Domain: practicallynetworked.com
Stories and comments across the archive that link to practicallynetworked.com.
Comments · 28
-
Re:Legality of this
Even if they don't, the SSID can be found and the router cracked.
One way to prevent connecting to hidden SSID is to limit which MAC address can connect to the router and have a strong encyption set up (WAP, WEP, etc key).
More details to get you started: http://www.practicallynetworked.com/support/wireless_secure.htm -
Re:So using this logic....You're being plain dumb.
There's no requirement to broadcast it. And further, just to be pedantic, it's an AP identifier, NOT a network one. (Because any network can have many AP's)
If you put up a sign that said - "The code to open the door is: ABC" - then prosecuted anyone who does, perhaps your argument is consistant. But I doubt you'd argue that. A SSID broadcast is an advertisiment of service. It's not a label. If you don't broadcast it, then it's a label.
You can turn SSID broadcasts off, and still connect. It's really quite easy to do. You just tell the wireless software to connect to your AP on channel X, and use SSID "ABC."
Now that isn't as convienient, but it can be done.
But if you broadcast (advertise) service, someone's going to assume you can connect to that service. If you don't want them to connect, you either use a capture portal, or you use a static IP assignment, or prevent the DHCP server from granting an IP.
But frankly, how I can know where that AP is actually located. In any reasonably dense location around here, my wireless card will detect anywhere from 4-12+ AP's. Probably more than half will be completely unsecure. So, do I just go knocking on doors until I find the right place? Or perhaps I ought to get out my directional wireless antenna and attempt to triangulate the AP, right?
I live in Portland OR, by the way - and we have a very vibrant open AP network community here. Many people leave their AP's open and really don't care if anyone connects to it. (Especially if they can ensure their machines aren't personally attacked... I don't agree with this stance, as I think it's foolish, but that's not the point.)
Finding the AP owner in any setting can be daunting. I rarely connect to someone else's AP, but if it advertises service, (SSID broadcast) and hands out IP's and doesn't filter traffic or offer a capture portal, I believe I'm legally reasonable in using it.
I tend to use SSL wrapped sessions via VPN and etc, but I still use it if I need to.
I find no need to ask, when the "sign" (SSID broadcast) is an invitation to use, and when the equipment explicitly grants me access and handles my traffic properly. I really have no idea if they intend to "share" or not, and probably, around here at least, it's a 50/50 chance. But they chose to ignore perfectly reasonable documentation, and run it open. That's nice. If you don't want to do that, go ahead and read a few more pages and use trivial steps to setup security.
In fact, I personally have a published document that explains all this in very clear terms - exactly what you need to choose for options and why. I have distributed this to literally thousands of people - it goes out in a marketing packet I send - and I can count on a SINGLE HAND the number of people who have taken this seriously and inquired further. (I just setup a capture portal for a client last week too, so it's not like I'm not aware of the possibilties.)
So, I simply don't have much sympathy to those who claim they didn't know. They didn't attempt in any serious way to find out. They, intentionally or not, left their equipment configured to share. If they don't want to share, there are easy steps to prevent it.
I mean, freak - google this "wireless internet secure"
The very first link that comes up...http://www.practicallynetworked.com/support/wirele ss_secure.htm
Securing your Wireless Network
Secure Your LAN
LAN Security Threats
LAN Security Tools
Wireless Networking Security
These days wireless networking products are so ubiquitous and inexpensive that just about anyone can set up a WLAN in a matter of minutes with less than $100 worth of equipment. This widespread use of wireless networks means that there may be dozens of potential network intruders lurking within range of your home or office WLAN.
What can I do?
Most WLAN -
Re:Oh noes!
It should, of course, be noted that this is really only the case in XP, while running in the default user configuration. Want Windows 2000-style user configuration / login?
Administrative Tools -> Computer Management -> Local Users and Groups
Or, alternatively, for the actual old Control Panel dialog:
Start -> Run -> control userpasswords2
Want to access the (much more powerful) ACL-based File Sharing and Security from 2000 rather than the simple one presented by default in XP? You need Pro, but:
My Computer -> Tools -> Folder Options -> View -> Uncheck "Use Simple File Sharing (Recommended)".
Unfortunately if you have XP Home, you can (apparently) only get the advanced Security tab when booted into Safe Mode.
So yeah, it should be possible to do things as an unprivileged user. Microsoft just made it really obscure in XP. Windows 2000 (and 2003) has been running unprivileged users for ages.
Here's some more info about accessing Win2K-style Security controls in XP Pro. -
This is actually about telecommutersThis has nothing to do with charging Google for video, and everything to do with this:
Thank you for your message.
The Comcast @Home product is, and has always been, designated as a residential service and does not allow the use of commercial applications. A VPN or Virtual Private Network is primarily used to connect Internet users to her or his work LAN from an Internet access point.
