Thanks, Seeni.
It seems simple enough. I thought I had it like this, but I'll check to see if I screwed something up.
Have a good weekend!
Kind regards,
Sevak
On Fri, 2003-09-19 at 13:25, Seeni Mohamed wrote:
Hi Sevak,
For example, if the transmitter (Access point) used to encrypt the packet WEP Key of Key 1, then receiver (CPE) will use the corresponding WEP key of Key 1, since this key is used for the encryption of the packet and exists as information.
Here is the example of WEP key selection procedure:
Transmiter Receiver
AP <--------------------------------> Client
Key1: 11 11 11 11 Key1: 11 11 11 11
Key2: 22 22 22 22 Key2: 22 22 22 22
Default key = 1 Default key = 2
Authentication result = OK
AP <--------------------------------> Client
Key1: 11 11 11 11 Key1: 22 22 22 22
Key2: 22 22 22 22 Key2: 11 11 11 11
Default key = 1 Default key = 2
Authentication result = Failed
As mentioned above, the CLIENT keys table should match the APPO keys table.
In order to activate the WEP key in the APPO(AP mode), you must select at least one key as a default key. But all the 4 keys are in the access point is enabled for the authentication. In the client side, the selected “default key” ONLY activated for the authentication and it should match with APPO’s table entry as stated above.
Thank you
Seeni
sB Tech Support
[EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sevak Avakians
Sent: Friday, September 19, 2003 8:20 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [smartBridges] Stealing service
Hi Seeni,
So if it the APPO is in AP mode and all 4 WEP keys are filled, then any airBridge can connect using any of those 4 keys, right?
Unfortunately, I tried this and it didn't seem to work. I have all 4 WEP keys filled on the APPO in AP mode. All of my airBridges have the same 4 keys, but are currently using key 1 as default. Yesterday, I changed one of the airBridges to key 2. This airBridge disappeared from the network completely. I couldn't get it back to change it back to key 1. (I'm expecting the customer to call me and tell me that he's not getting service. A hard reset should revert it back, I hope?)
What did I do wrong here?
Thanks,
Sevak
On Thu, 2003-09-18 at 18:12, Seeni Mohamed wrote:
Hi Sevak,
In airBridges and aPPO, you will be able to save 4 WEP keys. As you said, there is no cycling selection of WEP keys in airBirdge. We can activate only one key at a same time.
We have implemented this option only on the aPPO in AP mode.
When airPointPRO is running on AP mode, “Default key” selection option will not work and we use this option for the other operational mode like client bridge mode.
In AP mode, it is capable to accept multiple WEP keys from the multiple clients.
For example,
AP= key1 and key2
Client airBridge1= key1 and Client bridge2=key2
Both entries are already in the AP, it will pass the traffic. As long as the access point entries matched with the key table, the traffic will pass through.
Seeni
sB Tech Support
[EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sevak Avakians
Sent: Friday, September 19, 2003 3:12 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [smartBridges] Stealing service
Thanks, Sully! It will save me some restless nights.
;-)
I'm going to look into the pppoe more closely, but probably will not implement it for a few months.
Talking about WEP keys, I have all 4 WEP keys listed in the appo and on the airBridges. I've just tried flipping the default key on the appo from key 1 to key 2, but lost all the airBridges. I guess the airBridges don't have a cycling method to check for the next WEP key, huh? That would be a nice feature, I think.
Kind regards,
Sevak
On Thu, 2003-09-18 at 12:10, The Wirefree Network wrote:
The amount of traffic that MUST be sniffed to crack WEP is HUGE. I sniffed traffic for 72 hours at the head-end (which hears ALL traffic on my network), and I did not receive a single “interesting packet”. You need thousands or even millions of “interesting packets” to crack WEP. After successfully cracking WEP, the hacker would need to sniff the MAC and IP pairing (not difficult), spoof them, and overpower the legitimate client so that he drops off the network, and then you can assume his identity.
In other words….I don’t see it happening.
Don’t get me wrong…I still recommend PPPoE as well…but I would NOT lose any sleep about someone spoofing your customer’s MAC address.
BTW…the internal MAC authorization table (at the aPPo) authorizes the MAC of the sB device only (not the internal MAC addresses). I only install exterior (roof top) sB devices. So…my client does not know their MAC address….and therefore you also don’t have to worry about them giving their MAC address to a neighbor. But…even if they did, the bandwidth still counts against the legitimate client.
Sully
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sevak Avakians
Sent: Thursday, September 18, 2003 6:58 AM
To: [EMAIL PROTECTED]
Subject: RE: [smartBridges] Stealing service
Hi Sully,
You're right. I am using WEP. No one has yet done this on our network, but I would like to take preventative measures.
Thanks,
Sevak
On Thu, 2003-09-18 at 09:48, The Wirefree Network wrote:
My question is: How are they spoofing the MAC address if you are using WEP? I highly doubt that they sniffed long enough to break it….so are you not using WEP?
Personally…I think that it is plain old stupid to not use WEP…unless you are running a HOTSPOT.
If you are using sB devices at the client-side, then you just preload the WEP keys (preferably with simpleDeploy) and you are done.
Sully
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sevak Avakians
Sent: Thursday, September 18, 2003 6:12 AM
To: [EMAIL PROTECTED]
Subject: [smartBridges] Stealing service
I vaguely remember someone else discussing this on this list: Has anyone come across "customers" who duplicate legitimate MAC addresses (such as their neighbor's) on another device to get your Internet service for free? If so, what can be done about it?
Thanks,
Sevak
|
