Welcome to WebmasterWorld Guest from 18.104.22.168
Forum Moderators: open
I had to go to a wireless network after moving my PC to a new location in the house. Since going wirless I have had problems with internet connectivity, downloading files and playing online games.
After speaking to the manufacturer (Linksys) helpdesk and re-installing all the software I think I have stopped the problems with the internet connectivity (ie it now stays connected for longer than the 10 minutes it used to), but I am still having problems downloading files - anything over 10 MB just hangs - and online games.
The wireless connection always shows as good - excellent (it's only a small house) but I still get these problems. I now have to re-wire my network in order to download important files until I get this sorted (which drives the Mrs mad as the cable runs through the whole house).
Surely this isn't the norm? I was promised a world free from restraints and all I've got so far is more wires and an upset wife!
If you are connecting to a 2.4 GHz wireless network (b) which you most likely are, there may be other devices near your router that are interfering. Phones, microwaves, etc. are all listed in the user guide as devices which may cause router issues.
If you go to the Linksys website and go to the products selection, select your product and read the online user guide. There is a good chance your question will be answered there.
P.S. When it comes to gaming, there may be additional issues that need to be addressed.
P.S.S. One of the first suggestions in the online user guide is to test close to the router and then move away in increments until you start to see the problem. It could be that you are experiencing interference from something within your environment which is limiting your wireless range.
Your best bet is to mess with the channels. You should only try 1, 6, or 11. Donít use any other channel. That is the only way wireless can have 3 separate channels. Also if you have the security on that could be slowing it down as well. The only security you need is to only allow your MAC address. If you are truly that paranoid none of the onboard security is that good. You would need to get some third party encryption.
If you are truly that paranoid none of the onboard security is that good.
ogletree, are you referring to all Linksys routers or just the one(s) you've had experience with? I just purchased their latest WRT55AG dual band wireless A+G. I've spent the last 5 days getting a new system in place at the home office. During that time I've been through every menu available for the router configuration. I've also read the online manual in regards to security and have adjusted my settings accordingly.
Can you expand on the security issues that you see so that those of us less wireless savvy have a good understanding of what to do and what not to do?
So I think I know what your problem may be. I have this every time I get a new laptop.
Some wireless access points don't handle the power save functions of the Intel Pentium Mobile chips properly.
To get around this problem you need to go to the network connection properties for your wireless adaptor, click configure, and go to advanced. Uncheck the default value for transmit power and set it to maximum.
That usually does it for me :)
My IT man tells me there are security holes in the secure wireless protocol. In the town where I live it's a common hobby to drive around sniffing for wireless networks and breaking in.
Even if you have MAC address filtering turned on they can sniff your MAC address and emulate your PC.
But is your info really that valuable? I'd only be worried about the taxman listening in :)
<Can you expand on the security issues that you see so that those of us less wireless savvy have a good understanding of what to do and what not to do?>
The other security features are things like WEP, which is known to be easy to break. Someone needs only to listen to your network and collect about half a million packets of data to be able to crack the WEP key and get into the system. Collecting this many packets can take anywhere from 15 minutes to several days depending on how much traffic your wireless network produces.
Using a combination of MAC filtering and WEP is a good idea, IMO, as it provides two layers of security. These are mainly deterants for someone trying to break into an arbitrary network and will often cause them to move on to the next. WEP takes a little bit of processing power, but all of your equipment should be able to handle it without noticable slowdown.
If you're looking for additional security, you'll want to setup something that is higher level like a VPN. Take a look at OpenVPN.. it's available for download at Sourceforge and is cross-platform. The Linksys WRT boxes are basically little computers running Linux. Linksys has opened up all of this code to the GPL, and so the source is also available from their website. You can compile and install your own customized firmware onto these boxes, including OpenVPN, which will give you security that's equivilent to that an SSL or SSH connection.
If you don't want to get into recompiling firmware, then the next best option is to setup a Linux box on your network as an OpenVPN server that will act as your wireless gateway. All wireless traffic is forced through this server, and this server only passes traffic that comes in through the VPN connection. OpenVPN supports either OpenSSL or a shared secret key.
<But is your info really that valuable?>
Most people's info is more valuable than they think, unless they don't care about identity theft :-).
<If you have broadcast SSID off and use MAC address security there is no way for a wardriver to break into your system without a tremendous amount of effort parked outside your house.>
It's actually much easier than that. While your AP is not going to broadcast itself, your SSID is going to be included in the header of every packet that your wireless network transmits. A wardriver would know your SSID the instant that your wireless network is used. And even if you're using WEP, the SSID is included in the unecrypted portion of the header. So even with WEP turned on and broadcast turned off, the SSID is readily available.
