On 4/11/2017 11:47 AM, Eric Oyen wrote:
that might work. However, I need an inexpensive source for that device. I have a couple of source companies I can go to, but they aren't at all cheap and my budget being what it is won't allow for expensive toys. -eric On Apr 11, 2017, at 7:15 AM, Scott Granados wrote:So when I did this I went with the first configuration. I ran Power over Ethernet up to the access points and ran the hardware inside enclosures. I was operating on a commercial tower though so had more of a budget to work with. What about a hybrid approach. Put your routers and the front end electronics at your home end, put a 5 GHZ amplifier out at the far end of the cable at the base of the antenna and power it from inside.On Apr 11, 2017, at 9:46 AM, Eric Oyen <[email protected]> wrote: yep, I will have to take a closer look at some of the settings then. the current router is capable of 5 Ghz operation, however, getting an external antenna setup for that band is problematic at best (any length of coax is going to be very lossy and also extremely expensive. At this point, such a setup would be a bit more doable if I just build up a custom unit, use Power over Ethernet and mount the device in an all weather enclosure at the mast mount point. THis would have the benefit of eliminating feed line losses and reducing cost. In fact, I could have dual band operation in both 2.45 Ghz and 5 Ghz using separate antennas for each band. one other possibility is to just have the transceiver units at the antenna point with both up and down conversion and run power and signals through coax to a unit inside the house that handles the heavy lifting. It seems more complicated, but in actuality has the side benefit of being able to access the device physically for any other work. In a lot of ways, it would actually be less expensive simply because you aren't trying to put the entire unit up in the air where heat and cold can adversely affect operation. This is basically how satellite does it. -eric On Apr 11, 2017, at 6:12 AM, Scott Granados wrote:OK a few things that are incorrect here but it might just be a difference in terminology. So Incorrect may be a bit strong. It’s probably the guy on this side of the keyboard.:) PSK or pre shared key s plenty secure assuming you have a good key. Your only option is to use a radius server and do WPA2 enterprise but then you’re still using passwords so same limitation has to be a good password. I’m absolutely certain your neighbor broke in to your network using WiFi protected setup or WPS which is a different animal as you know. Why someone would use a numeric pin over a long pass phrase baffles me because it’s far easier to guess. If you know the valid characters are in the range 0 to 9 instead of containing the whole alphabet, all the punctuation and so forth you can see how much this improves your odds of cracking. I’ve broken networks in under 30 seconds using this method assuming of course how quickly you guess the pin. Turn that feature off and use the AES encryption and I’m effectively locked out assuming I can’t guess your pass phrase. WPA verses WPA2. Here’s the difference, WPA uses TKIP cryptography. This is ok but has been found not to be as robust as it should. WPA2 uses AES encryption. AES is a European standard that’s very effective and uses all sorts of cool grouping and modulus tricks to Harden the connection. This is the way to go. It performs best, is the hardest to crack and uses the most bits in key and group generation. Next, let’s talk channels. (Eric, I’m being deliberately over detailed so folks not as skilled as your self can follow along, if I’m telling you stuff you know please be patient) There are three primary bands used for WiFi, they vary a little country to country but not significantly. The bands are 2.4 ghz, and two segments of the 5.0 ghz band. There’s some 5.8 ghz out there but this is quite new and yes there’s stuff up over 20 ghz but we’ll leave AD networking out of this for now to not over complicate. On the 2.4 ghz band in most countries there are 11 channels, in some there are 13 but let’s go with 11 for this discussion. The channels overlap so you have to be very careful what to pick. Channels need at least 5 for separation so for example. Channels 1 and 6 do not overlap, channels 1 and 3 do. So if you have a radio on 1 and one on 3 you’ll have collisions between the spectrum. The channels usually used for this reason are 1, 6 and 11. This means if you’re on channel 9 you’re colliding with channels 6 and 11. If we look at the signal we see that the bandwidth is 40 mhz under normal operation. Now if we have 20/40 mhz coexistence mode enabled which is usually the default this number will shrink to 20 MHz if another signal is received adjacent to your channel. So, pick an empty channel but be mindful of what you’re overlapping with. Also, this band is the most congested. You’re contending with everything from garage door openers to microwave ovens with bad seals. Cordless phones live up here and all sorts of baby monitors and things. The 5 GHz band is your best option if you have it available. Most modern routers do as do most interface cards. This band is broken in to sections, you have the lower band at channels 36, 40, 44 and 48 and then the upper band at channels 149, 153, 157 and 161. You also have the DFS band which includes 132 and several others. DFS is also used by military and other RADAR so you may select a DFS channel but if interference is picked up you’ll select a new one. Not all gear supports DFS and likely different countries handle this differently. Also, the first 20 MHz of the 5 ghz unlicensed frequency is dedicated to US cellular operators for LTE unlicensed, other countries will vary. On 5 GHZ you have 80 MHz of bandwidth so your effective throughput is faster. Also, with the way the channels are deployed you have more spectrum so you’re not dealing with the overlapping problem. You can be on channel 149 and have a radio on 153 and you’ll be ok in this instance. So bottom lining it, if you can, use 5 GHz. It carries differently than 2.4 and interacts more with things like