ethernet :)
--
IMHO. As always.
Opera!
DonationCoder.com - Excellent Software Discussion/Review Site

Re: Wireless setup with my new WRT54GS

Sun, 12 Jun 2005 21:52:10 EDT

GeeTek1 posted : If you have things on your computer that are valuable and sensitive enough for an experienced hacker to want to crack basic security to get, wouldn't it be better to let him crack it and get what he wants ? If you enable the high power encryption to keep out these "Tough Guy" hackers, then they will be coming through your window at 3 in the morning and stealing the whole CPU anyway. Get real. Ask yourself who you are hiding from and why. If it is all that serious then you would not even want to be using wireless. Run fiber optics for best security, or at least CAT5 ! There is way too much ado about this paranoia over security.

Re: Wireless setup with my new WRT54GS

Sun, 12 Jun 2005 21:51:40 EDT

illJazz posted :

said by heavyjay:

FC,
Was it you who said SSID hiding was like trying to make your house invisible by turning off the porch light?

Me? No. I'm new to all this. All you need to do is read this thread, and you'll find enough references that could be understood just that way :)
I for one, have learned. My SSID broadcast is turned on again, although at the moment I've turned wireless off completely on the router because I'm simply not using it. No need of exposing my network for no reason.
--
IMHO. As always.
Opera!
DonationCoder.com - Excellent Software Discussion/Review Site

Re: Wireless setup with my new WRT54GS

Sun, 12 Jun 2005 21:27:07 EDT

heavyjay posted : FC,
Was it you who said SSID hiding was like trying to make your house invisible by turning off the porch light?

Re: Wireless setup with my new WRT54GS

Sat, 11 Jun 2005 13:56:33 EDT

illJazz posted : Thanks. I'll try that. I didn't create a profile for this guy's network. I made sure to use the CONNECT ONE TIME option. Somehow, I was still always connected when turning the wireless back on. I'll see what I can do. Thanks

Re: Wireless setup with my new WRT54GS

Sat, 11 Jun 2005 13:54:15 EDT

Mem posted : You wireless connection should have an area for profiles that you have developed for networks you have connected to in the past. Delete the profile for the unwanted network from this 'prefered' list which usually connects in order of top to bottom if the network is present. That will stop the auto connect on restart.

Edit: You may also be able to reorder them so your network is the first one to connect to.

Re: Wireless setup with my new WRT54GS

Sat, 11 Jun 2005 13:51:09 EDT

illJazz posted :

said by funchords:

said by illJazz:

Also.. someone please answer the early question in this thread about DISCONNECTING from a wireless network using an Intel 2200BG wireless card. I can't believe I can't find such a simple thing. I have a connect button and profiles for auto-connection but not even a simple disconnect button/option!? What's that!?

One of my laptops has an Intel card. There should be a button to turn the wireless radio off/on (there may be an external button as well). That is your disconnect.

I do have that button. But when I did that test earlier today, the test of connecting to this random dude's WLAN network and surfing the web, (test was successful!), my Intel Proset software would always say I'm connected. If I hit the button to disable wireless and then re-enabled, it would automatically reconnect to that dude's network. Know what I mean? In other words, I had no means of getting OFF of his network.. and getting back onto my own :/
--
IMHO. As always ;)
Opera!
Trillian
Like to argue? Have something to say? Well, come and tell us at debatement.com! :)

Re: Wireless setup with my new WRT54GS

Sat, 11 Jun 2005 13:45:46 EDT

funchords posted :

One of my laptops has an Intel card. There should be a button to turn the wireless radio off/on (there may be an external button as well). That is your disconnect.
--
Robb Topolski
http://www.funchords.com/
Hillsboro, Oregon USA

Re: Wireless setup with my new WRT54GS

Sat, 11 Jun 2005 13:05:44 EDT

illJazz posted :

said by Mem:

So you are not going to use any encryption on your WLAN?

If you are going to use encryption, novices will not be able to get through and hackers will not if you are using WPA. With WPA in use there is no reason for turning off SSID beaconing and using MAC filtering. Those would be just another layer that your clients have to work through that isn't necessary.

I'd suggest using WPA in all cases it's available to you. I even include the channel in my SSID so others not knowing how to use netstumbler will see the channel in use and go to someone else's to interfere.

edit: AES (AKA WPA2 or CCMP) is the better encryption technique if your router and cards can handle it.

If you assumed I was not going to use any encryption because of the typo in my last post, I apologize. I fixed it. I said I'm using WPA already!
Thanks for the info on AES. I just turned AES on. The only thing is.. how to make a secure key for it? Right now, I'm using a very obvious word, (not in the dictionary), followed by 8 integers. Should I leave it at that or somehow find a method to generate a more secure key?

