Hi guys,
Ok, Friday I actually did what Sully was talking about. I've got 2 customers calling me telling me service is down for them since Fri. What's really wierd is that all of my airBridges have been set up exactly the same, so for only 2 of them to have problems and the other 20 something in the area to be ok is puzzling! Actually, one of these customers I lost when I changed his default key to 2 as I've already said before below. The other...well, I just dunno!
Alex, you say that the working combination is shared – shared, open – open, both – open
Does the "both-open" mean "both" on APPO and "open" on the AB? I guess "Shared" on APPO and "both" on AB does not work?? Please advise...
Thanks!!!
Sevak
On Mon, 2003-09-22 at 12:03, sB Tech Support wrote:
1. If I have the aPPo on default key 1 and some of my clients on default 2, some on default 3, some on default 4…..are you saying that all my clients will still associate AND communicate with no problems??
sB: Yes this is correct as long the value matches the respective Key in the aPPO, ie. Key 2 on CPE (default key is 2 ) match Key 2 on AP (default key is 1)
2. Does “shared” or “open” authentication have any play at all in this?
sB: Yes, there is. In general, shared – shared, open – open, both – open is the working combination
3. If I really can do this, then wouldn’t it make sense to do so? That way, there is not 100% of your traffic using the same key, therefore less susceptible to cracking (which is pretty hard as it is). Right??
sB: Yes, in a sense, it is more secure.
4. What drawbacks are there to doing this?? ß may take more than 1 word (-;
sb: Can’t think of any drawback.
5. Is there any slow down with the aPPo switching between keys?
sB: Should be the same. Anyway, they need to perform the “secret key” lookup
6. Would this have adverse affects on LQ due to introducing “hidden node” issues? For example, now some of the clients (even neighbors on different keys) are not “hearing” each other, and therefore will not shut up…causing more collisions.
sB: The WEP key has no relation to LQ due to hidden node issue at all.
Thanks!
Alex
sB Tech Support
[EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of The Wirefree Network
Sent: Monday, September 22, 2003 11:40 PM
To: [EMAIL PROTECTED]
Subject: RE: [smartBridges] WEP encryption
Seeni,
Thanks for the great description!
Can you please answer my questions with just a simple yes/no. hhahaa…anything more than that and I will probably get lost.
FACT: I ALWAYS burn in all 4 keys into all client devices which exactly match my head-end aPPo.
1. If I have the aPPo on default key 1 and some of my clients on default 2, some on default 3, some on default 4…..are you saying that all my clients will still associate AND communicate with no problems??
2. Does “shared” or “open” authentication have any play at all in this?
3. If I really can do this, then wouldn’t it make sense to do so? That way, there is not 100% of your traffic using the same key, therefore less susceptible to cracking (which is pretty hard as it is). Right??
4. What drawbacks are there to doing this?? ß may take more than 1 word (-;
5. Is there any slow down with the aPPo switching between keys?
6. Would this have adverse affects on LQ due to introducing “hidden node” issues? For example, now some of the clients (even neighbors on different keys) are not “hearing” each other, and therefore will not shut up…causing more collisions.
Thanks!
Sully
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Seeni Mohamed
Sent: Friday, September 19, 2003 10:26 AM
To: [EMAIL PROTECTED]
Subject: RE: [smartBridges] WEP encryption
Hi Sevak,
For example, if the transmitter (Access point) used to encrypt the packet WEP Key of Key 1, then receiver (CPE) will use the corresponding WEP key of Key 1, since this key is used for the encryption of the packet and exists as information.
Here is the example of WEP key selection procedure:
Transmiter Receiver
AP <--------------------------------> Client
Key1: 11 11 11 11 Key1: 11 11 11 11
Key2: 22 22 22 22 Key2: 22 22 22 22
Default key = 1 Default key = 2
Authentication result = OK
AP <--------------------------------> Client
Key1: 11 11 11 11 Key1: 22 22 22 22
Key2: 22 22 22 22 Key2: 11 11 11 11
Default key = 1 Default key = 2
Authentication result = Failed
As mentioned above, the CLIENT keys table should match the APPO keys table.
In order to activate the WEP key in the APPO(AP mode), you must select at least one key as a default key. But all the 4 keys are in the access point is enabled for the authentication. In the client side, the selected “default key” ONLY activated for the authentication and it should match with APPO’s table entry as stated above.
