Setting Up Security On Wi-Fi Network

BigO1120BigO1120 Member Posts: 110
What's up everyone!!

I have a dilema going on here. I have a Linksys 802.11b Wi-Fi router with 4 nodes (3 are Wi-Fi and 1 is connected directly to the router). I set up WPA Pre-Shared Key on the router and I also filtered the MAC addresses on all 4 systems for Internet access. The problem I am having now is that even though I set up WPA Pre-Shared Key with TKIP encryption the connection seems to get dropped. The 3 Wi-Fi nodes (2 Desktops, 1 Laptop) are able to access the network, they get on the Internet, but then the connection drops and they can't get back onto the network. I can't even renew the IP addresses. I can release them (duh!) but I can't seem to get a new IP.

Group Key Renewal Interval time has been set to 7200 seconds but I'm not able to go above that. I keep getting a message stating that I am outside of the time range (600 - 7200). When I disable the WPA Pre-Shared Key feature from the router all the 3 systems are able to connect with no problems.

Someone moved next door to me who has a wireless laptop and I found out that he's connecting to my network and using my Internet connection. He claims that he has his own network now but I don't want him even accessing my network (hence the reason why I'm enabling security on the network).

Does anyone know why this happens to my 3 Wi-Fi systems when I enable the WPA Pre-Shared Key feature? Any help would be greatly appreciated.

icon_evil.gif
A Thing Of Beauty Is A Joy Forever

Comments

  • garv221garv221 Member Posts: 1,914
    First disable your SSID broadcast & create a unique name. That will stop the guy next door from seeing your network. Check your logs to see if he has connected. I don't even use WEP/ WPA because in my opinion it sucks. It can be cracked in 5 minutes. All you need is MAC filtering. Get your wireless PCs up on the network & only allow them access. You should have a check mark by them. If the guy next door is connecting you don't have MAC filtering working right or you actually allowed him access. Change the IP scheme to like 10.1.X.X & only allow like 5 computers to connect. Change your password .
  • eastpeastp Member Posts: 179
    garv221 wrote:
    First disable your SSID broadcast & create a unique name. That will stop the guy next door from seeing your network. .
    Unless he is using netstumbler,then he will still see the SSID,
    garv221 wrote:
    Check your logs to see if he has connected. I don't even use WEP/ WPA because in my opinion it sucks. It can be cracked in 5 minutes. All you need is MAC filtering. Get your wireless PCs up on the network & only allow them access. You should have a check mark by them. If the guy next door is connecting you don't have MAC filtering working right or you actually allowed him access. Change the IP scheme to like 10.1.X.X & only allow like 5 computers to connect. Change your password.

    This is the sure way NOT to go, since mac filtering is even greater crap then WEP, and it's very easy to spoof a mac address,
    If possible use WPA(if used with shared passkey, use as very long one and change it very often.)

    On why this happens i really can't say, it can be several things, i was having almost the same prob with a dlink, but the problem was with the Super G with turbo.
    An option is to check if there is a firmware update for the router and wireless cards,
    Multitasking:
    Screwing up several things at once.
  • keatronkeatron Security Tinkerer Member Posts: 1,213 ■■■■■■□□□□
    To answer the question you asked, just enabling WPA on the access point without doing the neccessary configurations on your wifi clients will definantly render you "unable to connect". If you could just enable WPA and everything still connect the same as before, what would be the point of having it? Check the documentation that came with your linksys and see what steps you need to take from the client side.
  • garv221garv221 Member Posts: 1,914
    eastp wrote:
    garv221 wrote:
    First disable your SSID broadcast & create a unique name. That will stop the guy next door from seeing your network. .
    Unless he is using netstumbler,then he will still see the SSID,
    garv221 wrote:
    Check your logs to see if he has connected. I don't even use WEP/ WPA because in my opinion it sucks. It can be cracked in 5 minutes. All you need is MAC filtering. Get your wireless PCs up on the network & only allow them access. You should have a check mark by them. If the guy next door is connecting you don't have MAC filtering working right or you actually allowed him access. Change the IP scheme to like 10.1.X.X & only allow like 5 computers to connect. Change your password.

    This is the sure way NOT to go, since mac filtering is even greater crap then WEP, and it's very easy to spoof a mac address,
    If possible use WPA(if used with shared passkey, use as very long one and change it very often.)