I think what I'm doing here is waaaaaaay overkill, but why not lock down the network as good as I possibly can? :)

Also.. someone please answer the early question in this thread about DISCONNECTING from a wireless network using an Intel 2200BG wireless card. I can't believe I can't find such a simple thing. I have a connect button and profiles for auto-connection but not even a simple disconnect button/option!? What's that!?

I just disabled MAC filtering and re-enabled the SSID broadcast. But I also upped the encryption method to WPA AES.
--
IMHO. As always ;)
Opera!
Trillian
Like to argue? Have something to say? Well, come and tell us at debatement.com! :)

Re: Wireless setup with my new WRT54GS

Sat, 11 Jun 2005 13:01:49 EDT

funchords posted : Neither TKIP or AES have been broken. TKIP is subject to brute force attacks, so choose a difficult passphrase containing non-dictionary words and you'll be fine. AES is allegedly better, but I'll have to let someone else explain why. Again, neither have ever been broken.

There is no such thing as SSID hiding. It's SSID forging. Basically, your beacons have the ASCII NUL characters where your SSID should be. You are still broadcasting your presence. Some wireless software may expect your SSID in your beacon broadcast -- so to avoid a troubleshooting complication later, don't use this gimmick now.
--
Robb Topolski
http://www.funchords.com/
Hillsboro, Oregon USA

Re: Wireless setup with my new WRT54GS

Sat, 11 Jun 2005 12:56:29 EDT

Mem posted : So you are not going to use any encryption on your WLAN?

If you are going to use encryption, novices will not be able to get through and hackers will not if you are using WPA. With WPA in use there is no reason for turning off SSID beaconing and using MAC filtering. Those would be just another layer that your clients have to work through that isn't necessary.

I'd suggest using WPA in all cases it's available to you. I even include the channel in my SSID so others not knowing how to use netstumbler will see the channel in use and go to someone else's to interfere.

edit: AES (AKA WPA2 or CCMP) is the better encryption technique if your router and cards can handle it.

Re: Wireless setup with my new WRT54GS

Sat, 11 Jun 2005 12:52:02 EDT

illJazz posted : I currently have MAC filtering on, SSID hiding on, AND WPA using TKIP. So I don't know the answer to that question.. if I have WAP on, should I just enable the SSID broadcast again?

And what's "better".. TKIP or the other one.. AES or whatever it is?

EDIT:
Huge typo correction. Not "WAP", but "WPA!"
--
IMHO. As always ;)

Opera!

Trillian

Like to argue? Have something to say? Well, come and tell us at debatement.com! :)

Re: Wireless setup with my new WRT54GS

Sat, 11 Jun 2005 12:50:07 EDT

vincentfox posted : Back to my original point though:

If he has WPA turned on, what is the point of SSID hiding?

None at all. SSID hiding is a form of security by obscurity. It takes relatively few more clicks to turn on good encryption. And as I pointed out, and there are links in that article, SSID hiding can cause issues. So why use it again? I much prefer to have my SSID be street address or something useful. Mine is set to »HomeParkWiFi.net so people can look up our web page. YMMV.

Re: Wireless setup with my new WRT54GS

Sat, 11 Jun 2005 12:46:35 EDT

illJazz posted : The first "talkback" response to that blog vincentfox linked to is really good:

said by some dude, name at the end:
Stupid, but not worse than nothing.
Security by obscurity = bad. Sure.
We should all use WPA. Sure.

But in a world of only WEP. All I want to do is protect my home WiFi as much as I can from people driving by with netstumbler, or the curious neighbors down the block.

Sure in theory turning off SSID broadcast and enabling MAC filtering does nothing. But in practice at least it is something. It makes it at least a little less likely that someone is even going to see the access point. And even if they do are they going to spend 1 minute to probe the SSID then 2 minutes trapping a MAC then 5 or so minutes cracking the WEP key or are they just going to use the fully open "out of the box" point down the road?

If you have no locks on your doors the house is not safe. Would anyone argue that it makes no difference if you put a sign out the front of that house that says "There are no locks on this house"?

Final word: Use WPA.
Posted by: davidkclark Posted on: 05/27/05

Makes purrfect sense to me. Yeah, hackers can break into your network.. but I dobut there's hackers in every other household. So, even though MAC address filtering and SSID hiding might not be effective against experienced hackers, they sure are effective for just about everyone else. I mean, I'm a very tech-savvy person, and I know more about technology and computers than anyone I personally know, and yet I would have NO CLUE how to get past even such simple measures as SSID hiding or MAC address filtering. See my point? And that guy's point? So, while it's not worth much if some seasoned hacker is going to break into your network... it makes a lot of sense to keep it on for everyone else. And let's be real.. what are the chances that some really experienced hacker will attempt to break into your network?
--
IMHO. As always ;)
Opera!
Trillian
Like to argue? Have something to say? Well, come and tell us at debatement.com! :)

Re: Wireless setup with my new WRT54GS

Sat, 11 Jun 2005 12:40:57 EDT

funchords posted :

said by illJazz:

Wow.. scary stuff. I just can't believe that Linksys is telling me to do all this in order to secure my network.. in their own userguide, when these methods are so obviously flawed. Again: wowzers.