Thank you
Seeni
sB Tech Support
[EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Sevak Avakians
Sent: Friday, September 19, 2003 8:20 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [smartBridges] Stealing service
Hi Seeni,
So if it the APPO is in AP mode and all 4 WEP keys are filled, then any airBridge can connect using any of those 4 keys, right?
Unfortunately, I tried this and it didn't seem to work. I have all 4 WEP keys filled on the APPO in AP mode. All of my airBridges have the same 4 keys, but are currently using key 1 as default. Yesterday, I changed one of the airBridges to key 2. This airBridge disappeared from the network completely. I couldn't get it back to change it back to key 1. (I'm expecting the customer to call me and tell me that he's not getting service. A hard reset should revert it back, I hope?)
What did I do wrong here?
Thanks,
Sevak
On Thu, 2003-09-18 at 18:12, Seeni Mohamed wrote:
Hi Sevak,
In airBridges and aPPO, you will be able to save 4 WEP keys. As you said, there is no cycling selection of WEP keys in airBirdge. We can activate only one key at a same time.
We have implemented this option only on the aPPO in AP mode.
When airPointPRO is running on AP mode, “Default key” selection option will not work and we use this option for the other operational mode like client bridge mode.
In AP mode, it is capable to accept multiple WEP keys from the multiple clients.
For example,
AP= key1 and key2
Client airBridge1= key1 and Client bridge2=key2
Both entries are already in the AP, it will pass the traffic. As long as the access point entries matched with the key table, the traffic will pass through.
Seeni
sB Tech Support
[EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Sevak Avakians
Sent: Friday, September 19, 20033:12 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [smartBridges] Stealing service
Thanks, Sully! It will save me some restless nights.
;-)
I'm going to look into the pppoe more closely, but probably will not implement it for a few months.
Talking about WEP keys, I have all 4 WEP keys listed in the appo and on the airBridges. I've just tried flipping the default key on the appo from key 1 to key 2, but lost all the airBridges. I guess the airBridges don't have a cycling method to check for the next WEP key, huh? That would be a nice feature, I think.
Kind regards,
Sevak
On Thu, 2003-09-18 at 12:10, The Wirefree Network wrote:
The amount of traffic that MUST be sniffed to crack WEP is HUGE. I sniffed traffic for 72 hours at the head-end (which hears ALL traffic on my network), and I did not receive a single “interesting packet”. You need thousands or even millions of “interesting packets” to crack WEP. After successfully cracking WEP, the hacker would need to sniff the MAC and IP pairing (not difficult), spoof them, and overpower the legitimate client so that he drops off the network, and then you can assume his identity.
In other words….I don’t see it happening.
Don’t get me wrong…I still recommend PPPoE as well…but I would NOT lose any sleep about someone spoofing your customer’s MAC address.
BTW…the internal MAC authorization table (at the aPPo) authorizes the MAC of the sB device only (not the internal MAC addresses). I only install exterior (roof top) sB devices. So…my client does not know their MAC address….and therefore you also don’t have to worry about them giving their MAC address to a neighbor. But…even if they did, the bandwidth still counts against the legitimate client.
Sully
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Sevak Avakians
Sent: Thursday, September 18, 20036:58 AM
To: [EMAIL PROTECTED]
Subject: RE: [smartBridges] Stealing service
Hi Sully,
You're right. I am using WEP. No one has yet done this on our network, but I would like to take preventative measures.
Thanks,
Sevak
On Thu, 2003-09-18 at 09:48, The Wirefree Network wrote:
My question is: How are they spoofing the MAC address if you are using WEP? I highly doubt that they sniffed long enough to break it….so are you not using WEP?
Personally…I think that it is plain old stupid to not use WEP…unless you are running a HOTSPOT.
If you are using sB devices at the client-side, then you just preload the WEP keys (preferably with simpleDeploy) and you are done.
Sully
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Sevak Avakians
Sent: Thursday, September 18, 20036:12 AM
To: [EMAIL PROTECTED]
Subject: [smartBridges] Stealing service
I vaguely remember someone else discussing this on this list: Has anyone come across "customers" who duplicate legitimate MAC addresses (such as their neighbor's) on another device to get your Internet service for free? If so, what can be done about it?
Thanks,
Sevak
|