    On why this happens i really can't say, it can be several things, i was having almost the same prob with a dlink, but the problem was with the Super G with turbo.
    An option is to check if there is a firmware update for the router and wireless cards,
    WPA isn't great also. If your going CIA style a combination of everything will work, WPA/MAC. MAC filtering will keep a wondering guy honest.
  • eastpeastp Member Posts: 179
    garv221 wrote:

    WPA isn't great also. If your going CIA style a combination of everything will work, WPA/MAC. MAC filtering will keep a wondering guy honest.

    True, that's why it's best to implement a combo

    Kind regards
    Eastp
    Multitasking:
    Screwing up several things at once.
  • garv221garv221 Member Posts: 1,914
    eastp wrote:

    True, that's why it's best to implement a combo

    Kind regards
    Eastp

    Cheers. icon_wink.gif
  • BigO1120BigO1120 Member Posts: 110
    eastp wrote:
    An option is to check if there is a firmware update for the router and wireless cards,

    I updated the firmware on my router before I went ahead and started playing with the security on it. I did do MAC filtering but what happened was that the laptop (running XP SP2) kept connecting to the network but then after 5 minutes it would drop from the network.

    Is there anything in particular that I have to set on the laptop itself, or with the other 2 systems. I don't have a problem with the computer that's connected directly to the router (duh!) but this is a real annoying problem.

    Thanks!
    A Thing Of Beauty Is A Joy Forever
  • eastpeastp Member Posts: 179
    bigo1120 wrote:
    I updated the firmware on my router before I went ahead and started playing with the security on it. I did do MAC filtering but what happened was that the laptop (running XP SP2) kept connecting to the network but then after 5 minutes it would drop from the network.

    Is there anything in particular that I have to set on the laptop itself, or with the other 2 systems.
    Thanks!

    What kind of wireless cards are you using?
    Did you check if there is a firmware update for this?
    Are you using the connection software from XP(Wireless Zero Utility) it self or the one provide with the cards(In some cases it's the best not the use the one from XP).

    Check the logs of the router to see if it reboots or if it is really the client disconnecting.
    If there is an option to set the router to a fixed channel try this on the channels possible, an interference from an other wireless device (e.g.: phone) can cause the router to reboot to change the channel (don’t know for sure on your type)

    An other option is to check if the card is with the Atheros chipset (is very often the case for several venders).
    If this is the case, then it is supported by the Atheros driver and connection software(make sure that you set it up the same as the router(e.g. WPA and correct password) http://www.atheros.com
    (i'm using this now as well, and i don't have any probs anymore since it's updated more then the drivers provided by the vender),

    Check if Upnp can be disabled on the router, try to do this and disable it on the clients as well, this can case some probs in a wireless lan( for more info regarding Upnp http://support.microsoft.com/default.aspx?scid=kb;en-us;323713
    Multitasking:
    Screwing up several things at once.
  • /usr/usr Member Posts: 1,768
    All you need is MAC filtering

    That isn't true. The MAC address is sent in the clear. If someone sniffs the network, spoofing the MAC address is trivial.
  • strauchrstrauchr Member Posts: 528
    MAC address filtering is much much easier to crack (sent in clear text) then WEP. And using WPA with TKIP is a very strong method of protecting a wireless network.
  • BigO1120BigO1120 Member Posts: 110
    I just came across another dilema...at the beginning of this thread I said that I have 4 nodes. I forgot to include my Xbox (with a wireless adapter) which is now having problems accessing my wireless network. I haven't logged onto Xbox Live in almost 2 months so I haven't even noticed the fact that it has not been connecting to the network. Obviously there is no interface for me to enter a password (at least not that I know of) and it doesn't have a MAC address. I don't know if creating a MAC address on the Xbox would work but I've never had to do this before.

    I'm still having problems in where my nodes are able to access the network but then the signal drops.

    Any ideas on how I can get the Xbox to connect?
    A Thing Of Beauty Is A Joy Forever
  • Ten9t6Ten9t6 Member Posts: 691
    On the xbox, you can change the mac address in the advanced ip settings. I have done this on a hotel network when traveling. I used my laptop to log into the hotel network...did and IPCONFIG and set my mac address of the xbox to my laptops mac address...and it worked.

