D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] New router security

 

On Fri, 28 May 2010, Neil Winchurst wrote:

Gordon Henderson wrote:
Sounds like somethings wrong... Have you used Wi-Fi on that laptop
before? Do you have any other "proper" device to use to test the access
point? (Yes, I know, Linux is proper, but let's face it - it's not had
the best reputation for working Wi-Fi. I'll always resort to using a
mobile phone with Wi-Fi or a Windows box to check a Wi-Fi access point
if I can't get my laptop to work).

Of-course my current mobile phone runs linux, but at least the hardware
is well understood - getting a decent driver for the multitude of Wi-Fi
cards is half the problem...

Gordon

Yes, I used wifi on that laptop with my now replaced router. But I had
encryption turned off. Now that I have replaced the router I thought I
ought to try some form of encryption. That is when my troubles started.

If I turn off encryption on the new router that same laptop works fine,
just as it did with the previous router (with no encryption). It will
not connect however with encryption turned on. Turn encryption off again
and it is all fine.
Sounds like your distro or hardware doesn't support the encryption - or 
maybe it's done in software and you don't have the drivers? It's an area 
of Linux networking I'm not as familiar with as others - I suspect I've 
just been lucky and also made sure I used hardware that didn't need the 
wrapped windows drivers. (ndis or whatever it's called).
I have had issues with wicd in the past though - when it was set to 
automatically connect to my home network, it would never connect to the 
Shoreline - and last time I was there, I nuked all the config files and 
started from scratch - and it connected to the shoreline, but then 
wouldn't connect to my home network...
Go down to WEP encryption and see if you can make that work, then add in 
MAC authentication - it's still fairly trivial to crack if you know how, 
but it's better than nothing.
Also - be in the same room as the access point when doing the testing - 
there's no point being in a marginal signal area when you have other 
uncertianties, and going back to even more basics, see if your access 
point has a scanner to see which channels are already in-use in your area 
and pick one well away - but avoid channels 12 and 13 as some drivers 
won't see it due to country restrictions. (But they're good to use if you 
can as others rarely do) Remember that a Wi-Fi channel spans 2 channels 
either side, so a base station on channel 4 is using the spectrum between 
channels 2 and 6. (Channel 1 will use the equivalent of -1 through 3, and 
so on)
Putting an access point on channel one, and having one next door on 
channel 2 really isn't going to help things.
I don't know what scanners are avalable for Linux these days - (I might 
now have a look!), but I have a brilliant graphical one for my phone an I 
can see right now what's about me...
See:

  http://unicorn.drogon.net/Screenshot-20100528-092405.png

for a screenshot of my phone.

So my access points are on channels 4 and 13. (Yes, I have 2), but look at channel 1: There are 3 there, channel 7 has 2 and channel 11 has 2, so by putting mine in the middle and top, I get more clear signal space.
Wish I'd had that tool 7 years ago when I was building Wi-Fi broadband 
networks... The equivalent was several thousand pounds worth of signal 
analyser...
Gordon

--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html