Wireless success with 802.11A/B/G!!

Discuss Networking
User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Fri Jan 09, 2004 2:40 am

As I mentioned earlier (in another thread apparently) I had fried my WRT54G router about a month ago due to a bad firmware upload. I was in a hurry and didn't take necessary precautionary steps to prevent the possibility of recovery.

I knew I would end up just ordering a new one but I wasn't in any hurry. It's a good thing I waited to order the new one because I just got a $25 promotional certificate in my email from Amazon.com (where I ordered the last one) so after placing the order for the new one it's only costing me $60.49. What a deal! :)

florin
user
user
Posts: 6
Joined: Mon Mar 29, 2004 6:10 pm
Location: Mountain View, CA
Contact:

Post by florin » Mon Mar 29, 2004 6:20 pm

Void Main wrote:It was as simple as downloading the madwifi driver and doing a "make install" in the directory I extracted it to. No kernel recompile or anything. I then manually configured a card configuration for Fedora that looks like this:

/etc/sysconfig/network-scripts/ifcfg-ath0:
Anything that you modified in /etc/modules.conf as well?
I'm using http://dag.wieers.com/packages/kernel-module-madwifi/ (version 20040312) recompiled from src.rpm on a fully updated Fedora Core 1, and it doesn't work: when i attempt to run "ifup ath0", the hard drives starts to spin like crazy, the system becomes unresponsive, etc.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Mon Mar 29, 2004 7:07 pm

Nope, nothing added to my modules.conf. I am not running the latest kernel and probably not the latest madwifi driver since I haven't touched it since posting this thread. I used the source tarball from the madwifi site. The kernel version I am currently running is 2.4.22-1.2115.nptl. I'll try upgrading the kernel to the latest and use the dag RPM and see if I have any problems.

Are you using a WPC55AG card?

florin
user
user
Posts: 6
Joined: Mon Mar 29, 2004 6:10 pm
Location: Mountain View, CA
Contact:

Post by florin » Mon Mar 29, 2004 9:14 pm

Void Main wrote:Nope, nothing added to my modules.conf.
Wow! :shock: So then how did you load the modules? Did they got loaded automatically, or?...
Void Main wrote:Are you using a WPC55AG card?
Exactly.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Mon Mar 29, 2004 11:44 pm

The card services should detect the card and load the appropriate drivers, which brings up a question. You have the "pcmcia" service set to start at boot right? And the "network" service of course? Does your laptop beep when the pcmcia service starts and do the lights on your WPC55AG light up?

I just upgraded my kernel and installed the Dag binary madwifi RPM and it works:

Code: Select all

# apt-get install kernel-smp#2.4.2
# apt-get install kernel-module-madwifi#0.0.20040107-1_2.4.22_1.2174.nptl.rhfc1.dag2-1.2174.nptl
A slightly newer madwifi module (20040312) shows up in the install list but when I try to install it it says the module is not found so I installed the next newest one. I also had to replace the "root=LABEL=/" with "root=/dev/hda5" (my root partition device name) in it's grub entry. I don't know why some kernels will boot with the label and some won't. At any rate, the dag module and new kernel work for me. My /etc/sysconfig/network-scripts/ifcfg-ath0 looks like this:

Code: Select all

DEVICE=ath0
TYPE=Wireless
ONBOOT=yes
DHCP_HOSTNAME=voidlaptop
BOOTPROTO=dhcp
IWPRIV="mode 0"
ESSID=MyESSID
KEY=AAAAAAAAAAAAAAAAAAAAAAAAAA
USERCTL=yes
PEERDNS=yes
Of course I changed my ESSID and KEY above. You'll need to put whatever your's should be in there.

BTW, what make/model is your laptop? Maybe it's a PCMCIA issue or something wrong below the madwifi driver level.

florin
user
user
Posts: 6
Joined: Mon Mar 29, 2004 6:10 pm
Location: Mountain View, CA
Contact:

Post by florin » Tue Mar 30, 2004 2:24 am

Nevermind, i got it working, don't ask me how :)
Sorry for bothering you.
Cheers,

agent007
administrator
administrator
Posts: 254
Joined: Wed Feb 12, 2003 11:26 pm

Post by agent007 » Tue Apr 20, 2004 12:15 pm

Void Main wrote:
Ok, WEP is easy. I set my router to use 128 bit WEP, had it generate a few keys, set it to use the 1st key and took that key and added it to my wireless interface config in Linux so it now looks like:
[/code]
Void,

Is WEP enough for security? How else can u fully secure a wireless network? I came across this article on WEP...Seems like there are some major flaws..
http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html

florin
user
user
Posts: 6
Joined: Mon Mar 29, 2004 6:10 pm
Location: Mountain View, CA
Contact:

Post by florin » Tue Apr 20, 2004 12:23 pm

agent007 wrote:Is WEP enough for security? How else can u fully secure a wireless network? I came across this article on WEP...Seems like there are some major flaws..
http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
If you're really paranoid, i guess you could run VPN over WiFi.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Tue Apr 20, 2004 6:20 pm

agent007 wrote:
Void Main wrote:
Ok, WEP is easy. I set my router to use 128 bit WEP, had it generate a few keys, set it to use the 1st key and took that key and added it to my wireless interface config in Linux so it now looks like:
Is WEP enough for security? How else can u fully secure a wireless network?
There is no way to "fully" secure any network, let alone a wireless network. :) Of course there are a few more concerns with wireless than with wired. You just want to take reasonable measures to make it as secure as you can as with any network.

Yes, WEP has been cracked long ago (enter airsnort). It certainly shouldn't be your first choice of encryption. However, on a low utilized wireless network (like mine) someone will have to sit out in front of your house for days/weeks/months in order to collect enough packets to break your encryption. Or if you have a sneaky neighbor I suppose they could just leave airsnort run and eventually capture enough packets to break your encryption. I do have ways of detecting if people are sniffing around my airwaves though. I am waiting for someone to actually try it so I can sneak up on them and scare the bejesus out of them. :)

There are many ways to do stronger encryption. My router also does WPA encryption which is better (I don't believe there is a known crack). You can also use encrypted tunnels (VPN as florin suggested). At work we have wireless setups with stronger encrption along with key exchanges (IKE/PKE). You could also run wireless bridges between buildings with no encryption and stick VPN devices on each end to do the encryption if the encryption in your wireless devices is not sufficient. There are many ways.

You are right though, WEP is barely better than no encryption and you wouldn't believe how common "no" encryption is. Plug your wireless card and GPS unit into your Linux laptop and fire up kismet and take a drive. You would be *shocked* at the percentage of wide open wireless networks just begging you to connect to them. Chances are, if you do simple security measures like turn on WEP (at minimum), turn off broadcasting of your SSID (not by itself a good security measure) and use MAC filtering (also not by itself a good security measure) then you will be in pretty good shape. Chances are the people who get messed with are the ones who are wide open.

[root@localhost /]#
user
user
Posts: 15
Joined: Wed Dec 03, 2003 8:12 pm
Contact:

Post by [root@localhost /]# » Tue Apr 20, 2004 7:55 pm

if you only have x machines on your WLAN than set up a MAC filter that is pro-active rather than re-active. You manually add each permitted MAC to the WAP.

this, IMO beats WEP anyday of the week, even on thursday.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Tue Apr 20, 2004 7:58 pm

[root@localhost /]# wrote:if you only have x machines on your WLAN than set up a MAC filter that is pro-active rather than re-active. You manually add each permitted MAC to the WAP.

this, IMO beats WEP anyday of the week, even on thursday.
Except for when I am parked outside your house with my Linux laptop running kismet and I see what MAC addresses are talking and what your SSID is (which is in every packet). Then I just wait for you to shut your PC down and I bring mine up with your MAC address and hop right on to your network. It's as easy as pie. Not to mention that I don't even actually have to associate to your AP to watch everything you do using either kismet's packet captures or Ethereal/tcpdump directly.

[root@localhost /]#
user
user
Posts: 15
Joined: Wed Dec 03, 2003 8:12 pm
Contact:

Post by [root@localhost /]# » Tue Apr 20, 2004 8:05 pm

no you wouldn't, my nextdoor neighbors have a unsecured WAP from D-Link with the default settings unchanges, no MAC filtration or WEP.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Tue Apr 20, 2004 8:07 pm

No I wouldn't what?

florin
user
user
Posts: 6
Joined: Mon Mar 29, 2004 6:10 pm
Location: Mountain View, CA
Contact:

Post by florin » Tue Apr 20, 2004 8:15 pm

Void Main wrote:No I wouldn't what?
He's saying his neighbour is an easier target, so it's probably worthless to attack him instead of his neighbour. :wink:

That's actually kinda cool - use your computer-illiterate neighbours as decoys to protect yourself! :roll: :D

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Tue Apr 20, 2004 8:17 pm

florin wrote:
Void Main wrote:No I wouldn't what?
He's saying his neighbour is an easier target, so it's probably worthless to attack him instead of his neighbour. :wink:

That's actually kinda cool - use your computer-illiterate neighbours as decoys to protect yourself! :roll: :D
You better watch out. Microsoft has a patent on that type of security. :)

Since I don't actually connect to an AP when running kismet then I can watch him and his neighbor at the same time with no extra trouble. :)

Post Reply