walls and bricks but if you’re in a good setting the lack of congestion and more spectrum work in your favor. So in my example, the optimal setup is as follows. Set WPA2 for security, reduce the key interval from 3600 to 900 seconds, have a nice healthy long key, disable WPS, use the same SSID on 2.4 and 5 GHZ so you can take advantage of band steering and pick your low band channels wisely. The automatic selection on routers is better on some than others. Some reselect through out the day, others pick once and stick with a channel and still others just randomly select. On the low band most routers default to channel 6 so avoid 6 if possible or use it in Eric’s case where you’ve audited the spectrum and know it’s available manually.On Apr 11, 2017, at 1:40 AM, Eric Oyen <[email protected]> wrote: well, there are other access points around the neighborhood, although none of them are within close range (signal strengths less than 30%) and mine is only a single device in the house. Also, most ordinary users are appliance users, which means their knowledge will not be sufficient enough to determine this. The one who was sharing via my connection was more than just an appliance user, so making the SSID invisible to him wouldn't work. btw, I did a channel audit here and the channel I am using is pretty clear all around me. most folks seem to default to either 1 or 9. I am using 6 right now. I will break out the other machine and do another audit this next month and see if I need to change things here. btw, I was using WPA-PSK when my network was compromised. I have since switched to WPA2-TKIP-AES, turned off the PIN and changed the passphrase to something a lot more complex. As far as I am concerned, anything with a -PSK is just too easy to crack (I know, Reaver can crack it in under 10 minutes). anyway, I might decide to reinitialize WPS and keep the network congestion around here to a minimum. -eric On Apr 9, 2017, at 8:05 PM, Scott Granados wrote:That’s not my point though. My point is even with out putting in your particulars I can still pull that information out of the air with out having to enter anything. The SSID is also used for avoiding interference. The networks are really indicated with their MAC addresses so your access point broadcasts it’s MAC address as part of the packet. That’s present no matter what. I guess what I’m saying is not broadcasting the SSID has no security value at all and has the effect of causing additional congestion. Unless of course you’re out in a rural area with very few networks. Over all, turn of that WPS if it’s enabled, the Mac filtering is a good policy but turn that SSID back on so you and your neighbor’s routers play nice. With the changes I suggest and if you’re using WPA2PSK with a good key you’ll be very secure.On Apr 9, 2017, at 10:56 PM, Eric Oyen <[email protected]> wrote: well, when I turned off SSID broadcast, it was a little harder to get new devices to connect. basically, it takes inputting the SSID and other particulars manually. once connected, there is no trouble. -eric On Apr 9, 2017, at 3:54 PM, E.T. wrote:Interesting discussion. Much food for thought. I will study the VPN site you suggested. One thing you mentioned to Jonathan was that you disabled SSID in your router. How does that affect your Wifi network. Can your devices still see the network? I certainly would not mind hiding from the neighbors. From E.T.'s Keyboard. . . "God for you is where you sweep away all the mysteries of the world, all the challenges to our intelligence. You simply turn your mind off and say God did it." --Carl Sagan E-mail: [email protected] On 4/9/2017 1:35 PM, Eric Oyen wrote:not a problem. there are other reasons to use a VPN. However, 2 things I do when using google: 1. I am not signed in 2. I always use a VPN when searching. Also, of late, I have been having some trust issues with my current ISP. It seems that they sent me a notice of copyright infringement about a shared file. only problem, I was not sharing anything. So, I had to do a full blown security audit of my machines and network. I did, eventually, found where the issue was (the Lingsys router I have here had a security vulnerability that couldn't be easily closed. As a result, one of my neighbors was using it to share files. so, even though I had the thing password protected, it was still using a number of items that made breaking the password trivially easy with the right software. I finally managed to get a handle on the situation by turning off the PIN the device had, turning off SSID broadcast and engaging MAC filtering. I still can't completely trust the device, so I use a VPN pretty much all the time now. I am looking to upgrade the hardware though. A kit from Routerboard that I can install an image of OpenBSD on would make things a lot better here. THere are optional add-ons like WiFi B/G/A/N, a bridged set of LAN ports, an all weather housing, etc. Once that is done and installed, I can install the VPN package for OpenBSD on there, set it up to handle that and not worry too much. Then, if I want to be ultra secure, I would continue to use a VPN tunnel from my machine, thus doubling the protection. Now, as to why I would want to use a VPN for other than just security? It's simple. there are some programs hosted on the web that might be regionally restricted (like sports events). So, I would want to be able to listen legally and not be caught up in a blackout zone. Thus, VPN allows me to place my end point elsewhere (like NYC, Sanfransisco, Detroit, Dallas, or even a foreign country). A VPN also gets around what my ISP does when I am viewing something like Hulu or Netflix (they try to lower the QoS for video streaming on content that directly competes with their cable programming). With a VPN, they can't see the type of traffic, so they can't change its priority. They have yet to start doing so on encrypted tunnels. Besides, I am paying for a specific level of service and I hate it when the ISP decides that my traffic needs to be shaped. I don't have video here, so I expect full service. btw, I have already filed a number of complaints over this issue with