This, however assumes that you're using something like Kismet (on Linux), which will be able to get the SSID from packets sent on the network. Netstumbler (on Windows), AFAIK, cannot.
<You have to be real carefull with "computer guys" very few of them have real training and base most of their statements on things they have heard or most the time just made up. I have been in the IT industy since 97 and have known a lot of high paid idiots. Very few people in the industry have a clue of what they are doing. Basic IT is so easy that anybody that makes the smallest effort can figure it out. They and people around then think they are experts in the field.>
I've been around the computer industry for a long time and I would have to agree with you completely.
<I was trained by Cisco on wireless technology and have read a lot of stuff on it.>
I'm basing my statements on my own experiences with wifi over the past five years (I've done all of these things that I'm talking about).
Whenever there were people around I had to reconnect.
Are you talking about Internet multi-player games like CounterStrike, Doom III, or WarCraft III? These type of games require fast response times ("quick pings") to perform adequately. When I bought the first LinkSys wireless router on the market, I remember the response time was unacceptable for online games. It was fine for e-mail and web browsing, but I did notice a slight delay after every request.
If you play games daily or weekly, I'd opt for an actual ethernet cable run from the router to your other computers. That is the only way for online gamers.
Ever consider getting a wireless bridge? Maybe there is just too much interfearance, or your card is too weak to reach your current AP. Try adding a bridge to repeat the signal before discarding the whole idea.
Fewer security issues
Online games work
And you generally have to plug laptops in to the mains anyway, so you are often wired even on a wireless network.
Ever since I went wireless I never went back. I can call the fixed telephone net now using Skype and I am semi-mobile because I can walk around the house with my laptop and not drop the call. The other day I took the laptop to the toilet (while I was on a phone call :))
I like to use my laptop everywhere in the house. Not just where I can plug in!
I took the laptop to the toiletMy laptop allows me flexibility in my home/office work space but I don't need THAT much flexibility! :)
After hearing numerous tails of woe about wireless connections and intrusions I chose Home Plug Power Line Adapters [homeplug.org]. They're limited to 10Mbps so far, but bulletproof reliable, and reasonably secure. After just over a year's use, I'm still pleased! And it didn't take long to develop the habit of plugging in a second plug whenever I laptop.
I could do that in the bathroom too I guess... ;)
<I understand what you are saying but it is not easy for most people.>
I'm not worried about most people, because most people aren't wardrivers :-).
<I don't know why someone would bother it would be easier and cheaper to break into someones house. Any moron can break into your house.>
If someone can break into something without you knowing that it's happen, there's a good chance that it can, or already has, happened.
It's easy to break into a house by smashing a window, but then it's also very difficult to cover your tracks. We do things that are common sense like locking the doors and windows. Without those safeguards, someone could enter your house and you may never know, because they haven't damaged anything. This is the worse kind, because you don't even know that it happened.
When it comes to breaking into a network, it's very difficult to track someone, which means that it's much more likely to happen because they know they probably won't get caught. It's not simply a matter of how easy it is.
This is how things like identity theft work. You feel that your safeguards (MAC ACL alone) are sufficient.. that's probably because you've never seen anyone in your system. That either means that A) your safeguards are good enough, or B) your system is easy to enter without being seen. Why do you assume that it's the former and not even consider the latter?
Again, this is from experience. It is very easy to break MAC ACL and WEP, given that the network has any traffic. Normally someone would not do this. But if open wifi networks are scarce (depends on where you live), or if someone is targetting you specifically (probably not, though the guys that know what they're doing are always the ones that like a challenge), then it won't be passed up for the next AP.
<Turn the firewall on your computer on you are then just as safe as you are on cable modem.>
If you turn the firewall on on an individual workstation, you lose the services that you'd normally have on a LAN, like file and print sharing. If you open ports to allow those services, then you've effectively defeated your firewall, as those are the services that are easiest to exploit. The challenge is to secure the entire network without removing the desired functionality of the LAN.
However, if your machines don't send any to each other, and you have a network solely for the purpose sharing an internet connection, then this may be the way to go.
<Anybody at your ISP or any ISP you travel through can read your emails and watch your traffic.>
Well sure.. but anyone that has any common sense about email isn't going to send something through email that they want hidden or kept secret, because they should know that email is plain text all the way through and inherently insecure. As far as the rest of the traffic, I really don't care that someone at my ISP may be watching me write this message on Webmasterworld.