High traffic telecommuting while utilizing a VPN can adversely affect the condition of the network while disrupting the connection of our regular residential subscribers.
To accommodate the needs of our customers who do choose to operate VPN, Comcast offers the Comcast @Home Professional product. @Home Pro is designed to meet the needs of the ever growing population of small office/home office customers and telecommuters that need to take advantage of protocols such as VPN. This product will cost $95 per month, and afford you with standards which differ from the standard residential product.
If you're interested in upgrading your current Comcast @Home service to Comcast @Home Pro, please e-mail your name, address, and phone number to: sales@comcastpc.com. Prior to Sept 15th, you will be contacted by one of our Comcast @Home Pro representatives to discuss upgrading from your current Comcast @Home residential service.
While VPN is not a prohibited use of the @Home Pro product, Comcast does not provide support for VPN technology. All inquiries regarding VPN should be directed toward your company's network administrator.
Currently, the Comcast @Work commercial services do provide VPN support. If your company pays for your internet service, or if you would like to use supported VPN or IP tunneling, please contact our commercial services at 888-638-4338 or visit www.comcastwork.com.
If there is anything else we can help you with, please contact us. Thank you for choosing Comcast@Home.
Steve Comcast@Home Email Response Specialist
Stop talking about this like it has anything to do with video. This has nothing to do with video, and everything to do with them turning off telecommuting (indeed, any encrypted communication) by default.
-
Re:Junction for Windows
It's definitely there on my XP Pro Box at work! I think it's there by default on Domain Member computers - but hidden by default on Workgroup computers.
Anyway, you need to turn off "Simple File Sharing" - see this page.
(XP Home only supports Simple, 2K3 only supports "full", XP Pro can do either.) That whole article walks you through the whole process. -
Re:Junction for Windows
It's definitely there on my XP Pro Box at work! I think it's there by default on Domain Member computers - but hidden by default on Workgroup computers.
Anyway, you need to turn off "Simple File Sharing" - see this page.
(XP Home only supports Simple, 2K3 only supports "full", XP Pro can do either.) That whole article walks you through the whole process. -
Re:"Awesome!" say 95% of computer users.
"I bet with Windows, I can add my friend's music collection to my playlist! Oh... DRM."
If you can't afford the songs, then you don't really want them, do you? Borrow an album, sure, but do you think fair use should really include "permanently borrowing" thousands of songs?
"I bet I can create a wireless network without an access point! Oh... Need Linux for that."
Linux and roughly twenty pages of howtos. Which wireless cards work with which distros? Oops, I meant which revisions of which wireless cards works with which distros?
I really wish I could use some sort of "wizard" in XP to "share" my connection. Oh wait, I can.
"I can't even change the MAC address on my ethernet cards."
Gosh, I wish there was an item for around $100 or so that allowed me to "route" all of this "internet" traffic. Guess I'll just have to read the howtos and learn how to use all the unix commands.
"And my sound card skips and crackles, because it's older and not well supported. Same with my old video card, damn. No solution except to downgrade to Windows 98, huh?"
I would have tried downloading drivers, but you sound like you've got better ideas.
"To install a sound card: plug it in, hope it works, swear if it doesn't."
It sure is easier to look for modules, compile them, and then add them to the kernel, isn't it?
"Then buy a new card, but be sure to buy a brand name card, or the drivers will suck."
Gosh, you're right. I've never heard of anyone trying to make sure pieces of hardware worked with linux.
"I think I'll write some software!"
I do it every day, honest. Oh wait, I'm 95% of computer users. I don't think I write software, do I? -
Re:well what about the nonphysical aspects of netw
This site was pretty helpful a few years ago when I first got dsl and wanted to split it between 2 computers. They seem to have good howtos for most basic situations, though it's mostly windows oriented.
routergod has an interesting approach to explaining somewhat complex concepts to non-technical people. -
Re:Update without Windows client?
Anyone spot any instructions on getting a Unixish tftp to do whatever authentication is necessary to update?
Google pointed me to these instructions which says to use the http interface to remove any password, then just,tftp address of router
tftp> mode binary
tftp> put code.bin
tftp> quit
After you're done, reset your password.
Obvious once someone else points it out.
-
open source driverI haven't tried this myself, but the open source driver available at http://wirelessdriver.sourceforge.net/index.html does seem to allow you to configure which "keyslot" your WEP key goes in. And the FAQ says that this driver "is compatible with and can co-exist with Apples Airport driver". So that might be a solution to your problem.
By the way, this is a real issue, contrary to what a lot of the posters on this thread seem to think - the best explanation of the "key index" I have found is in the PDF file at http://www.practicallynetworked.com/downloads/Oth
e r/tb-027.pdf -
Install a ...
-
Christ.
Hi. I'm too damn lazy to even bother doing the most basic of research. Can somebody do it for me? Thanks."
