WirelessPirate.net

Fun without wires

Archive for the ‘wep’ tag

Netgear WGR614 Wireless Cable/DSL Router

without comments

When I came over here, I brought my Netgear DG824M, because I figured that it’d be useful, at the very least as a WAP, hooked off whatever I got sorted out with here, if not as my main DSL modem for my connection here. Instead, it turns out that I got cable, and it didn’t work as a WAP for that, because I couldn’t get it to not act as a DHCP server, and have the cable modem do that part of things, and it didn’t like to play otherwise. So – long story short, I bought a new modem!

Netgear WGR614
Having had a good experience with Netgear products so far, I stuck with them for my new modem, and hunted down a WGR614, which I bought from EBuyer.com. Once I get my rebate, it will have been a $35 router – not bad for something that would probably cost $200 in Australia πŸ™‚

Since I previously had difficulty getting WEP to work with my XP machine, and had been running with it turned off (only using MAC-based restrictions), I figured it would be worth a shot to see if I could get it going using this modem. For some reason, it works! I still don’t know why, but when I turned WEP on, entered the generated key on my PC, laptop and iPAQ, everything Just Workedβ„’.

I thought I was doing really well, had my wireless connection to the ‘net via PC, laptop and iPAQ, when I noticed that I was having problems with my PC – every 5 minutes or so, I would lose my connection to the WAP, then it would reconnect. This wouldn’t have been the end of the world (although it was annoying), but half the time my PC would pick up the connection to the other, un-secured network that’s around here, and connect to that instead. Then there was also the obvious problem of if I was doing a download or upload or gaming or something, a connection that consistently drops out every 5 minutes isn’t much use.

I checked Netgear’s support site for the modem, and downloaded the firmware update for it, which I hoped would fix the problem. I applied the update (no need to re-enter any configuration on the modem BTW, it retained all settings), but the problem persisted.

Just in case, I did a Windows Update to see if it would pick up anything. What do you know, there was an update there for Netgear, under the ‘Driver Updates’ section (not listed in ‘Critical Updates and Service Packs’). I installed it, and hey presto, my connection is clean as now. Haven’t had it drop out now in over 12 hours (which is only how long it’s been installed, so it’s never dropped off since installation).

This makes me happy – it means that now I can actually run WEP, which makes me feel better about having wireless, especially knowing there’s another network within range. I have a solid connection, which my iPAQ, PC and laptop can all share, which is relatively secure, and pretty darned fast. I haven’t bothered optimising the position of my WAP, because it has perfect range into my bedroom and onto my balcony, so there’s no need, and hopefully having it under my desk will reduce the overflow into the street and around the place.

Yay Netgear, yay wireless!

Written by Beau Lebens

July 4th, 2004 at 4:00 pm

Security Preference?

without comments

Here’s a question for anyone out there who’s ‘wireless-security-minded’. If you have to choose between the 2, are you better off having WEP enabled on an access point, or only allowing trusted stations to connect (via MAC-address restrictions)? Obviously it’s better to have both, but if you can only have one, which one is more secure?

I was thinking that if you couldn’t get WEP to work for whatever reason, then it might be ok to just configure your WAP to only accept connections from certain MAC addresses. This would mean that the data wasn’t encrypted in transmission, but wouldn’t it also mean that people couldn’t snoop your traffic, because they couldn’t connect in the first place? Or am I missing something?

The down-side is that if (somehow), an outsider knew the MAC address of your machine/network adaptor, then they could use something like SMAC to spoof it and connect to your WAP.

WEP is supposed to be pretty insecure, and tools like AirSnort can be used to determine the encryption key given enough sample data, so is it really worth the effort? (unless you’re regularly cycling your keys perhaps?)

Any thoughts out there?

Written by Beau Lebens

March 5th, 2004 at 4:00 pm

Posted in Uncategorized

Tagged with , , , ,

Powerful, Proximate Network

without comments

I’ve moved house now, although I haven’t got ym new desktop, so I’m not set up properly. I’m still operating via laptop, but my ADSL isn’t connected at this house, so the wireless modem isn’t much good to me at this point either :).

Just out of interest, I turned on my wireless card and loaded up Net Stumbler the other day and have noted that I continuously get a strong signal (60 ish SNR) for another network which must be close. What is really interesting is that if I walk out the back of my house, the signal to my own AP drops off significantly, but the signal to this other network remains constant and strong. I can only guess that they have a powerful antennae on it or something which provides me with a strong connection regardless of the small change in distance/location.

The network is secured (WEP), and is identifying itself as an ‘Agere‘ modem, but that’s about all I know.

How would one go about finding out who’s network this is? I’m interested to know who it belongs to and what sort of a set-up they’ve got.

Written by Beau Lebens

February 19th, 2004 at 4:00 pm

Posted in Uncategorized

Tagged with , , ,

First War-Ride

without comments

Well, I needed a ride, and I hadn’t scanned for any networks lately, so I thought it’d be a good chance to combine the two and try something new. I rigged up my laptop with a new power profile, whacked in the headphones, slapped it all in my backpack and rode off into the night (being 8pm and all) to stumble for networks through the middle of Perth (expecting it to be a relative hotspot).

I wasn’t disappointed with my findings, and below is a small, standardised summary according to the format that I’ve used in other stumbles. I’ve also included a map of the ride route, with a few interesting points marked on it for reference.

  • 31 different SSIDs scanned
  • 59 unique MAC-addressed nodes scanned
  • 32 WAPs encrypted with WEP [54%]
  • 7 WAPs using what appear to be default SSIDs [12%]

As you may notice, the percentage of WAPs using WEP is much higher than previous stumbles, and the percentage of default SSIDs is much lower. I would most likely attribute this to the commercial nature of the majority of these nodes (see ride route below), which went through the main business street of the city. I suppose at least some businesses are securing their networks πŸ™‚

A couple of interesting observations from the results;

  • 3 ‘WesWiFi’ devices were located when passing Wesley (private school); all of which were NOT encrypted
  • An SSID called ‘HayStNet’ was scanned, which sounds like a rather ‘community’ sort of a thing, but it was encrypted, so I wonder what it is
  • Cino To Go 182 has a WAP, which is not encrypted, and I am assuming that it provides public Internet access (marked on map)
  • The Chifley Hotel appears to provide free/public Internet access as well, since their SSID is ‘Chifley Public Wireless Internet’ (marked on map)
  • Posh Nosh, a cafe at the West end of St George’s Tce, provides access via the HotSpots network, but it’s paid access, and from memory is something like $20 for 2 months!
Complete map of the war-ride.
Close-up of the city part of the ride, including what appear to be public access sites.

I will definitely have to go for another war-ride soon, it was very fun indeed. There are a few things to watch out for;

  1. Heat: I stopped 3 or 4 times on this relatively short ride for a little break, but also to take my laptop out of the bag and let it cool down a little bit. Being in the enclosed space for that long means that it heats up.
  2. Power Profile: I customised a special power profile for handling my laptop, which basically tells it to never hibernate or suspend the drive, but to turn off the LCD screen and keep running when the lid is closed, with the CPU running in ‘battery-saving’ mode. This way, I can close it all up and tuck it away in the bag without worrying about it suddenly going to sleep πŸ™‚
  3. Damage: Be very careful riding around on a bike with your laptop in a backpack – if you fall off, think about how you land, you really don’t want to roll in any way, or fall directly on your back, because your laptop will most likely be crushed.
  4. Headphones: Getting the volume level takes some tweaking, and it’s kind of hard because it needs to be up louder so you can hear it while riding, but when you slow down or stop it will be very loud. It also gets a bit much if you have 16 APs dinging away at you all at once (like I did!), so you might be better of turning off the MIDI mode in Net Stumbler
  5. GPS: Just thought I’d mention it again – I really want one πŸ™‚

Ok, that’s enough for now – more write-ups later on some more of my equipment, namely my backpack and laptop, which I realised I haven’t really talked about yet.

Written by Beau Lebens

November 5th, 2003 at 4:00 pm

Posted in Uncategorized

Tagged with , , , ,

Securing My Netgear Network

without comments

On advice from someone who works in the DSD (pretty good advice on this sort of thing I’d say!), I went about securing my network as soon as I had it installed. This is basically all I had to do;

  1. Get connection going normally (unencrypted) between my WAP and my wireless-card-equipped laptop.
  2. Log into the admin interface on my WAP/switch
  3. Under the ‘Maintenance’ section, go to ‘Set Password’ and change the admin password for the administration interface (default is ‘password’ on Netgear devices)
  4. Under ‘Setup’ go to the ‘Wireless Settings’ and configure the WAP with the following details;
    1. Region: Australia (don’t know why this is required, but set it anyway)
    2. SSID: ansible (see previous post about origin of this name)
    3. Click to ‘Configure WEP’
      1. Leave ‘Authentication Type’ on ‘Automatic’
      2. Set ‘Encryption’ to 128-bit
      3. Enter a passphrase (remember it, will need for the PC Card later, and if anyone else is going to access this network)
      4. Click ‘Generate Keys’ and ‘Apply’ when done to save it all to the WAP, this will reboot WAP to initiate settings (losing wireless connection in the process, because I am no longer authorised to connect!)
  5. On the ‘Security’ tab of the config utility for my PC Card (on my laptop) adjust the following settings;
    1. ‘Enable Encryption’ (check this box to turn it on)
    2. Change ‘Key Length’ to ‘104/128 bit’
    3. Under ‘Create with Passphrase’ enter the same passphrase as was used on the WAP
    4. Click ‘Apply’ to save the settings, then go to the ‘Status’ tab and click ‘Re-Scan’ which connects back onto the WAP (using encryption this time)
  6. Now that we are connected using WEP, we are little more secure, but we also want to restrict connections to only certain MAC addresses (the hardware signature of the PC card).
  7. Get the MAC for you wireless card; I got mine by going back to the WAP admin, then selecting ‘Attached Devices’ under ‘Maintenance’.
  8. Again, under the ‘Wireless Settings’ under ‘Setup’ in the WAP admin interface, we now click the ‘Trusted PCs’ button under the ‘Access Point’ section (to specify trusted PCs)
  9. Enter the MAC for your wireless card in the space provided and click ‘Add’ – mine came up with the name of my machine next to the MAC, so I assume it is either encoded in the MAC, or it contacted my machine and asked (?)
  10. Click ‘Back’ when you’re done so we can turn on the security access based on MAC.
  11. Now select ‘Trusted PCs only’ under ‘Allow access by:’ so that only those machines on your trusted list can connect.
  12. Click ‘Apply’ to save these changes and reboot the WAP. You should reconnect successfully once it’s on again, since you are now on the trusted list. If you have another device, try connecting to confirm that it’s secure. I haven’t been able because I don’t have anything else, but I assume it just won’t be able to connect πŸ™‚

More security info to come, including some experiments with things like AirSnort hopefully πŸ™‚

Written by Beau Lebens

October 19th, 2003 at 4:00 pm