Slashdot Mirror
How Stable is WEP?
PktLoss asks: "I recently joined the wireless home networking craze, and bought two products, a wireless router and a wireless PCMCIA card. When I just connect normally, I have no problems. The connection is rock solid, decent transfer rates. Im very happy with the purchase. However, for obvious reasons, I would like to enable WEP with 128bit encryption. However, once i do that, the connection goes flaky, dropping after a few moments, or minutes, even when mere feet from the router. Are there problems with stability and WEP? Do certain applications have issues with WEP (I've been disconnected when running nothing but Windows)? Is there anything i can do to resolve this?"
"Linksys blames this problem on:
Some applications are having problem with WEP. WEP or Wired Equivalent Privacy is performed jointly by Nikita Borisov, Ian Goldberg, and David Wagner and not yet standardized and not having solution with its wireless connection problems...Does this sound like a load of crock to anyone or is it just me?"
Whenever I set up a wireless network I make sure the only card allowed to use the network is one that I allow (via mac address filter) Also I make sure that however many computers need IP addresses are the max that I'll lease. That way if you are using the IP no one else will get one leased. WEP... isn't secure anyway so both those options are gonna help.
I've experienced the same with Windows XP and a USB Wireless adapter... Windows XP (eXperimental Program) would see other access points in the neighborhood and try to connect to them.
My solution...
Install Windows 2000... Works fine now.
I had a Linksys WAP11 wireless access point with WPC11 cards at the office, and they were horribly unreliable no matter what I did. I was about to give up when I found a firmware update for the WAP on Linksys' support site. With that installed and all of the drivers updated to latest versions everything works like a charm.
I'd suggest looking to see if there are firmware updates for your wireless router. Depending on how long your retailer had it sitting in their warehouse you may not have the latest and greatest versions of everything.
i've found that the problem goes away with a quick reboot; given that i'm using ad hoc mode since the bloody wireless router died and the replacement was d.o.a. this may not be entirely relevant; however, i am using WEP and my experience is that 2k ironically is much solid for wireless. just my $0.02
I don't know if this helps, but I own several different wireless products from many different brands and run wep-128 on everything. Some of the computers even run WinXP. Although it is possible that I may have had minor problems, I've never had any problems that were visibile. It sounds like some firmware updates might help.
I have this exact same problem with the exact same Linksys router you mention. However, I have a different wireless card (Orinoco).
I have two answers for you.
First, the easiest workaround in XP: Let your card connect to your gateway. Once it's connected, bring up the wireless properties in XP for this card. Disable the checkbox for "Let Windows configure my wireless properties". This will prevent XP from making any further updates to your wireless connections, and you will stay connected to your router permanently. You will have to re-enable then re-disable that checkbox if you reboot so it can find it again, but that's only a few seconds of effort for what seems like a perfectly good workaround.
Second: I got, from Linksys support, a Technical Bulletin on "...using Windows XP with wireless networks". It mentions the Orinoco card specifically, but everything in there seems generic enough that it may be worth a try. Ask them for TB-054 (it's a PDF). The workaround above works well enough that I haven't made the time yet to follow these instructions, but it looks like it's meant to address this specific problem.
<rant>If all my damn neighbors would stop advertising their SSID's like insecure idiots, I have a feeling this problem wouldn't come up. And yes, it appears to only be a problem with XP.</rant>
(I've been disconnected when running nothing but Windows)?
Windows wasen't desinged for the Internet and it's TCP/IP protocoll - instead use the Microsoft NetBEUI! You'll have non of those pesky routing problems of TCP/IP, and security isen't a problem at all - there isent' any!
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
I found that if ssid broadcast turned on, selecting 'open system' was not necessary to connect the iBook to the network.
Nothing wrong with WEP (in terms of stability, let's not talk about the security :). If they are hot for a blame, blame the device drivers, firmware-code, or the crappy OS. Maybe even Canada, but WEP certainly does not deserve this ire.
