Security

11-26-2001

Hey everyone!
1st time poster here. I have Orinoco Gold cards (Net Stumbling is my new hobby!). I have a WEP configuration question. Since I haven't found other WLAN forums (Any suggestions?) I thought I'd try here. Here goes...I also have a Linksys AP/Gateway/Router/Switch. I can't get the Orinoco card and the AP to talk in 128bit encription. The card sees the signal very well but in the Client Manager it says that it can't get the AP name and therefor, doesn't seem to give me a copmplete connection. I've tried all the 'ipconfig' stuff. Will these two products work in 128 bit? Any suggestions would be great! Thanks!
-John

11-26-2001

Linksys model befw11p1 router is only capable of 40 bit (64) encryption. Linksys model befw11s4 router is capable of 128 bit encryption. Check your model to see which one you have. First try to get a connection working without WEP enabled. Once this works, try enabling WEP using a hexadecimal string as the pass key. (hexadecimal on BOTH devices) I know there was a problem using the alpha-numeric key in some versions of the Orinoco driver/ client manager. This combo will work. (assuming your router will do 128 bit encryption) Also try to get the latest firmware for your router, and latest drivers for your card.

Drivers for lucent / orinoco card
http://www.orinocowireless.com/template.html?section=m56&envelope=93&page=126

11-27-2001

Speaking about the Linksys Router/AP/Switch, anyone been successful in either getting it to work in a 'closed' network mode or actualy implement a lockout on MAC address?

Heck, anyone even been able to upgrade the darn firmware? I haven't even been able to do that. Tried the web interface, the tftp interface, and the upgrade utility. No go.... :-(

John K

04-09-2002

Like the last poster, I'd like to know if there is anyway to set up a WLAN using the BEFW11S4 that only allows authorized MACs. (I know that this is far from perfect security, but it would be a lot better than nothing.) Although there is a button on one of the "advanced" tabs of the router setup for MAC address filtering (don't have it in front of me or I'd say which one) it doesn't appear to do anything.

04-10-2002

Yep that sucker does have the filtering. it is in advanced I believe. I have one of these but haven't used MAC filtering as of yet.

Doug
kd4moj

04-10-2002

That AP has filtering, but it works in reverse. It allows ALL MAC's and when you put in a MAC is disables the MAC you put in. I should know. I have it.

04-10-2002

I have the BEFSR41 (the 4pt switch/router for cable/dsl.... not wireless) and it has what they call MAC filtering. It's used for filtering protocols to certain MACs (disabling stuff for certain clients on the network). I'm fairly sure this works the same for the wireless model as they are practially the same piece of hardware.... one has wireless, the other doesn't.

04-10-2002

Quote:

That AP has filtering, but it works in reverse. It allows ALL MAC's and when you put in a MAC is disables the MAC you put in. I should know. I have it.

I don't want to argue since I've never seen that AP - but it sounds really strange. My Xircom gives me the choice of allowing all, except those listed - as you describe - or - deny all, except those listed - which is the conventional approach to MAC filtering - maybe yours does too.

04-10-2002

...and the MAC filter filters the LAN side from getting to the WAN side. It does NOT filter the WLAN at all.

Stupid of Linksys, huh.

Tron Of Borg

04-11-2002

The wap11 s4 has downfalls with mac address filtering and really shouldnt be concidered.

on the other hand if you want ot hack you wap11 s4 to become a wap11 then you could do that with some software

you could upgrade the output to 100mw instead of the 30mw standard.. you could enable the MAC address filtering and and use it...

http://www.seattlewireless.net/index.cgi/Wap11Hack go here to get your fingers in deep if you wish too

04-11-2002

What you can do to get a little more security is use static ip's for all your hard wired NIC's. And use DHCP for your wireless nics. Assign the DHCP scope to be the same number as however many wireless NIC's you have.

Then, you can filter out all the other remaining 192.168.1.x address's that you aren't using so no-one can come in on those address's. Yes I know, they can sniff your network and see what ip you are using and match that up, but if you have all your devices up and running, your DHCP server will not be handing out ip's, the only available ip's will be assigned to currently running NIC's, and you would have filtered out all other possible ip's.

I don't know if this makes sense to you guys.