    On your wireless...is it disconnecting you while it is idle or while your are working. If it is while you are idle, check some of the settings on your wireless nic.
    Kenny

    A+, Network+, Linux+, Security+, MCSE+I, MCSE:Security, MCDBA, CCNP, CCDP, CCSP, CCVP, CCIE Written (R/S, Voice),INFOSEC, JNCIA (M and FWV), JNCIS (M and FWV), ENA, C|EH, ACA, ACS, ACE, CTP, CISSP, SSCP, MCIWD, CIWSA
  • BigO1120BigO1120 Member Posts: 110
    You have come through for me yet again Ten9t6!!!

    I'm going to ask you a dumb question (hey, this is what these forums are for right?)...did you set the MAC for the Xbox FROM the laptop using IPCONFIG? How did you end up doing that?

    Also, my nodes drop connection regardless whether I am idle or not.

    bowing.gif I am not worthy!!!!
    A Thing Of Beauty Is A Joy Forever
  • Ten9t6Ten9t6 Member Posts: 691
    If you turn on your xbox without a game in it...it boots up to that green and black screen...in there you can set your network configurations.....once your in there it is under advanced.

    I did the ipconfig / all on my laptop and found the mac address of my nic...I then unpluged my laptop from the network and plugged in the xbox. ...booted the xbox without a game and configured it with the mac address that I found for my laptop....and everything worked. icon_wink.gif

    but if your in a hotel that has you login to the network before you can browse...do that then disconnect the cable and hook up the xbox.
    Kenny

    A+, Network+, Linux+, Security+, MCSE+I, MCSE:Security, MCDBA, CCNP, CCDP, CCSP, CCVP, CCIE Written (R/S, Voice),INFOSEC, JNCIA (M and FWV), JNCIS (M and FWV), ENA, C|EH, ACA, ACS, ACE, CTP, CISSP, SSCP, MCIWD, CIWSA
  • wildfirewildfire Member Posts: 654
    All you need is MAC filtering


    That isn't true. The MAC address is sent in the clear. If someone sniffs the network, spoofing the MAC address is trivial.

    All we are taking about here is your home network if your worried someone is going to spoof your MAC address then they will want to get in anyway! I find that WPA slows my connection down, so I simply opt fo SSID of, MAC Filtering and allow a max of 3 connections (which is what I have on anyway). This will stop the guy next door, but the dtermined hacker will get in pretty much no matter what you do!
    Looking for CCIE lab study partnerts, in the UK or Online.
  • Ten9t6Ten9t6 Member Posts: 691
    this is true...if they really want in...they will get in...The key is to make it not worth their time. This means setting security up in layers. I know some neighbors that might still mess with something that if it only had one of these suggestions implemented....but if you add another one, they don't want to play.

    You are also right in saying that implementing some of these will slow the communications down.....there is a penalty for everything you add.
    Kenny

    A+, Network+, Linux+, Security+, MCSE+I, MCSE:Security, MCDBA, CCNP, CCDP, CCSP, CCVP, CCIE Written (R/S, Voice),INFOSEC, JNCIA (M and FWV), JNCIS (M and FWV), ENA, C|EH, ACA, ACS, ACE, CTP, CISSP, SSCP, MCIWD, CIWSA
  • BigO1120BigO1120 Member Posts: 110
    wildfire wrote:
    All you need is MAC filtering


    That isn't true. The MAC address is sent in the clear. If someone sniffs the network, spoofing the MAC address is trivial.

    All we are taking about here is your home network if your worried someone is going to spoof your MAC address then they will want to get in anyway! I find that WPA slows my connection down, so I simply opt fo SSID of, MAC Filtering and allow a max of 3 connections (which is what I have on anyway). This will stop the guy next door, but the dtermined hacker will get in pretty much no matter what you do!


    You mean to tell me that someone will get into my network regardless (sarcasm)?!?!?! I'm not running Fort Knox out of my home...but if I can prevent my next door neighbor from using my connection to browse the internet for free then you know what...I'd like to do that.

    This is another reason why I'd like to get into security so that I could stop the determined from SPOOFING my MAC address!
    A Thing Of Beauty Is A Joy Forever
  • xetrevxetrev Member Posts: 59 ■■□□□□□□□□
    leave it wide open, create some funky default routes and setup a vpn so unless you are vpned in no internet access
  • BigO1120BigO1120 Member Posts: 110
    OK!?
    A Thing Of Beauty Is A Joy Forever
Sign In or Register to comment.