PDA

View Full Version : Squeezebox wireless, 3COM AP, 128bit WEP problem



Segedunum
2004-12-29, 13:29
On Wed, 29 Dec 2004 01:44:41, Cedric Tang wrote:
> I recently bought a SB Wireless hoping to hook it up to my 3COM a/b/g
AP with 128bit WEP enabled but
> unfortunately I still couldn't get it to work after numerous attempts.

I sympathise, and I can assure you that everyone is having, or has had,
the same problem. WEP never really seems to work properly with any
access point. You'll get dropped connections or it just flat out won't
work in some circumstances.

The problem seems to be compounded with dual B/G access points. Remember
that the Squeezebox is a B device. Some access points will work
absolutely fine with G only, but as soon as you throw a B device into
the mix it all throws a wobbler.

The only thing I did was to turn off WEP, filter by MAC address and turn
off the SSID broadcast. Turning off the SSID broadcast is probably the
best thing you can do as people will not immediately know a network is
there, and make absolutely sure you change the default AP password. If
people are actively scanning for networks they *are* going to get around
WEP - it's that simple. For all the personal traffic I want to keep
secure I have my own private VPN, but that of course can't work with the
Sqeezebox and you need a computer running as a server to do it.

Also, lock the Slimserver down via the a password and an IP address range.

Just wondering - what other security methods can people take besides
using the usual wireless stuff? What possibilities are there for locking
the Squeezebox itself down further, maybe through password protection.
Is this all done through the Slimserver?

Cheers,

David

Jules Taplin
2004-12-29, 18:49
Really? I've got 5 Squeezeboxes... 3 of them are permanently attached
wirelessly, and I've never had any WEP difficulties, either with a B
NetGear AP, or (more recently) with a B/G Linksys AP.

To date, I've had exactly two problems - the first is interferance from
the Microwave Oven in the kitchen, which meant audio drop-outs in the
Kitchen when it was on. That was solved (for the most part) by moving
the AP to somewhere that wasn't line-of-sight to the Microwave, and is
hardly fair. The second was replacing the AP with the Linksys one - I
set up the WEP key and network name to be identical to the old AP, but
the Squeezeboxes weren't fooled... they needed a complete reset to fall
for the new device.

However... if you're really going to go ape about securing your
networks, then I'd suggest a plan something like the following:

For the Squeezeboxes - place them on a separate LAN segment, with their
own AP. On that segment, disable SSID broadcast, enable WEP, filter by
MAC address, and set up the squeezeboxes manually (you don't want to
provide DHCP into that segment, for starters). As far as attaching the
AP to the network, I'd suggest you place that AP into a separate
firewall device, and restrict it to squeezebox protocol ports only.

Then... for any other wireless requirement you have, I'd say you're
close to being on the right lines. Set up a separate AP, disable SSID
broadcast (chose a separate SSID to your squeezebox LAN), enable WEP
(separate keyset, of course), and then connect that AP to another device
that can terminate IPSEC or similar as a private VPN for your laptop or
whatever.

That oughta keep you safe. Although... even I don't bother with all of that.


-- Jules


Segedunum wrote:

> On Wed, 29 Dec 2004 01:44:41, Cedric Tang wrote:
> > I recently bought a SB Wireless hoping to hook it up to my 3COM
> a/b/g AP with 128bit WEP enabled but
> > unfortunately I still couldn't get it to work after numerous attempts.
>
> I sympathise, and I can assure you that everyone is having, or has
> had, the same problem. WEP never really seems to work properly with
> any access point. You'll get dropped connections or it just flat out
> won't work in some circumstances.
>
> The problem seems to be compounded with dual B/G access points.
> Remember that the Squeezebox is a B device. Some access points will
> work absolutely fine with G only, but as soon as you throw a B device
> into the mix it all throws a wobbler.
>
> The only thing I did was to turn off WEP, filter by MAC address and
> turn off the SSID broadcast. Turning off the SSID broadcast is
> probably the best thing you can do as people will not immediately know
> a network is there, and make absolutely sure you change the default AP
> password. If people are actively scanning for networks they *are*
> going to get around WEP - it's that simple. For all the personal
> traffic I want to keep secure I have my own private VPN, but that of
> course can't work with the Sqeezebox and you need a computer running
> as a server to do it.
>
> Also, lock the Slimserver down via the a password and an IP address
> range.
>
> Just wondering - what other security methods can people take besides
> using the usual wireless stuff? What possibilities are there for
> locking the Squeezebox itself down further, maybe through password
> protection. Is this all done through the Slimserver?
>
> Cheers,
>
> David
>