Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Wireless Networking Hardware

How Stable is WEP? 61

Posted by Cliff from the protocol-or-implementation-issues dept.
PktLoss asks: "I recently joined the wireless home networking craze, and bought two products, a wireless router and a wireless PCMCIA card. When I just connect normally, I have no problems. The connection is rock solid, decent transfer rates. Im very happy with the purchase. However, for obvious reasons, I would like to enable WEP with 128bit encryption. However, once i do that, the connection goes flaky, dropping after a few moments, or minutes, even when mere feet from the router. Are there problems with stability and WEP? Do certain applications have issues with WEP (I've been disconnected when running nothing but Windows)? Is there anything i can do to resolve this?"

"Linksys blames this problem on:

Some applications are having problem with WEP. WEP or Wired Equivalent Privacy is performed jointly by Nikita Borisov, Ian Goldberg, and David Wagner and not yet standardized and not having solution with its wireless connection problems...
Does this sound like a load of crock to anyone or is it just me?"
This discussion has been archived. No new comments can be posted.

How Stable is WEP? More

How Stable is WEP?

Comments Filter:
  • Whenever I set up a wireless network I make sure the only card allowed to use the network is one that I allow (via mac address filter) Also I make sure that however many computers need IP addresses are the max that I'll lease. That way if you are using the IP no one else will get one leased. WEP... isn't secure anyway so both those options are gonna help.
    • Even though you are probably the only one using your wireless router, someone clever running a program like Kismet [kismetwireless.net] or Ethereal [ethereal.com] can still sniff your unencrypted packets and pick out some nasty things from them. You're definitely right about WEP not being secure, but I do think that another layer of security can't hurt (unless of course it does something weird like make your connection flaky).

      :)
    • If you are using a Linksys, like the author of the question is, I believe Linksys's MAC filter only blocks internet, but not local network access.
    • Hate to burst the bubble, but MAC addresses are spoofable (and easily guessable)! On a GNU/Linux box with iproute2, you can do mac spoofing using ip maddr [add/del/etc].

      Address filtering is really bad security, even at layer 2. Since you have no encryption at or above layer 2, anyone can just hop on your network and do an arp resolution to a broadcast address and bingo, they have a MAC that lets them in. Even if you couldn't do that, a MAC address is just a 48-bit number, and most of the MAC address space is verifiably unused (you can check the IEEE for a list of assigned prefixes - the first 24 bits are a manufacturer ID).
    • Yes there are ways around both of those options however if WEP is giving him trouble then those are two of the best ways to set up his router to ensure more security than simply assuming he is safe.

      If someone wants to get in then they will, however the two of these options will get rid of the idiot neighbor who happens to notice an open WAP and figure he doesn't have to pay for Internet usage when Buddy next door is nice enough to share his.

      If someone does go through the trouble of spoofing a MAC addres

    • Whenever I set up a wireless network I make sure the only card allowed to use the network is one that I allow (via mac address filter)

      Since anyone who knows your encryption key can see what mac addresses are allowed to communicate on the network, how does this improve security?

  • I've experienced the same with Windows XP and a USB Wireless adapter... Windows XP (eXperimental Program) would see other access points in the neighborhood and try to connect to them.

    My solution...

    Install Windows 2000... Works fine now.
    • About it seeing the other access points, actually, for me, that was a good thing. The company gave us new laptops, and lo and behold, the unexpected happen. It told me that I have access to at least 1 wireless network.

      I thought it was some sort of built-in promotion to Windows or something (like the old AOL / Compuserve / whatever else providers) but was curious enough to click on it. Imagine my surprise when it listed the name of the WAN that I had in my home.

      A Windows feature that actually impressed me

  • Try a firmware upgrade (Score:5, Informative)

    by ables ( 174982 ) on Wednesday April 09, 2003 @10:06PM (#5698289)

    I had a Linksys WAP11 wireless access point with WPC11 cards at the office, and they were horribly unreliable no matter what I did. I was about to give up when I found a firmware update for the WAP on Linksys' support [linksys.com] site. With that installed and all of the drivers updated to latest versions everything works like a charm.

    I'd suggest looking to see if there are firmware updates for your wireless router. Depending on how long your retailer had it sitting in their warehouse you may not have the latest and greatest versions of everything.