-
Get an SMC Barricade
The SMC Barricade (SMC7004AWBR) has a 3 port, 100Mbps switch, an 802.11 access point, a print server that provides SMB and an lpr spool, can connect to an ethernet network or use an analog modem when you move off-campus. It's around $150.
Better yet, go here and make your own decision. -
Changing WAP11 power output.
WAP11 tuning can (and should) be done a bit more carefully than just opening up the SNMP utility and typing '80' in all the boxes.
Looking at different values and monitoring with wlanexpert I see that on my WAP11s, near the factory setting the adjustment is very sensitive (i.e. small change in CR31 = large change in signal strength). The 20-30 values around it (maybe something like B0-C8 on the AP I have been testing) account for about 7-8dBm of difference.
CR31 settings outside this range have much less effect on signal strength - perhaps 1-2dBm.
I would be interested to know how clean the output is when the amplifier is set to the lowest amount (i.e. highest CR31 value) for the maximum signal strength measured.
I assume that above this value there will be a lot of distortion. (I'm not an RF engineer and would appreciate comments from anyone who is, but I assume it is similar to audio amplification - if so, imagine you have an amplifier and the inputs are turned up much louder than can be handled - the output doesn't get louder, it just gets more and more distorted. I assume that the situation here is similar.)
The question I would like to have answered is, at this value, is there still a serious amount of power into the sidebands? (Answering this requires access to a spectrum analyser - so this is just a question not a suggestion! Still, setting like this is at least not likely to cause worse problems than setting at 80, and isn't going to reduce the range).
Values below 80 react quite strangely, I didn't test very much since I found many values reducing power below the card's sensitivity (so I had to run up and down several flights of stairs to reset CR31 from the wired lan, which was very good exercise!). So...
People who want to reduce the power output to the minimum, possibly to keep the footprint of their WLAN as low as possible maybe to avoid interfering with neighbours, or so that passers-by are less likely to stumble across it, should definitely try different values below 80 as well as above 80 - at least on my boxes <80 is not a mirror of >80. (and use carefully positioned carefully chosen antennas, turn off SSID broadcasts, enable WEP, etc.)
I hope that everybody noted their default settings before modifying CR31
;-) My two boxes (bought at the same time) came set to ...c7-c7-c7-c7-c5-c3-c1-c1-bf-bf-bf-bf-bf-be
c7-c7-c7-c7-c7-c5-c3-c3-c1-c1-c1-c1-c1-c1So this definitely seems to be done per-unit and not per-batch. (And, these are different to figures I've seen quoted in mailing list posts).
Presumably they are factory-tuned for the best trade-off between good range and a clean signal, without putting too much power into the sidebands, and probably with a safety margin so that this remains true while the unit ages and if it's operated in different temperatures (electronic components are not at exactly the rated value, they are usually within a certain tolerance, the software setting is to account for this - in other designs this might be done using, for example, variable resistors). And obviously the factory settings will be tuned to ensure that the unit is within FCC limits (for example, ensuring that transmissions stay within the ISM band so you're not broadcasting into licensed bands without a license, which you might be if you adjust CR31 without testing with proper equipment or filtering to remove out-of-band transmissions).
-
Re:Is it just me, or is this a useless product?
you are completely clueless, so I would try not to be such an ass while showing how stupid you are, it is amazed that you can type a full sentance. He is refering to these these from 3com infact there is an entire group of comapanies that really tried to make it work, but it didnt so much fly with the consumer..its called HomePNA
-
What I know I learned from:I second the practically network site. Especially good are the product reviews. Start here.
On the strength of a Practically Networked review, I had good luck with an SMC Barricade router with 4 ports and a built-in firewall a year ago, but things may have changed a lot since then. It took me only about 15 minutes to install (not counting network setup on the computer) and cost ~$100.
I learned about related topics from
How to set up a network at home: MIT guide with Linux focus.
World of Windows Networking: If Windows networking is screwing up (as it often does), go here.
homePCnetwork forum: Configuration questions answered, mostly by guy who runs the forum.
Technocopia: Overview articles on home networking.
Grant's Closet: Home LAN wiring.
Steve DeRose's guide: CAT5 wiring.
Telecom wiring: links to HOWTO and info articles on wiring.
-
Gaming problems
If you are planning on having multiple people running networked games in your house, I would recommend caution when thinking about a hardware router. For example, Linksys (among others) has problems when two people in a household play Q3 and want to connect to the same remote gameserver. As was said before, PracticallyNetworked.com is a good place to investigate before buying.
