Flutterby™! : 802.11b!

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics


2001-09-30 04:18:29+00 by Dan Lyke 11 comments

I went into the evil CompUSA looking for some printer supplies, and noticed they had Linksys 802.11b stuff, which I've been wanting for a while, on sale. So I bought a base station and a PCMCIA card. Then I foolishly upgraded my laptop to kernel 2.4.10, which was way ahead of the current Debian utility packages. But after a little poking about on the 'net I figured out the hack to my /etc/pcmcia/config and this is my first post without cables. So far, in the same room as the base, first ping is > 70ms, quickly settles down to circa 3ms, large transfers and ping floods put noise on the laptop speakers (I'm wondering if getting the kernel driving the sound might damp that), sustained throughput seems quite bursty, scp of the uncompressed kernel source gives a throughput of about 450k/sec. The base allegedly requires Windows[Wiki] to configure (which is how I did it), but the docs say something about SNMP, so I need to try diddling with that on my Linux machines.

[ related topics: Free Software Wireless ]

comments in ascending chronological order (reverse):

#Comment made: 2002-02-21 05:32:52+00 by: meuon

On the high end stuff, you can tune it a bit. You may want to try things farther away, as these gadgets are often overpowered for 10-20ft connections. Packet timing will keep the usable distance down, but we have done 1-2 miles with a small panel antenna and 30mw and timing changes.

#Comment made: 2002-02-21 05:32:52+00 by: TheSHAD0W

Most of Linksys' access points are NOT 128-bit crypto compatible! Even if it says so on the box! FYI

#Comment made: 2002-02-21 05:32:52+00 by: pharm

WEP is junk anyway; it's been comprehensively broken + there are already hacking tools out on the net for those who are into that kind of thing...

You need to use ssh, or some other encryption layer over it if you're worried about security...

#Comment made: 2002-02-21 05:32:52+00 by: Dan Lyke

Yeah, when I decided to go wireless I pretty much acknowledged that any of my neighbors that want to now has access to my internal network. But since I have ssh keys that can get to various systems on the 'net without passwords, and since I can get into my primary home machine via ssh, I also acknowledged that I've pretty much got to run these machines as though they were fully exposed hosts anyway. The house isn't buttoned down for physical security any tighter anyway.

#Comment made: 2002-02-21 05:32:52+00 by: TC

Yup, better use tunneling ssh and put a lock on dat door....

#Comment made: 2002-02-21 05:32:52+00 by: meuon

Even with WEP hacking, (tried it.. works...) the real problem isn't sniffing your connections as it is them piggy-backing on them. Worse, it gets YOU in trouble. Your neighbor leeches an upstream internet connection, posts spam, kitty porn, harrasses someone, or gets caught doing warez off of your connection and you will end up in trouble. Done right, he'll share your hard drive and store it all on your system. Next worse case scenerio, he/she gets bored and deletes your stuff.

Now, Dan would not have open shares inside his network, even with a firewall in place and even without the wireless system.. right Dan?

#Comment made: 2001-10-02 13:41:14+00 by: Dan Lyke [edit history]

As I said, I'm treating it like it was a fully exposed host. The only compromise I'm making is Samba shares for the Windows box, with a separate password set than other features. You're right about the open relay issue, though, it had slipped my mind that this IP alone is privileged for that. Gotta do a little tightening around the edges.

#Comment made: 2002-02-21 05:32:53+00 by: TheSHAD0W

So how would you set it up? Firewall box, with separate UTP ports for the intranet, the uplink and the wireless link? Close off everything to wireless 'cept a ssh login?

#Comment made: 2002-02-21 05:32:53+00 by: Dan Lyke

I need to check. Assuming that the wired internal boxes are secure, if I could limit NNTP and SMTP relays for the DHCPd boxes, and make them have to SSH tunnel all that through one of the wired machines, that'd probably be sufficient. I could probably netmask the router to, change its internal network to, keep the internal boxes talking to the full address space, and DHCP the .1-.127 space off a Linux box. That way the gateway won't route any .1-.127 address space, so anything via that would have to be SSH tunnelled or proxied.

#Comment made: 2002-02-21 05:32:53+00 by: Mars Saxman

I'd like to get an 802.11b base station. My computer is a laptop which has a wireless card in it already, so there's really no reason to keep it plugged into the wall. Besides, I like the idea of giving away internet access to anyone who wants it; it tickles my sense of practical anarchy. (I've got 512 kilobits both directions, and I only use it for a few minutes here and there, so why not share?) Unfortunately, it's hard to justify $300 for it when the ethernet cable that leads to the DSL box already reaches clear out onto the balcony...


#Comment made: 2002-02-21 05:32:54+00 by: TheSHAD0W

I don't know if you'd need to dedicate an entire half-class-C to wireless; doubt you'll have that many machines... And that doesn't solve problems with people leeching off your service. Oh -- and I had some problems when I tried to configure my Linksys base to use less than a full class-C.

I guess I'd add a card to my firewall box, designate it 192.168.2.x, and hook my wireless in there.