    • I can vouch for this, I have a Netgear wireless RTR, had problems with WEP, upgraded the firmware/drivers on wireless cards, problem solved.
    • I'll second that. I've got an LinkSys AP/Router thats works fine but the Belkin USB adapter I'm using only ever showed a signal strength of 5 ish percent before the firmware was upgraded. It now has a steady 80%.

      So, remember to try upgrading the firmware before you fiddle with anything else (back up your settings as part of the upgrade process as well!)

  • xp's wireless seems flakey (Score:4, Informative)

    by blackcoot ( 124938 ) on Wednesday April 09, 2003 @10:09PM (#5698302)
    i've found that the problem goes away with a quick reboot; given that i'm using ad hoc mode since the bloody wireless router died and the replacement was d.o.a. this may not be entirely relevant; however, i am using WEP and my experience is that 2k ironically is much solid for wireless. just my $0.02
  • I don't know if this helps, but I own several different wireless products from many different brands and run wep-128 on everything. Some of the computers even run WinXP. Although it is possible that I may have had minor problems, I've never had any problems that were visibile. It sounds like some firmware updates might help.

  • Same problem here. My solutions.... (Score:4, Informative)

    by hawkstone ( 233083 ) on Wednesday April 09, 2003 @10:22PM (#5698395)
    I have this exact same problem with the exact same Linksys router you mention. However, I have a different wireless card (Orinoco).

    I have two answers for you.

    First, the easiest workaround in XP: Let your card connect to your gateway. Once it's connected, bring up the wireless properties in XP for this card. Disable the checkbox for "Let Windows configure my wireless properties". This will prevent XP from making any further updates to your wireless connections, and you will stay connected to your router permanently. You will have to re-enable then re-disable that checkbox if you reboot so it can find it again, but that's only a few seconds of effort for what seems like a perfectly good workaround.

    Second: I got, from Linksys support, a Technical Bulletin on "...using Windows XP with wireless networks". It mentions the Orinoco card specifically, but everything in there seems generic enough that it may be worth a try. Ask them for TB-054 (it's a PDF). The workaround above works well enough that I haven't made the time yet to follow these instructions, but it looks like it's meant to address this specific problem.

    <rant>If all my damn neighbors would stop advertising their SSID's like insecure idiots, I have a feeling this problem wouldn't come up. And yes, it appears to only be a problem with XP.</rant>

    • I wish that posters of ask slashdot questions had mod rights to the responses to karma up or down. That worked wonders, it would appear. Ive followed your advice, and even with WEP on, ive been stable for 6+ hrs now (vs previous records around 1hr. Thank you very much! Dont suppose youve got an affero account?
      • You're welcome. :) It's more like a hack than a true fix, but at least it's an easy hack.

        Interestingly, I never thought of it as being a problem with WEP. It's not like I'm going to turn it off or drop to 64-bit, but I'd be curious if that's part of the cause.

        I finally read that tech bulletin, by the way. It didn't look specific to the Orinoco card, so it might help you if it helps me. But it was less specific to our problem than I had hoped -- it was more like a detailed user guide to XP wireless ne

  • Ahem.. (Score:5, Funny)

    by zulux ( 112259 ) on Wednesday April 09, 2003 @10:29PM (#5698428) Homepage Journal
    (I've been disconnected when running nothing but Windows)?

    Windows wasen't desinged for the Internet and it's TCP/IP protocoll - instead use the Microsoft NetBEUI! You'll have non of those pesky routing problems of TCP/IP, and security isen't a problem at all - there isent' any!

    • "...Windows wasen't desinged for the Internet and it's TCP/IP protocoll.."

      Only those versions of Windows built on top of MS-DOS (3.1, 3.11, 95, 98, Me). Networking support of ANY kind (NetBEUI, TCP/IP, Netware, Appletalk, etc.) is a patch on a patch on a patch on a patch. Remember, DOS was at it's core a stand-alone, single-user, single-tasking, single-threaded operating system. It could do one thing and do it well. It's when you try to throw a bunch of patches at it to make it do something it wasn't desi
  • I have a Netgear FM114P with 128 bit WEP set up and ssid broadcast disabled with MAC address filtering. Once I set the netgear config to use 'open system' authentication, everything was smooth. One of the good things about this router is it has very little slowdown when it does WEP compared to non-WEP versus most other wireless routers.

    I found that if ssid broadcast turned on, selecting 'open system' was not necessary to connect the iBook to the network.