Alternatively, an old Mac IIcx makes a great router. Two NICs and a video card, old 20mb drive, IPNetrouter software, and there you go! Pretty much unhackable, because with System 7.5.5, you can't even address the Mac's file sharing via tcp/ip. I've got just such a beast running our office because our Linksys died. And I'm really cheap. -
Cable Routers are cheap and easyLet's face it, not many of us have the room or the resources to set up and maintain ANOTHER computer in the house just to look after distributing the cable/dsl connection, that's why these cable/dsl routers are becoming so popular.
I've been using a Netgear RT314 for almost a year now and it works great. NAT features, port-range forwarding, etc. It doesn't have a "true" firewall but the NAT does offer some protection.
I'd recommend getting the FR314 that has firewall capabilities. Check out Practically Networked for reviews on hundreds of models.
-
Which car should I buy?Asking which router to buy is akin to asking which car to buy. It begs the question, "What do you need?" I've used SMC Barricade routers (which, BTW, you can get for $40 from Amazon.com, if you use the code AMZNSWEEPBBR at checkout for $10 off and send in the $40 rebate -- free shipping too!), as well as the Linksys boxes with great success. I use a Linux box here at home which handles routing a wireless network as well as my normal Ethernet network and cable connection. But even that can be done by the various boxes available today.
For information and reviews of some of these items, try SpeedGuide.net or Practically Networked.
Just Call me Mr. Been There, done that...
-
SMC Barricade Wireless Router SMC7004AWBR
I previously had a netgear rt311 on my network in my apartment at school..and when I graduated, I decided I wanted a wireless router, since I've got a couple of laptops, and my girlfriend has one as well. I looked at all the wireless offerings, and it came down to the D-link and the SMC..they're made by the same manufacturer..but the SMC has both a lifetime warranty and mac address restriction of the wireless network.
In one $200 box, I get:
o wireless access point supporting, i believe, 255 users.
o 3 port 10/100 switched hub, plus the wan port.
o firewall/router with plenty of configurability
o print server, which works in both linux and windows.
the administration interface is easy to use, can keep pretty good logs if you want, and allows for the network to be buttoned up pretty tight.
it'll even hook up to a modem via a serial port, if you want to share a modem connection..
here's a review at practicallynetworked:
http://www.practicallynetworked.com/reviews/smc700 4awbr.asp -
Re:Linksys support is iffyI'm a Linksys user and have had good luck with it. The down side is that you can't do nearly as much as you can with a PC running as a firewall, but it's dead simple and does the job. Only issues I know of with the unit is running game servers may be problematic.
As another poster has pointed out www.practicallynetworked.com
is a great source of information for these boxes.
Subsolar
-
A Good Source of Info
Practically Networked
All kinds of good information and reviews on exactly what you're looking for. -
Article....
This Practically Networked article has a review of a bunch of products like the mine, and they list it as their favorite. Could be cool for college students with ethernet jacks everywhere.
-
Re:Setting up a 802.11 network
Another piece of equipment that may be worth examining is the Linksys BEFW11S4 (AKA EtherFast Wireless AP + Cable/DSL Router 4port Switch). It basically takes the WAP11 and adds DHCP, firewall, and routing capabilities, as well as functioning as a 4 port 10/100 switch. I haven't used one of these, but the reviews are quite promising, and the current street cost is only about $20-30 over the price of the WAP11.
An interesting review of the BEFW11S4 can be found here.
I'm not sure as to what kinds of devices like this are available from other vendors (this is the one I stumbled over when looking at networking hardware for my dorm room, and I haven't had time for further research), but the integration of so many features into one unit is very nice for situations where space is an issue. -
Re:practicallynetoworked
Tim Higgins rocks! www.practicallynetworked.com is, IMHO, the best site for SOHO networking info.
-
practicallynetoworked
practicallynetworked.com offers tons of help, reviews, and suggestions.
-
Airport Base StationI'm a big fan of the Apple Airport Base Station.
Sure, it looks like an iMac turd, but it's a slick little device that not only provides wireless bridging to the wired network, but also automatically does network address translation for the wireless devices. It will even offer DHCP / NAT for the wired machines, and manage your dialup for you (it has an integrated 56k modem).
So, on DSL/Cable setups that share a single IP, it frees up whatver machine was forced to do IPmasq. And over a shared dialup, you no longer have to have anybody running diald.
It only costs $300, which isn't that much more than what you'd pay for a small home router anyway, and of course it also gives you wireless access (compatible with 802.11b products). I get excellent reception throughout my entire 3-story house, including the basement.
Best of all, you don't have to have a Mac (or Windows) to use it... there's a java-based configurator.
-
Source for information on all SOHO routersI'm in the SOHO router business myself, so a lot of what I've been doing lately is keeping tabs on the competition. One of the best centralized information sources on this type of product is at practicallynetworked.com, with lots of reviews, summaries of features, troubleshooting, etc.
So far there are no products with a 100 Mbps link to the WAN, but as others have pointed out, the 'net will have to get a whole lot faster before it will make any difference to your access speed.