Wireless networking and WEP configurations

Posted by rmcgowan on Wed 8 Mar 2006 at 08:32

I've been using the tutorials/reviews information from this site to try and set up my laptop to automatically detect the active network (cable at work, wireless at home) and set up the environment as appropriate. This has been slow going, due to a WEP problem I have. This begins with an Archos PMA430 (an audio/video/PIM hand held device) that has built in wireless networking. And it runs a Linux OS, using Qtopia (the most important secondary reason for its purchase).

The problem is that it supports only WEP encryption, at 40 and 128 bits. There is also no authentication capability, so if I want any security at all, its got to be WEP. And the more bits the better, I supposed.

My wireless router is a D-Link DI-624 (both twisted pair and wirelss). And, wouldn't you know it, the WEP support it has is at 64 and 128 bits, so I guess the 128 is all I can use if I expect to have the Archos connect to the Access Point in a secure manner.

So, I need to have support for WEP in the Debian GNU/Linux system on the laptop but all the tools I've looked at point to WEP at either 40 or 104 bits. Well, this clearly doesn't match the AP/router so I'm in a bit of a bind.

My laptop wireless adapter is a Linksys USB model WUSB54G rev 4, and I've found Linux drivers for it which I've downloaded, compiled and installed. Initially, I used an open source driver from Ralink Tech Inc., which worked well, including dealing with the full 128 bit WEP.

Then, I decided to build a new kernel (2.6.15.?, then 2.6.14.4). And this driver wouldn't compile any more. Or, rather, it compiled with a number of errors, one of which prevents it from loading (reference to a method called verify_area, which cannot be found). So, I got a driver for the same chip from an open source development site, http://rt2x00.serialmonkey.com, from their CVS. This compiles and installs fine, but it has the WEP 40/104 bit encryption issue mentioned above.

Does anyone have any experience or knowledge of other drivers, support software or configuration/options to get 128 bit WEP encryption working on my laptop?

Thanks for your help.

 

 


Posted by Anonymous (192.117.xx.xx) on Wed 8 Mar 2006 at 09:08
Try to use OpenVPN network instead of WEP encryption. IMHO, this is best security solution for wireless networking.

[ Parent | Reply to this comment ]

Posted by Anonymous (52.159.xx.xx) on Wed 8 Mar 2006 at 09:30
i completely agree.

ive found that using wep makes the connection less stable (so im not using it), and therefore VPN still protects me over an unencrypted connection.

the thing is i still am open to other people connecting to my network (although they cant listen to my activity). im using static ip's and mac filtering, but that's not a great sollution.

any ideas??

[ Parent | Reply to this comment ]

Posted by Anonymous (84.194.xx.xx) on Wed 8 Mar 2006 at 10:08
If you are using a VPN connection, only allow the routing of VPN connections, and nobody else will misuse your network. I know, it sounds simple :)

I'm using WEP encryption at home. With 3 hardware Wifi connections: Intel 2200B/G (integrated in laptop), D-Link DWL-G650 (PCMCIA in laptop) and D-Link DWL-G520+ (PCI in desktop). All work "great".

The Intel has standard support in the latest 2.6 kernels (or http://ipw2200.sourceforge.net/). The D-Link DWL-G650 works with the madwifi drivers (patched for packet injection, used for WEP cracking). The D-Link DWL-G520+ works with the acx100 driver.
NdisWrapper is a nice tool to use Windows drivers on Linux ... but the D-Link DWL-G520+ didn't work more then 1 week, a weekly reboot of my desktop was always needed (don't shoot me if it's working better for you :).

I explained everything I'm using for Wifi on http://linox.be/index.php/wifi_explorer/.

But a fact: Wifi is already big sh*t when you use different hardware vendors (or even sometimes with one vendor ...), and when you have to play with multiple _uncomplete_ drivers ... *oh my god*!

Fred
Linox.BE

[ Parent | Reply to this comment ]

Posted by Steve (212.20.xx.xx) on Wed 8 Mar 2006 at 10:37
[ View Steve's Scratchpad | View Weblogs ]
the thing is i still am open to other people connecting to my network

Place the WiFi upon a different network segment, and only allow VPN traffic + DHCP through it.

Allowing DHCP will mean that anybody can connect to your open access port, and gain a local IP address. But if all other traffic is blocked you don't need to worry about your AP being abused.

When you wish to connect you can get an IP via the DHCP server and then use the OpenVPN client upon your machine to tunnel traffic over to your LAN, and via that access the internet/network.

[ Parent | Reply to this comment ]

Posted by rmcgowan (143.127.xx.xx) on Wed 8 Mar 2006 at 18:55

Thank you for the suggestion, but...

As noted in the original post, I'm using an Archos PMA430 as one of the devices on the wireless network. Now, even though the OS is Linux and the user interface is Qt/Qtopia based, it is somewhat limited in the area of extra tools. For example, the only command line tool for bi-directional file transfers in the native environment is rsync (no ftp, no ssh, no ...). It does have wget. But I haven't found a VPN implementation for it, yet. So, I'd need to get VPN source, get the Qtopia dev. tools, build, test, install, setup... In the meantime, I want to protect my AP as best as I can, under the circumstances. And that means using WEP. I understand it's not "secure", in that the data stream can be analyzed and the encryption key can eventually be determined. That's acceptable, since 1) I don't do a lot of data transfers, and; 2) I can change the WEP key periodically.

So, the bottom line to my needs was to be able to also get my Debian Gnu/Linux laptop talking to the AP, within the constraints imposed by the Archos PMA. This has been answered, adequately, with the posting by nijel regarding the implementation of WEP.

Now, I just need to figure out the actual tools to use and get them configured.

[ Parent | Reply to this comment ]

Posted by nijel (195.70.xx.xx) on Wed 8 Mar 2006 at 10:53
Maybe you should read something about WEP :-).
Standard 64-bit WEP uses a 40 bit key, to which a 24-bit initialisation vector (IV) is concatenated to form the RC4 traffic key. At the time that the original WEP standard was being drafted, US Government export restrictions on cryptographic technology limited the keysize. Once the restrictions were lifted, all of the major manufacturers eventually implemented an extended 128-bit WEP protocol using a 104-bit key size.

[ Parent | Reply to this comment ]

Posted by rmcgowan (143.127.xx.xx) on Wed 8 Mar 2006 at 18:23

Thanks for the pointer and the information. It would sure be nice if people could standardize on the terminology used to describe the protocol, as well as standardizing the protocol. ;-}

Ah, well, such is life and it does keep things interesting.

[ Parent | Reply to this comment ]

Posted by Anonymous (62.255.xx.xx) on Sat 11 Mar 2006 at 21:13
I couldn't get my Centrino (Intel 2200BG) to stay up with my WRT54G router on any operating system (windows 2003 + debian sarge + ubuntu 5.10). Too many WLANs around here causing noise problems (East London.

Ended up going back to good old wires draped across the floor!

Sorry I know that's not even slightly helpful.

[ Parent | Reply to this comment ]

Posted by Anonymous (82.193.xx.xx) on Sun 12 Mar 2006 at 16:38
So why use a kernel that breaks your setup, or was it a sec upgrade?

--
Michael Shigorin

[ Parent | Reply to this comment ]

Posted by Anonymous (84.184.xx.xx) on Mon 13 Mar 2006 at 02:04
The USB WLAN adapter you have, is using a chipset from "RaLinkTech". They released the initial source code for the driver - it's not actually from that "open source development site" as you mentioned it.

104- and "128"-bit keys refer to the same thing, as do "64" / 40-bit keys. (One imprint is for techies, one for easily trickable customers.)

WEP however is inadequate for protecting WLAN networks, you could as well go without encryption. Your WLAN adapter however supports WPA, so please use that OR LEAVE IT!

Use ndiswrapper and the windows driver if you like. wpa_supplicant is what you are also looking for.

[ Parent | Reply to this comment ]

Posted by rmcgowan (67.169.xx.xx) on Tue 14 Mar 2006 at 06:41

First, I'm not sure what you're referring to, in the title.

Second, I got the same information you mention, in the post from nijel (195.70.xx.xx) on Wed 8 Mar 2006 at 10:53 (number 5, above). But thank you for confirming the information.

Third, my post numbered 7, above, in response to several earlier posts, clearly states that the weakest link in my setup is an Archos personal media assistant, which ONLY has WEP encryption. If I'm to use any encryption, that's what I have to use, until Archos or some third party implements something better.

Fourth, without some form of encryption, any party within range of my wireless AP could use it freely. As I understand the issues with WEP, they have to do with being able to decipher the encoded data and determine the key used for encryption, but that this requires a fair amount of data, some time and programs that the average Windows user probably doesn't have. So I guess I'll have to go with WEP, for now, since I'm not willing to provide free internet service to unknown users. Thank you for your concern, however, I appreciate it (though I think you could have toned down your voice a bit).

Finally, the 'open source' site (which happens to be http://rt2x00.serialmonkey.com) is developing drivers for this and related chips using the GPL. Even though the original may have been proprietary and owned by RaLinkTech, I think it is now legitimately in the open source arena. At the time I posted the original question, the actual site was not an issue so I did not mention it. I hope this clears things up a bit.

[ Parent | Reply to this comment ]

Posted by Anonymous (81.174.xx.xx) on Tue 2 May 2006 at 20:49
Got a DI624.

With WEP enabled I get lots of "this page cannot be displayed" and Server not found or DNS errors (about 1 in 6 pages). Finding and Connecting to a web site takes several seconds (10 seconds sometimes) even if it's www.google.com. Generally I get good download speeds through the DI624 wireless lan.

With WEP disabled and no other changes I get near instant connection to a web sites and no DNS errors. Crazy or what.

[ Parent | Reply to this comment ]

Sign In

Username:

Password:

[Register|Advanced]

 

Flattr

 

Current Poll

What do you use for configuration management?








( 267 votes ~ 1 comments )