  • Nothing wrong with WEP (in terms of stability, let's not talk about the security :). If they are hot for a blame, blame the device drivers, firmware-code, or the crappy OS. Maybe even Canada, but WEP certainly does not deserve this ire.
    • Thank you for responding to the question i actually posed (though solutions are equally welcome)

      The concept of blaming a protocoll didnt make any sense to me, as i would think, that, when designing a protocoll, dealing with pesky little things like 'It wont work for more than 2 consectutive minutes without dropping' would be rather high up on the fix-it list. And why anyone would implement such a crappy protocoll would be beyond me.

  • Windows Wireless (Score:1, Insightful)

    by legend ( 26856 )
    Are you using the Linksys client utility? Or the gay ass homosexual fucked up one that is inclued in XP? I have found the same thing with Cisco 340 and 350 cards under XP.
    • I think I am running both... The linksys client utility shows up in the system tray, with the two purty little graphs showing my connection states. (Graphs, that according the the useless phone rep at tech support are not an accurate representation of connection stability.) The Microsoft Network icon shows up down there as well. Once I am disconnected, I end up using the microsoft one to reconnect.

  • Get hardware assisted WEP (Score:4, Informative)

    by toybuilder ( 161045 ) on Wednesday April 09, 2003 @11:41PM (#5698781)
    I've been working with about 8 different 802.11b cards testing out Access Point mode in HostAP for Linux.

    I can tell you straight off that the high-end cards are worth their money in performance if you are serious about WiFi. My favorite right now is the Cisco Aironet 350. It has power. It has range. It has rich management features. And it is fast. I was consistently pounding out 4.2 Mbit/sec under iperf, while the next step down were Orinoco Gold's pumping out about 3.6 Mbit/sec.

    The cheaper DLink and Linksys cards, in comparison, would sustain only about 2.2 Mbit/sec.

    Finally, it may be that the particular firmware in your card may be buggy. The HostAP mailing list occasionally talk of such problems.

    Some cards actually rely on the host CPU to do the WEP encryption/decryption. In such cases, your performance will suffer, especially on slower machines.

    The wireless router, too, may be at fault. It may be that WEP is improperly implemented.

    The best way to tell what's going on is to take your client card and test it with another AP; and to test another card with your AP. That might help identify the culprit.

    BTW, not related to WEP, but there's another reason to buy more expensive 802.11b cards... You might be in a hostile radio environment. Cheapers cards likely have less sensitive detectors and degrades much more readily due to interference or weak signals (due to distance). As errors stack up at the higher bit rates, your station will get downgraded to lower speeds.
  • You might try positioning all the antennae (WAP and workstation) so they are the same orientation (either vertical or horizontal). There should not be a lot of metal or concrete or dirt between the two points. If all else fails, try moving one of the antennae just a little bit to one side or the other.
  • In my experience with Linksys wireless access points, they suck. We had no end of trouble with them. We switched to an Apple Airport base station and it's rock solid. I also have an Airport at home. It's been running for 2 years.

    I would only buy Linksys products as a last resort.

  • I've been looking for reliable 802.11g hardware for my Linux laptop. I realise 802.11g is still in its preliminary phases but there is a fair amount of hardware out there already.

    However, no company I've been able to contact (several emails to sales@wherever simply bounced) has committed to Linux support. The FAQ at http://www.smallnetbuilder.com/FAQ.php shows that no company has yet released Linux drivers as far as he knows and a google search didn't turn up anything promising.

    So, is any slashdotter aw
    • I have a Linksys WPC11 card and the new 54G router working beautifully. I'm using Debian. The trick is to install the wlan-ng drivers. I had nothing but problems before I installed wlan-ng.
      • Surely, though, the WPC11 card is 802.11b only, not 802.11g? And the 54G router just plugs into the network and therefore doesn't need Linux support.

        Or perhaps I am missing something here. Do the wlan-ng drivers actually support 802.11g after all?
    • I'm using a Cisco aironet 350 pcmcia card, it has excellent linux support from three places:
      • included kernel module, airo and airo_cs
      • pcmcia_cs driver (possibly the same source as above? I havent looked.)
      • Cisco also provides their own driver, and diagnostic tools for linux. They are very handy.