What I do care about is personal data (social security numbers, credit card numbers, passwords, company documents, etc). None of this is ever done unencrypted. When I access my email remotely (email over IMAP), I do so using SSL.. not because I'm concerned about the privacy of the email, but rather the login credentials to access the email.
Assume that at any time anyone can intercept anything that you send over a network (because they can).. and act accordingly. If you don't care that information leaks out, then that's fine.. just so long as it's understood that it's easier to do than most people think.
<Unless your data is REALLY valueable, just turn off your SSID, use a MAC filter or a WEP, or both.>
Most people that I know have data like credit card numbers or passwords that they don't want anyone to know -- I know I do. To me, that is REALLY valuable data. If anyone disagrees with me, and this information is not valuable, please reply with your detailed banking information :-).
<Most times wardriver will just keep going to the next AP if yours presents any measures that will cause them to spend time breaking in.>
That's true.. I live in a fairly nice neighborhood, and most times if I leave the door to my car unlocked nothing will happen to it. However, I'm not concerned with what will happen most times.. I'm concerned with what will happen every time. I want a 100% failure rate for anyone that tries to get into my network.. not just most times.
It used to be that 10 years ago, even five years ago, people considered computers a novelty item. That's just not true anymore.. they're almost a necessity for many people, like a telephone. And a lot of people are putting important information into their computers. There are more than a few blackhat hackers that know this and are more than willing to take advantage of people that don't understand proper security. It's the "it couldn't happen to me" syndrome.
<My eyes have glazed trying to keep up.>
I love Jeeps.. and I've always wanted one. Several months ago, I finally got my first (1994 Grand Cherokee).. and it had a bit of damage to the CV joints. I don't know much about vehicles.. except how to drive them and fill them with gas (well, a little more than that, but you get the idea). My mechanic told me that the joint would be fine if I didn't do any offroading. Apparently a lot of people drive around with bad joints and don't even know it because they stay on paved surfaces.
A few weeks later, my family and I went camping, and I couldn't resist. Two days later, I heard clunking noises coming from the front of the vehicle. It drove just fine, but I was very paranoid to ride it with the excessive amount of noise it was making. So I took it in.
My mechanic looked at it, he spent some time explaining to me what had happened and what needed to be done and why.. during this one-way conversation I had a look in my eyes very similar to the one you probably had when you read my previous post. The only thing I really remember from the conversation is $1,100. However, he did show me the damage to the joint and it was apparent that it needed fixing.
The moral here is that while many people may not understand the details of how something works, it's a good idea to understand the reason for them. I don't expect everyone in the world to become technical security experts and how to customize syslogd to function on their Linksys WRT. However, I do think it's reasonable to expect, (if not today, hopefully sometime soon), the reason why it's important. Unfortunately, this is a the kind of thing that a lot of people will have to get bitten by before they get it.
<I disconnected security altogether>
I'm sure you've had more than one intruder into your network. Most likely, they've all simply been looking for bandwidth. That's not always the case.
<and bought a 5.8ghz phone>
This was a good move, however :-).
The Wired Equivalent Privacy (WEP) algorithm is part of the 802.11 standard.
MAC (Not a Macintosh)
Media Access Control Address
A hardware address that uniquely identifies each node of a network.
The Service Set IDentifier is a token which identifies an 802.11 (Wi-Fi) network.
The Access Control List is a set of data that informs a computer's operating system which permissions, or access rights, that each user or group has to a specific system object, such as a directory or file.
Now, there was mention of the 5.8 GHz phone. What about my router that has the 5GHz band?
Would a service like that from GRC (https://grc.com/x/ne.dll?bh0bkyd2) be sufficient for testing a wireless network from a security standpoint? My system(s) have always shown stealth mode for all services and they still do today.
The Wired Equivalent Privacy (WEP) algorithm is part of the 802.11 standard.>
Unfortunately, (or fortunately, depending on your perspective), WEP is easily crackable with free tools that can be found online. But it is good to use this to deter novice hackers.
<MAC (Not a Macintosh)
Media Access Control Address
A hardware address that uniquely identifies each node of a network.>
Yes, this information is hard-coded into the network device by the manufacturer. Every network interface, whether it's a wired or wireless NIC (network interface card) in your PC, networked printer, or even a router has a MAC address that is unique from any other network device in the world.
With Linux, it's fairly easy to spoof your MAC address. With Windows, I'm not sure if it's possible.