04-12-2002

but then my friends can't come over and use their wireless notebooks. Also, all my wireless NICs have to be active, or there are DHCP addresses available to the bad guys.

I have been reading about virtual private networks (VPNs) but they seem to be a point-to-point solution. What I want is something that gives me secure communication from my wireless notebook to my linux firewall, and then lets me out on the internet same as if I were a wired NIC. SSH doesn't seem like it will do this either.

Davo

04-12-2002

In a wireless lan, you would use a VPN for the RF link.

So, in your case, you could have encrypted traffic going from your wireless card to the linux firewall (VPN Host) then cleartext traffic going from the firewall to the Internet or the rest of your lan.

It is a point-to-point tunnel, but then your traffic would be routed on to its destination.

04-12-2002

BEFW11S4 support page
http://www.linksys.com/support/support.asp?spid=68#facts

BEFW11S4 manual
ftp://ftp.linksys.com/pub/manuals/befw11s4ug.pdf

Most of the time, the manual is almost useless. But there are some good FAQs on setting up the router for certain situations. (Like, making it work for Half-Life, or Earthlink DSL.)

And the manual talks a little bit about filtering. But it's all about WAN->LAN or LAN->WAN filtering. Not much in the way of WLAN filtering.

LostInSpace · 04-13-2002

Just setup the WAP11 ver 2.2 <Linksys> . Plugged the Oral Gold <he he> into my Toshiba 405 and ran N.Stumbler. After playing awhile, set the SSID broadcast to disabled, does this make any difference? Set the WEP to 128, but 256 is available on this unit, does it alter performance? N.Stumbler only picks up the AP when I use the config with the security key/SSID name. Awaiting a Dell 8200 and antenna for the Gold, the Toshiba only hit on six or seven AP's Friday. Anyone have a quick list for wireless security issues? Running the lan from cable/bsfsr41/=>wap11.

Thankx

11-26-2001	#1 (permalink)
Posts: n/a	Security Hey everyone! 1st time poster here. I have Orinoco Gold cards (Net Stumbling is my new hobby!). I have a WEP configuration question. Since I haven't found other WLAN forums (Any suggestions?) I thought I'd try here. Here goes...I also have a Linksys AP/Gateway/Router/Switch. I can't get the Orinoco card and the AP to talk in 128bit encription. The card sees the signal very well but in the Client Manager it says that it can't get the AP name and therefor, doesn't seem to give me a copmplete connection. I've tried all the 'ipconfig' stuff. Will these two products work in 128 bit? Any suggestions would be great! Thanks! -John

11-26-2001	#2 (permalink)
Posts: n/a	compatability Linksys model befw11p1 router is only capable of 40 bit (64) encryption. Linksys model befw11s4 router is capable of 128 bit encryption. Check your model to see which one you have. First try to get a connection working without WEP enabled. Once this works, try enabling WEP using a hexadecimal string as the pass key. (hexadecimal on BOTH devices) I know there was a problem using the alpha-numeric key in some versions of the Orinoco driver/ client manager. This combo will work. (assuming your router will do 128 bit encryption) Also try to get the latest firmware for your router, and latest drivers for your card. Drivers for lucent / orinoco card http://www.orinocowireless.com/template.html?section=m56&envelope=93&page=126

04-09-2002	#4 (permalink)
Posts: n/a	mac address filtering in linksys BEFW11S4? Like the last poster, I'd like to know if there is anyway to set up a WLAN using the BEFW11S4 that only allows authorized MACs. (I know that this is far from perfect security, but it would be a lot better than nothing.) Although there is a button on one of the "advanced" tabs of the router setup for MAC address filtering (don't have it in front of me or I'd say which one) it doesn't appear to do anything.

04-10-2002	#5 (permalink)
Posts: n/a	BEFW11S4 MAC address filtering Yep that sucker does have the filtering. it is in advanced I believe. I have one of these but haven't used MAC filtering as of yet. Doug kd4moj

04-10-2002	#6 (permalink)
Posts: n/a	BEFW11S4 MAC address filtering That AP has filtering, but it works in reverse. It allows ALL MAC's and when you put in a MAC is disables the MAC you put in. I should know. I have it.