      I'm using this card with 2.4.20 just fine. Whether you go with the pcmcia_cs driver or not (i'm using included kernel driver) you will want the tools from the package. They monitor for cards to be inserted/removed

    • Re:OT: 802.11g and Linux (Score:1, Interesting)

      by Anonymous Coward
      Take my advice. Do not buy 802.11g products yet. Do not buy ANY product until the standards it is supposed to be built upon are fully implemented. Even the 802.11g working group says this. They explicitly state that the standard, even though it's near the expected ratification date, will change right up until the last minute. Multiple vendors (Linksys, Dlink, and even Cisco) have not stated that their prestandard products will be fully upgradeable to standards-compliant products once the standard is ra

      • Well, you are probably right. I wanted 802.11g because it offered:

        • 802.11b compatibility
        • Approximately 5 times faster transfers than 802.11b

        For those reasons, I figured it wouldn't be a big deal to buy 802.11g preliminary hardware now as it would at least be 802.11b-compatible and even if it ended up not being compatible with 11g when that finally gets ratified, would still run at that speed in my apartment using my hardware.

        Any guesses on whether, when 11g finally is ratified, any company will actu

  • I've used a Buffalo Tech access point with WEP enabled for about 15 months and have never experienced anything like you describe. My network includes 4 XP machines and as well as a wireless network camera. So, perhaps the problem lies with your particular router or its firmware.
  • here's what i did (might not be possible on a linksys):

    -change your ssid from the default "Linksys" to something unique
    -disable access to clients with ssid "any"
    -don't broadcast your ssid
    -limit the number of ip addresses given out to however many computers you have
    -enable wep 128 bit
    -limit access by mac address

    that's all i can think of at the moment. it's not 100% secure by any means but these simple steps should stop the casual snooper.
  • I've had no end of problems with all sorts of linksys wireless hardware. Just FYI.
  • It's Linksys. Their gear sucks. They have terrible firmware. I never have stability problems with wireless gear from Cisco, D-Link, or even Microsoft (made by TI). Update your firmware...look on the Linksys FTP site for newer firmware than is on the web site... or just replace it with a better brand.
  • It is broken, and worthless (and you seem to be having issues with it anyway).

    Anyone who is using wireless seriously doesn't rely on WEP for more than keeping the lowest of the script kiddies out (See AirSnort - so even the lowest of the script kiddies can get in never mind)

    Put your WAP on its own link to your router, from there require a layer 3 VPN solution to tunnel into your router (See FreeSWAN) if you want to get into your network, or onto the internet. If people use your 802.11 they get nothing,

  • Somewhat on topic, does anybody know of a prosumer line of wireless equipment, to avoid the problems the original poster has described?

    I like what the Linksys line promises, it just doesn't live up to it! I have to constantly reset my WET11 (802.11b bridge), and my WAP11 (Access Point) has horrible performance compared to the BEFW11S4 (Access Point+Router). Not to mention, my WPC11 (laptop wireless card) has horrible range and terrible configuration software on Windows. I've also had one WPC11 and one W
  • I'm far from an expert on the subject, so someone please stop me if I've got my facts wrong. But I think this is accurate...

    I beleive it's smarter not to use 128bit, but rather use 64 bit (which is really 40 bit encryption, by the way, since 14 of them are not random).

    Here's why.

    WEP provides no real privacy. The algorithm has been cracked wide open, and there are readily available exploits. Also, the known exploits scale linearly, so using twice as many bits only gives a 2x increase in crack time. In
    • I've seen tools that brute-force 64bit, but can only do a dictionary attack on 128. I would guess that someone has written a brute force tool for 128, but it is a larger keyspace to check.

      I do agree with you though that anyone that cares for security should be running some sort of a vpn over the wireless link.

  • Disable WEP and don't worry about it. WEP is easily cracked and, more importantly, it encourages bad habits - if you use strong end to end encryption, you don't need it; if you don't use encryption, your data is being sent in plain-text from the point it leaves your WAP.
  • I have had many cases where people had problem caused by linksys products. Often a firmware upgrade did the trick.
    I think it was funny when I heard that Cisco bought Linksys, truly they wanted part of the low,low,low-end market for real this time. And as others has pointed out, all network devices are not created equal, even if they perform the same function. In the case of SOHO products like these, it hardly matters. It only matter when some "bright" minds thinks they can same money on using SOHO product

Slashdot Top Deals

If you think the system is working, ask someone who's waiting for a prompt.

Close