The Service Set IDentifier is a token which identifies an 802.11 (Wi-Fi) network.>
This is essentially the network name, and is used to connect a set of clients to an AP (access point). You tell your computer the SSID to connect to when configuring it (or it detects ones within range and presents a list to you for you to choose). Most APs by default will broadcast their SSID so they can be picked up, which makes it easier for you to connect to them. In the same way, someone else with a wifi-enabled laptop can also see that your network exists by receiving this SSID broadcast.
Each packet that is sent over a network includes the SSID in the header. For a novice hacker, the network may appear invisible. For an expert, it'll add about 10 seconds to the total amount of time required to break into a network.
The Access Control List is a set of data that informs a computer's operating system which permissions, or access rights, that each user or group has to a specific system object, such as a directory or file.>
In this context, it's referring to an access control list that contains a list of MAC addresses that the AP is allowed to communicate with. If your network card's MAC is not on this list, it will not accept communications from you.
Here are the downsides. First, it's easy to spoof a MAC address. All you would need to do is listen for a few packets and find a MAC address that is being used, then pretend to be that computer. Second, MAC addresses only prevent the router from accepting packets from a non-authenticated host. It does not prevent a non-authenticated third-party from eavesdropping.. they can still see everything if you're using MAC ACL only (without encryption).
<Now, there was mention of the 5.8 GHz phone. What about my router that has the 5GHz band?>
That would depend. If your router is A-only (802.11a), then you'd want to find the begining and ending of the 5.8GHz phone's range (might be something like 5.8GHz - 5.9GHz). While B and G only have 11 channels ranging from 2.4GHz to 2.485GHz, A has many more channels. You'll want to choose one that is not within range of what your phone uses.
If your AP is A/G or A/B/G, and you are not using A mode (meaning that your wifi network is operating in the 2.4GHz range), then your phone will not cause any problems.
<Would a service like that from GRC (https://grc.com/x/ne.dll?bh0bkyd2) be sufficient for testing a wireless network from a security standpoint?>
Nope.. this tests the link over the internet from GRC to you, so it's basically testing out your router. Most likely your AP is either inside the LAN (either by being built-in to the router or being plugged into a LAN port on the router), which means that anyone connected to the wireless interface is not subject stealth to the rules implemented by your firewall.
In my case I know there is no obstruction between the router and the adapter (it's sat on top of it at the moment) but I'm still not downloading files over 10Meg so I will speak to Linksys about this as it seems this should not be happening.
The problem with online games (Call of Duty, etc) seems like it is the norm, which is disapointing and would have persuaded me to drag cables all over the house (despite my wife's protests). I'm stuck with the wireless option for the time being but I may wireup my pc and just use the wireless for laptops etc at some point in the future.
I did understand a little about the security implications of going wireless but it shocked me how little was said was about it when installing the router. It was more like, "...well there are some security features if you want to use them but we won't tell you what the differences are". Considering they are now selling these routers in Staples I would have thought there are a lot of unsecured networks out there.
ps: Sly Old Dog - Good to speak to you again :) Hope business is good for you and you're dodgy brother ;)
but I'm still not downloading files over 10Meg
I can't find it now, but I know when I was setting up my wireless LAN at home, I saw something on a web site about checking the default speed on the router. Seems that some are defaulted at the factory to a slower speed.
I'll keep digging to see if I can find the specifics...
<Considering they are now selling these routers in Staples I would have thought there are a lot of unsecured networks out there.>
Tons! I'm building a device that allows me to connect to wireless networks on-the-fly and passes that connection from network to network while in transit.. similar to the way a cellphone hops from tower to tower when you're talking on the phone and driving. It's all dependent on the many thousands of open wireless networks :-).
<Investigate WPA. Its simple to setup, and good. Just use a preshared key of > 20 random characters (preferrably as long as the box allows) and it should be more than adequate for most people's needs. It doesn't have the same problems WEP does.>
I agree.. WPA is better than WEP. One of its biggest advantages now is that it's rather new and so only a small percentage of equipment out there supports it. The best way to take full advantage of WPA is to use an authentication server that provides RADIUS service, as opposed to using PSKs (pre-shared keys) as most consumers will end up doing.
I was thinking a while ago of setting up a FreeBSD box as a Wireless Access Point, but stopped short when I started reading about the vulnerabilities in WEP Keys.
That got me to wondering whether you can "Switch" to WPA2 when the protocol is fully developed, or is it built into the cards themselves, so you're either on WEP or WPA2?