11-27-2001	#3 (permalink)
Posts: n/a	Speaking about the Linksys Router/AP/Switch, anyone been successful in either getting it to work in a 'closed' network mode or actualy implement a lockout on MAC address? Heck, anyone even been able to upgrade the darn firmware? I haven't even been able to do that. Tried the web interface, the tftp interface, and the upgrade utility. No go.... :-( John K

04-10-2002	#7 (permalink)
Posts: n/a	I have the BEFSR41 (the 4pt switch/router for cable/dsl.... not wireless) and it has what they call MAC filtering. It's used for filtering protocols to certain MACs (disabling stuff for certain clients on the network). I'm fairly sure this works the same for the wireless model as they are practially the same piece of hardware.... one has wireless, the other doesn't.

04-10-2002	#9 (permalink)
Posts: n/a	Nope..I have the Linksys AP/switch... ...and the MAC filter filters the LAN side from getting to the WAN side. It does NOT filter the WLAN at all. Stupid of Linksys, huh. Tron Of Borg

04-11-2002	#10 (permalink)
Posts: n/a	Fixing the Wap11 The wap11 s4 has downfalls with mac address filtering and really shouldnt be concidered. on the other hand if you want ot hack you wap11 s4 to become a wap11 then you could do that with some software you could upgrade the output to 100mw instead of the 30mw standard.. you could enable the MAC address filtering and and use it... http://www.seattlewireless.net/index.cgi/Wap11Hack go here to get your fingers in deep if you wish too

04-11-2002	#11 (permalink)
Posts: n/a	BEFW11S4 MAC address filtering What you can do to get a little more security is use static ip's for all your hard wired NIC's. And use DHCP for your wireless nics. Assign the DHCP scope to be the same number as however many wireless NIC's you have. Then, you can filter out all the other remaining 192.168.1.x address's that you aren't using so no-one can come in on those address's. Yes I know, they can sniff your network and see what ip you are using and match that up, but if you have all your devices up and running, your DHCP server will not be handing out ip's, the only available ip's will be assigned to currently running NIC's, and you would have filtered out all other possible ip's. I don't know if this makes sense to you guys.

04-12-2002	#12 (permalink)
Posts: n/a	it makes sense but then my friends can't come over and use their wireless notebooks. Also, all my wireless NICs have to be active, or there are DHCP addresses available to the bad guys. I have been reading about virtual private networks (VPNs) but they seem to be a point-to-point solution. What I want is something that gives me secure communication from my wireless notebook to my linux firewall, and then lets me out on the internet same as if I were a wired NIC. SSH doesn't seem like it will do this either. Davo

04-12-2002	#13 (permalink)
Posts: n/a	VPN In a wireless lan, you would use a VPN for the RF link. So, in your case, you could have encrypted traffic going from your wireless card to the linux firewall (VPN Host) then cleartext traffic going from the firewall to the Internet or the rest of your lan. It is a point-to-point tunnel, but then your traffic would be routed on to its destination.

04-12-2002	#14 (permalink)
Posts: n/a	Linksys support page BEFW11S4 support page http://www.linksys.com/support/support.asp?spid=68#facts BEFW11S4 manual ftp://ftp.linksys.com/pub/manuals/befw11s4ug.pdf Most of the time, the manual is almost useless. But there are some good FAQs on setting up the router for certain situations. (Like, making it work for Half-Life, or Earthlink DSL.) And the manual talks a little bit about filtering. But it's all about WAN->LAN or LAN->WAN filtering. Not much in the way of WLAN filtering.

04-13-2002	#15 (permalink)
LostInSpace Registered Member Join Date: Apr 2002 Location: Fla East Coast Posts: 1	Doing it backwards! Just setup the WAP11 ver 2.2 <Linksys> . Plugged the Oral Gold <he he> into my Toshiba 405 and ran N.Stumbler. After playing awhile, set the SSID broadcast to disabled, does this make any difference? Set the WEP to 128, but 256 is available on this unit, does it alter performance? N.Stumbler only picks up the AP when I use the config with the security key/SSID name. Awaiting a Dell 8200 and antenna for the Gold, the Toshiba only hit on six or seven AP's Friday. Anyone have a quick list for wireless security issues? Running the lan from cable/bsfsr41/=>wap11. Thankx

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode