April 14, 2004

Wireless

befw11s4_v4Alex writes about his adventures in going wireless. I'm not sure how he's resisted the lure for so long ...

I thought I was late to the party when I got wifi in late 2002. Back then, I'd not really seen the point - "it's slower than cat5, and I still need a wire for power" - but within five minutes of trying a wireless card when I was working away from the office, I was hooked. Within three hours, I'd already gone to the nearest store and bought a couple of Linksys cards. The minute I got back to Norwich, I went out and bought a broadband router. Those routers can now be found in the office, at my house, David's house, my sister's house and my parents' house.

Like Alex, I found getting the wifi cards up and running in Debian to be a serious trial of patience. It took days. Kernel recompiles. Endless configuration tweaks. Hunts for the right version of pcmcia-cs, kernel, wlan-ng, etc. And these are with fairly mainstream, fairly old makes of card.

To this day, my Debian laptop will cheerfully automatically connect to my home router but fails to find the office one without manual configuration. I briefly tried upgrading to the latest 2.6 linux kernel, but that broke wireless completely. I tried an install of Fedora, to see if that would work. After the initial appearance of success I reported, it broke on a reboot. So I went back to the Debian installation that I got working through sheer luck. And so I don't touch it any more.

By comparison, it takes approximately 10 seconds to get up and running on any network with the Mac. Not that I want to diminish Alex's masochistic pleasure, or anything.

Posted by savs at April 14, 2004 12:16 PM
Comments

Well, as I alluded to - I was already wireless; but with a Bluetooth PAN network. With a Bluetooth Class II network you have 100m range with only slightly less bandwidth really. But no, I wasn't wireless LAN - I think wireless LANs are evil, mostly. I did make life interesting by buying fairly recent cards - 802.11g isn't well supported . Not sure I'm quite as bought-in as you appear to be yet, but give it time. It's a lark :)

As for Macs, you can keep it :P We're heading for the ultra-secret land of Utopia: http://primates.ximian.com/~rml/project_utopia/. You'll come crying back, mark my words.

Posted by: Alex Hudson at April 14, 2004 3:32 PM

Making hardware just work, eh? Project Utopia is too little, too late imnsvho ;-)

Posted by: Andrew Savory at April 14, 2004 5:24 PM

Are you using any of the WEP garbage?

Posted by: stega at April 14, 2004 6:27 PM

Yes - a mandatory 64 Bit key on all the linksys routers. Not particularly for security - everything I do that's worth hiding is done over ssh, ssl etc anyway - but to deter people from "borrowing" my connection without asking. I'll happily dish out keys to anyone that does ask (except on the office network, obviously, because it's not our bandwidth to give away).

Posted by: Andrew Savory at April 14, 2004 7:58 PM

Hehe, I enabled WEP this afternoon after accidentally 'borrowing' someone's Telewest cable connection. My 11g card (which is by far the easier to setup, linux-wlan-ng does suck righteously) defaults to auto-detecting everything and auto-detected this neighbour's network.

Sadly I'm not sure there's much I can do about their system. I suppose I could sniff their network for a printer and write them a letter... :D

Posted by: Alex Hudson at April 14, 2004 9:26 PM

that's probably a large portion of your problem. The Linksys's low end wireless devices (which is pretty much all of them) are notorious for having issues with ASCII translation of WEP keys. When in a multiplatform environment I've had issues with various OS's being able to connect through: in the end I determined that if a Mac was used to set the WEP key, other OS's had a better chance of also connecting, but if a Windows box did I had the most issues with others connecting in (Including various flavors of Windows.)

Posted by: stega at April 15, 2004 6:52 AM

oh, and just make a closed network and lock by MAC addr if you don't want people borrowing. It's harder to spoof a layer two address than it is to sniff a WEP key.

Posted by: stega at April 15, 2004 6:53 AM

Hard to spoof a layer two address? You mean like:

ifconfig eth1 hw ether 10:10:10:10:10:10

I believe that's even possible on some Macs [it has kernel support for ioctl(set lladdr) in recent versions]. I would say it's easier by far to sniff a MAC (not a Mac ;) than to sniff a WEP key. Quite what would happen if the MAC was contended I don't know: on a wireless network, I would guess both devices would continue to work partially.

What you say about WEP keys is spot on - I think most of my problems were about setting different keys on the two ends without realising. The ASCII stuff is also annoying - there is no "ASCII string->WEP key" algo defined by the spec. What most devices appear to do is just store the ascii character code in each nibble, so you're basically limited to a 6/13-char string. Opens you up to a reasonable dictionary attack too, although quite how easy it would be to execute I don't know.

Posted by: Alex Hudson at April 15, 2004 2:45 PM

Not that I doubted you Alex, but I had to try:

oscar:~# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:90:F5:14:28:37
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:19415294 errors:0 dropped:0 overruns:0 frame:0
TX packets:7756772 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:2589085448 (2.4 GiB) TX bytes:531912672 (507.2 MiB)
Interrupt:9 Base address:0x1800

oscar:~# ifconfig eth0 hw ether 10:10:10:10:10:10
SIOCSIFHWADDR: Device or resource busy
oscar:~# ifconfig eth0 down
oscar:~# ifconfig eth0 hw ether 10:10:10:10:10:10
oscar:~# ifconfig eth0 up
oscar:~# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 10:10:10:10:10:10
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:19415294 errors:0 dropped:0 overruns:0 frame:0
TX packets:7756772 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:2589085448 (2.4 GiB) TX bytes:531912672 (507.2 MiB)
Interrupt:9 Base address:0x1800


Holy cow!

Posted by: Andrew Savory at April 15, 2004 3:19 PM

You'll find most modern cards allow you to do that to be honest. After all, the mac is just a field in an ethernet packet, nothing really special about it.

On my wireless card I don't even need to take the interface down to change the MAC, I can just switch. All it does is cause a bit of ARP noise.

Posted by: Alex Hudson at April 15, 2004 5:55 PM