Welcome to Marketing! Our motto is, "Misinformation to give you that Warm, Fuzzy Feeling!"
--
Robb Topolski
http://www.funchords.com/
Hillsboro, Oregon USA

Re: Wireless setup with my new WRT54GS

Sat, 11 Jun 2005 12:13:30 EDT

Bill posted : MAC Filtering does very little, since others can find a valid MAC then clone their card to the same.

See »Wireless Security »MAC Address Filtering
--
Xfire
Folding Monitor

Re: Wireless setup with my new WRT54GS

Sat, 11 Jun 2005 12:10:09 EDT

illJazz posted :

said by vincentfox:

Stick with Linksys firmware since you are doing basic AP setup. If you wanted WDS or something else fancy I would recommend SveaSoft, but you aren't. Don't make things complicated if you don't have to.

The channel set on the AP is fixed. However your client simply looks for an SSID you prefer, and scans all channels to find it. If you set your AP to same channel as his, you will have interference problems. Separate by at least 5 channels.

Preferred SSID is something you set in your client utility. I know where it is in WinXP Zero Config utility, but not for yours. You'll have to poke around to find this list and put your own SSID at top of list so it is always preferred, and remove his.

Also, not broadcasting your SSID is in my opinion pointless. It offers no security and in fact may create problems with some client utilities being very slow to connect. Enable it and use encryption. See this article:

»ZDNet:: 6 dumbest ways to secure a WiFi LAN

Wowzers!! Thanks for that read. Daaamn.. I had no idea! Guess I'm turning SSID broadcasting back on.. and what to do with the mac-filtering? Disable it completely or leave it on? Wow.. scary stuff. I just can't believe that Linksys is telling me to do all this in order to secure my network.. in their own userguide, when these methods are so obviously flawed. Again: wowzers.
--
IMHO. As always ;)
Opera!
Trillian
Like to argue? Have something to say? Well, come and tell us at debatement.com! :)

Re: Wireless setup with my new WRT54GS

Sat, 11 Jun 2005 11:52:04 EDT

vincentfox posted : Stick with Linksys firmware since you are doing basic AP setup. If you wanted WDS or something else fancy I would recommend SveaSoft, but you aren't. Don't make things complicated if you don't have to.

The channel set on the AP is fixed. However your client simply looks for an SSID you prefer, and scans all channels to find it. If you set your AP to same channel as his, you will have interference problems. Separate by at least 5 channels.

Preferred SSID is something you set in your client utility. I know where it is in WinXP Zero Config utility, but not for yours. You'll have to poke around to find this list and put your own SSID at top of list so it is always preferred, and remove his.

Also, not broadcasting your SSID is in my opinion pointless. It offers no security and in fact may create problems with some client utilities being very slow to connect. Enable it and use encryption. See this article:

»ZDNet:: 6 dumbest ways to secure a WiFi LAN

Re: Wireless setup with my new WRT54GS

Sat, 11 Jun 2005 05:37:36 EDT

illJazz posted : At first it did not work... (screenshot). Then I checked the info of that network with Intel's Pro Wireless software and found that it operates on channel 6. I changed my adapter settings from channel ad-hoc channel 11 to 6, tried again... and boom. Here I am, posting on DSLR using some random neighbor's wireless network. Aye... scary, I say.

I'm not sure what this has to do with an ad-hoc channel. I thought the default way of accessing a wireless router, (rather than direct-connecting to a different computer with wireless enabled), was the infrastructure mode. So I'm a little confused now, because switching my ad-hoc channel in the adapter settings made it possible for me to use this other guy's connection.

One more thing... why the heck is there no option to DISCONNECT from a network anywhere!? My Intel ProSet Wireless app shows a connect button and lets me connect to a network by double-clicking it in the list... but nowhere do I see a DISCONNECT option. I would now like to disconnect from this guy's router and reconnect to my own router, but CAN'T, because I can't disconnect. Turning wireless off and then back on only causes my laptop to automatically reconnect to the other guy's router :(

Thanks for any help.

EDIT:
Ok.. just to test, I set my adapter's ad-hoc channel back to 11, but I'm still surfing happily on this guy's connection. That leads me to believe that, just as I suspected, the ad-hoc channel setting does nothing concerning my ability to connect to other networks. So I guess upon connection, the system just needs about 20 seconds or so until I can use the connection? I don't know how else to explain my not being able to browse at first, just after having connected to this network for the first time.