"Windows XP (eXperimental Program)"
Windows XP (eXtreme Pain)
I know what you're thinking - hop on the network without the MAC to start with, what's he thinking...
The transmissions to the AP are not encrypted, so one need not necessarily bind to the AP to recieve them. A promiscuous interface should do the trick.
Are you using the Linksys client utility? Or the gay ass homosexual fucked up one that is inclued in XP? I have found the same thing with Cisco 340 and 350 cards under XP.
If you can't figure out my address, just drop me an e-mail and I will explain.
I've been working with about 8 different 802.11b cards testing out Access Point mode in HostAP for Linux.
I can tell you straight off that the high-end cards are worth their money in performance if you are serious about WiFi. My favorite right now is the Cisco Aironet 350. It has power. It has range. It has rich management features. And it is fast. I was consistently pounding out 4.2 Mbit/sec under iperf, while the next step down were Orinoco Gold's pumping out about 3.6 Mbit/sec.
The cheaper DLink and Linksys cards, in comparison, would sustain only about 2.2 Mbit/sec.
Finally, it may be that the particular firmware in your card may be buggy. The HostAP mailing list occasionally talk of such problems.
Some cards actually rely on the host CPU to do the WEP encryption/decryption. In such cases, your performance will suffer, especially on slower machines.
The wireless router, too, may be at fault. It may be that WEP is improperly implemented.
The best way to tell what's going on is to take your client card and test it with another AP; and to test another card with your AP. That might help identify the culprit.
BTW, not related to WEP, but there's another reason to buy more expensive 802.11b cards... You might be in a hostile radio environment. Cheapers cards likely have less sensitive detectors and degrades much more readily due to interference or weak signals (due to distance). As errors stack up at the higher bit rates, your station will get downgraded to lower speeds.
You might try positioning all the antennae (WAP and workstation) so they are the same orientation (either vertical or horizontal). There should not be a lot of metal or concrete or dirt between the two points. If all else fails, try moving one of the antennae just a little bit to one side or the other.
I would only buy Linksys products as a last resort.
If you reply, do so only to what I explicitly wrote. If I didn't write it, don't assume or infer it.
I've been looking for reliable 802.11g hardware for my Linux laptop. I realise 802.11g is still in its preliminary phases but there is a fair amount of hardware out there already.
However, no company I've been able to contact (several emails to sales@wherever simply bounced) has committed to Linux support. The FAQ at http://www.smallnetbuilder.com/FAQ.php shows that no company has yet released Linux drivers as far as he knows and a google search didn't turn up anything promising.
So, is any slashdotter aware of a company that sells 802.11g hardware that works with Linux? Ideally, it should have Windows XP drivers as well but my home computers primarily run Linux these days.
Oceania has always been at war with Eastasia.
i dont want to trust the usps with my computer, plese post your street add. so i can use ups.
De sig boss de sig
I've used a Buffalo Tech access point with WEP enabled for about 15 months and have never experienced anything like you describe. My network includes 4 XP machines and as well as a wireless network camera. So, perhaps the problem lies with your particular router or its firmware.
here's what i did (might not be possible on a linksys):
-change your ssid from the default "Linksys" to something unique
-disable access to clients with ssid "any"
-don't broadcast your ssid
-limit the number of ip addresses given out to however many computers you have
-enable wep 128 bit
-limit access by mac address
that's all i can think of at the moment. it's not 100% secure by any means but these simple steps should stop the casual snooper.
I've had no end of problems with all sorts of linksys wireless hardware. Just FYI.
It's Linksys. Their gear sucks. They have terrible firmware. I never have stability problems with wireless gear from Cisco, D-Link, or even Microsoft (made by TI). Update your firmware...look on the Linksys FTP site for newer firmware than is on the web site... or just replace it with a better brand.
i have no idea what your talking about
paul reinheimer
Cisco is in the process of purchasing LinkSys. Who knows what you'll get, when next you buy an AiroNet.