both the FCC and the FTC. each time, my service gets maxed out for a few months and then they start the games again. Now, I am paying for 50 megabit/second service here and when the VPN is active, I can still get 40 through. Thats not bad, all things considered. Since I started using the VPN a year ago, the bandwidth shaping games have pretty much stopped. However, lately, I have been catching RST packets being sent from 2 hops upstream from me. That causes the VPN to drop and I have to reconnect. looks like its time to complain again. anyway, thats a lot of how and why I use one. Is it more secure? yes. is it absolutely secure? not a chance! A very determined hacker will still be able to break it, but its enormously more difficult. He'll just simply move on to an easier target. -eric On Apr 9, 2017, at 9:55 AM, Jonathan Cohn wrote:Eric, I just want to correct one thing. The elimination of the ISP can't collect traffic rule here in the US essentially does not change anything. Congress can not actually shutdown entire rules without Agency changes unless they are brand new rules. The privacy rules were I believe supposed to go into effect in June, and don't forget even if those rules had gone into effect Google would still be collecting and selling your data. In fact, be wary of any free or very inexpensive internet based service, software does not just get created out of thin air, companies pay good money for developers, and disk space costs something too. In fact one reason, congress did not like the new FCC rules was that they only provided a that no equivalent protections of privacy could be leveraged by the FCC over search engines, since the FCC only regulates the pipes and the FTC would regulate other internet services. Please forgive any specific inaccuracies in this post, I am going off of materials I read in tidbits.com <http://tidbits.com/> and severalpodcasts that I listened to over a week ago. Best wishes, JonathanOn Apr 9, 2017, at 12:31 PM, Eric Oyen <[email protected] <mailto:[email protected]>> wrote: well, depending on whether you use a free or paid service will make a difference in both service quality and setup. I use a paid service myself. It's $7 a month and is fairly reliable. I have tried some free services, but they are mostly hit and miss and are not always as secure. the service I use is located here: www.privateinternetaccess.com <http://www.privateinternetaccess.com/> and they have both client software or you can setup manually. Unfortunately, their cliente for the mac is not accessible, so I use a manual setup in the preferences pane. It works reasonably well. I have also done the manual setup in windows 7. This has allowed me to be able to have dropbox and a few other services when I am behind a firewall (like over at Voc rehab) THeir IT folks have gotten on my case more than once, until I pointed out to them that their own policy does not forbid the use of a vpn (it does, however, forbid the use of sharing services that are unprotected on their networks). I even had one of them try to break into my machine (at my request) and they found it well nigh impossible. I had the firewall on that win 7 box setup so that only traffic on the VPN was allowed in or out and everything else got dropped. That took a lot of heavy customization on my part to make it work. so, if you want to run a VPN, which these days is pretty much going to be a must now that ISP's aren't required to keep your info private, it is highly recommended.. btw, a lot of the free vpn services are not all that bandwidth friendly. thats why I use the service I do. they can support up to 20 Mbits/sec. for what I do, thats a must have. -eric On Apr 9, 2017, at 9:17 AM, E.T. wrote:The recent discussion about VPN got me interested but I was not ready to look into it at the time. I know the setup is done in Network prefs but where does one get information on VPN servers etc.? Thanks. From E.T.'s Keyboard. . . "God for you is where you sweep away all the mysteries of the world, all the challenges to our intelligence. You simply turn your mind off and say God did it." --Carl Sagan E-mail: [email protected] <mailto:[email protected]> -- The following information is important for all members of the Mac Visionaries list. If you have any questions or concerns about the running of this list, or if you feel that a member's post is inappropriate, please contact the owners or moderators directly rather than posting on the list itself. Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: [email protected] <mailto:[email protected]> and your owner is Cara Quinn - you can reach Cara at [email protected] <mailto:[email protected]> The archives for this list can be searched at: http://www.mail-archive.com/[email protected]/ --- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]>. To post to this group, send email to [email protected] <mailto:[email protected]>. Visit this group at https://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/d/optout.-- The following information is important for all members of the Mac Visionaries list. If you have any questions or concerns about the running of this list, or if you feel that a member's post is inappropriate, please contact the owners or moderators directly rather than posting on the list itself. Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: [email protected] <mailto:[email protected]> and your owner is Cara Quinn - you can reach Cara at [email protected] <mailto:[email protected]> The archives for this list can be searched at: http://www.mail-archive.com/[email protected]/ --- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]>. To post to this group, send email to [email protected] <mailto:[email protected]>. Visit this group at https://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/d/optout.-- The following information is important for all members of the Mac Visionaries list. If you have any questions or concerns about the running of this list, or if you feel that a member's post is inappropriate, please contact the owners or moderators directly rather than posting on the list itself. Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: [email protected] <mailto:[email protected]> and your owner is Cara Quinn - you can reach Cara at [email protected] <mailto:[email protected]> The archives for this list can be searched at: http://www.mail-archive.com/[email protected]/ --- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]>. To post to this group, send email to [email protected] <mailto:[email protected]>. Visit this group at https://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/d/optout.-- The following information is important for all members of the Mac Visionaries list. If you have any questions or concerns about the running of this list, or if you feel that a member's post is inappropriate, please contact the owners or moderators directly rather than posting on the list itself. Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: [email protected] and your owner is Cara Quinn - you can reach Cara at [email protected] The archives for this list can be searched at: http://www.mail-archive.com/[email protected]/ --- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]>. To post to this group, send email to [email protected] <mailto:[email protected]>. Visit this group at https://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/d/optout.-- The following information is important for all members of the Mac Visionaries list. If you have any questions or concerns about the running of this list, or if you feel that a member's post is inappropriate, please contact the owners or moderators directly rather than posting on the list itself. Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: [email protected] and your owner is Cara Quinn - you can reach Cara at [email protected] The archives for this list can be searched at: http://www.mail-archive.com/[email protected]/ --- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/d/optout.-- The following information is important for all members of the Mac Visionaries list. If you have any questions or concerns about the running of this list, or if you feel that a member's post is inappropriate, please contact the owners or moderators directly rather than posting on the list itself. Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: [email protected] and your owner is Cara Quinn - you can reach Cara at [email protected] The archives for this list can be searched at: http://www.mail-archive.com/[email protected]/ --- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/d/optout.-- The following information is important for all members of the Mac Visionaries list. If you have any questions or concerns about the running of this list, or if you feel that a member's post is inappropriate, please contact the owners or moderators directly rather than posting on the list itself. Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: [email protected] and your owner is Cara Quinn - you can reach Cara at [email protected] The archives for this list can be searched at: http://www.mail-archive.com/[email protected]/ --- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/d/optout.-- The following information is important for all members of the Mac Visionaries list. If you have any questions or concerns about the running of this list, or if you feel that a member's post is inappropriate, please contact the owners or moderators directly rather than posting on the list itself. Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: [email protected] and your owner is Cara Quinn - you can reach Cara at [email protected] The archives for this list can be searched at: http://www.mail-archive.com/[email protected]/ --- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/d/optout.-- The following information is important for all members of the Mac Visionaries list. If you have any questions or concerns about the running of this list, or if you feel that a member's post is inappropriate, please contact the owners or moderators directly rather than posting on the list itself. Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: [email protected] and your owner is Cara Quinn - you can reach Cara at [email protected] The archives for this list can be searched at: http://www.mail-archive.com/[email protected]/ --- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/d/optout.-- The following information is important for all members of the Mac Visionaries list. If you have any questions or concerns about the running of this list, or if you feel that a member's post is inappropriate, please contact the owners or moderators directly rather than posting on the list itself. Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: [email protected] and your owner is Cara Quinn - you can reach Cara at [email protected] The archives for this list can be searched at: http://www.mail-archive.com/[email protected]/ --- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/d/optout.-- The following information is important for all members of the Mac Visionaries list. If you have any questions or concerns about the running of this list, or if you feel that a member's post is inappropriate, please contact the owners or moderators directly rather than posting on the list itself. Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: [email protected] and your owner is Cara Quinn - you can reach Cara at [email protected] The archives for this list can be searched at: http://www.mail-archive.com/[email protected]/ --- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/d/optout.
-- The following information is important for all members of the Mac Visionaries list. If you have any questions or concerns about the running of this list, or if you feel that a member's post is inappropriate, please contact the owners or moderators directly rather than posting on the list itself. Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: [email protected] and your owner is Cara Quinn - you can reach Cara at [email protected] The archives for this list can be searched at: http://www.mail-archive.com/[email protected]/--- You received this message because you are subscribed to the Google Groups "MacVisionaries" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/d/optout.