EDIT2:
Forgot to mention... about not being able to manually disconnect: you might think that by trying to connect to a DIFFERENT network, (like my own), the software would automatically disconnect from the current network I'm on and then attempt to connect to the new network I selected for connection, but it doesn't. Intel ProSet Wireless just pops up a message saying "Another application is controlling the wireless adapter". But wtf? That's not true. Intel ProSet is my primary application for controlling my Intel 2200 BG wireless adapter. Confusing :(

Re: Wireless setup with my new WRT54GS

Sat, 11 Jun 2005 05:20:57 EDT

illJazz posted : Since I made this first post above, I've done some research myself. I read the whole user-guide for the router and set up my wireless network using WPA and the TKIP encryption method/key.
I am now connected wirelessly and am writing this from a couch that is at the other end of the apartment! This is very exciting :). I disabled SSID broadcasting on the router as well, as was recommended by Linksys' user-guide. My wireless network is the most secure network in the whole area. I found it scary to find a bunch of networks within my range that are obviously run by people who are wholly unaware of not only the proper methods of securing wireless networks, but of *any* such methods. Just check my screenshot to see what I mean:

[att=1]

The first guy's network is not only not locked down by encryption, but he's also obviously using a Linksys router/access-point with the DEFAULT factory-set SSID. Once I put this post up, I'll try to connect through his network just to see if I can. I wonder if it is secured by any other means.

(I know this might be illegal, but I don't care. I just want to see if I can connect to prove my point of that access point/network not being secured properly. After that, I'll disconnect.)

The questions in my first post here still stand. I am using WPA with TKIP right now, but have no idea if that is the preferred/best method.

Thanks!
--
IMHO. As always ;)
Opera!
Trillian
Like to argue? Have something to say? Well, come and tell us at debatement.com! :)

Hmmm

Wireless setup with my new WRT54GS

Sat, 11 Jun 2005 03:43:15 EDT

illJazz posted : I got my Linksys WRT54GS router today at Bestbuy :)

The following is part of my last post in the thread I linked to above. Since the goal/purpose of the aforementioned thread has been reached/fulfilled, I thought it would be a good idea to start a new thread on the following:

I read everything here: »/faq/linksys/2%20Fir.. including all the threads about best firmware listed at the bottom. I conclude that HyperWRT is the best after-market, (why is it called after-market?), firmware for use with the WRT54GS Linksys router.

I certainly don't need the power output increase though. The router is in my room and that's where I always am. I'm just in an apartment and will never even be farther away from the router than what.. 30 feet? Are there any other reasons why I should use HyperWRT over the latest official Linksys firmware? Other than the power-boost, that is?

(Side-question: Then comes a wholly different issue. Since I am on a laptop, I use a software firewall, and that's Outpost Firewall Pro. It's a great software firewall, but how do software firewalls play along with hardware firewalls such as the one that I now have in my router? Should I use both a software AND a hardware firewall? Let me rephrase that. Does it HURT to use both? I suppose there is a point in using both because a hardware firewall does not allow you to easily control outgoing connections. It just blocks what's on the outside.)

Thirdly and most importantly, I'd like to know how I should go about setting up wireless with my new router. When I first did the router-setup, I disabled the wireless access point until I was done with the setup. I then enabled it, and immediately switched on MAC address filtering to allow only my laptop's mac address as it was listed on the Status page of the router's control panel. The one thing I am confused about are the different encryption techniques available. I suppose I *should* use one of the encryption methods, and not use wireless entirely without encryption, correct? If so, what's the best choice in terms of encryption methods? I found this in the router-s' help-page:

said by My Router:
WPA Pre-Shared Key: There are two encryption options for WPA Pre-Shared Key, TKIP and AES. TKIP stands for Temporal Key Integrity Protocol. TKIP utilizes a stronger encrytption method and incorporates Message Integrity Code (MIC) to provide protection against hackers. AES stands for Advanced Encryption System, which utilizes a symmetric 128-Bit block data encryption.

It appears that WPA encryption is the strongest available. So I suppose if I were to use WPA, I should go with the WPA -Pre-Shared Key option in the router setup, correct? If somebody could just walk me through the following very quickly, I would be very thankful:

•TKIP or AES? Why?
•Based on the discussion/answer of the previous point, how to set up either TKIP or AES?
•Anything else I should be aware of?

Thanks a lot for your attention.

The initial setup with the WRT54GS was a breeze. I was up and running in under 10 minutes :)

EDIT:
Formatting changes to make the post more readable/easier to look at.