Vote
Anyone who is using wireless seriously doesn't rely on WEP for more than keeping the lowest of the script kiddies out (See AirSnort - so even the lowest of the script kiddies can get in never mind)
Put your WAP on its own link to your router, from there require a layer 3 VPN solution to tunnel into your router (See FreeSWAN) if you want to get into your network, or onto the internet. If people use your 802.11 they get nothing, so aren't likely to stay...
Now it doesn't matter if you have WEP/802.1x or what ever. I wonder how many of these war driven "open access" 802.11 ports that people find are set up this way
I have mod points and I am not afraid to use them
Somewhat on topic, does anybody know of a prosumer line of wireless equipment, to avoid the problems the original poster has described?
I like what the Linksys line promises, it just doesn't live up to it! I have to constantly reset my WET11 (802.11b bridge), and my WAP11 (Access Point) has horrible performance compared to the BEFW11S4 (Access Point+Router). Not to mention, my WPC11 (laptop wireless card) has horrible range and terrible configuration software on Windows. I've also had one WPC11 and one WCF11 (card flash) die on me.
My biggest beef with them is that they constantly release newer versions of their hardware, and pretty much drop support for the older stuff.
I'm pretty much looking for what linksys has, except software and firmware that works and is usable, and good support. I don't mind paying for what I'm asking.
I'm far from an expert on the subject, so someone please stop me if I've got my facts wrong. But I think this is accurate...
I beleive it's smarter not to use 128bit, but rather use 64 bit (which is really 40 bit encryption, by the way, since 14 of them are not random).
Here's why.
WEP provides no real privacy. The algorithm has been cracked wide open, and there are readily available exploits. Also, the known exploits scale linearly, so using twice as many bits only gives a 2x increase in crack time. In short, forget WEP as a privacy measure -- it isn't one.
So, why use WEP at all? It's still worth using, in my opinion, but for different reasons. Despite the lack of protection against deliberate attack, WEP does provide protection against accidental use through mistaken identification of your access point. (The same "protection" is equally well achieved with arp filtering 'though, perhaps a better alternative?)
When viewed this way, WEP still has it's uses, but 128 bit WEP is no better or worse than 64 bit. So, why not pick 64 to reduce the overhead on your poor laptop CPU?
If you value your security, you should NOT rely on WEP for privacy or authentication. Only use it on networks that are adequately firewalled from your sensitive network, and layer some application or socket level encryption over it for all sensitive data.
I wish that posters of ask slashdot questions had mod rights to the responses to karma up or down. That worked wonders, it would appear. Ive followed your advice, and even with WEP on, ive been stable for 6+ hrs now (vs previous records around 1hr. Thank you very much! Dont suppose youve got an affero account?
paul reinheimer
UPS won't ship to P.O. boxes, but the US Postal Service will. Duh.
You're welcome. :) It's more like a hack than a true fix, but at least it's an easy hack.
Interestingly, I never thought of it as being a problem with WEP. It's not like I'm going to turn it off or drop to 64-bit, but I'd be curious if that's part of the cause.
I finally read that tech bulletin, by the way. It didn't look specific to the Orinoco card, so it might help you if it helps me. But it was less specific to our problem than I had hoped -- it was more like a detailed user guide to XP wireless networking. I didn't see anything in it (yet) about XP dropping connections to wireless routers, so my enthusiasm for going through it in detail has just dropped again.
Oh, and no affero yet. I hadn't heard of it till just now, but thanks for thinking of me!
Disable WEP and don't worry about it. WEP is easily cracked and, more importantly, it encourages bad habits - if you use strong end to end encryption, you don't need it; if you don't use encryption, your data is being sent in plain-text from the point it leaves your WAP.
I have had many cases where people had problem caused by linksys products. Often a firmware upgrade did the trick.
I think it was funny when I heard that Cisco bought Linksys, truly they wanted part of the low,low,low-end market for real this time. And as others has pointed out, all network devices are not created equal, even if they perform the same function. In the case of SOHO products like these, it hardly matters. It only matter when some "bright" minds thinks they can same money on using SOHO products in their large scale networks.
my sig