PDA

View Full Version : Squeezebox wireless, 3COM AP, 128bit WEP problem



Cedric Tang
2004-12-30, 02:23
Hi all
Thanks for all the responses.
I agree that doing VPN and stuff is an overkill. But
since have only 1 AP at home and I live in a flat
where I can pick up at least 1/2 a dozen other APs
broadcasting, certainly I would like some sort of
security.

Slimdevices support is quite helpful but they asked me
to check with 3COM if there will have a new firmware
for my AP with the option to change between share/open
key (currently no). I am not an expert in WLAN but I
would imagine it is something they can fix the
share/open key issue in the SB firmware. While I was
considering buying the SB, WEP encryption was the last
of my concerns, I had just expected this to work fine
out of the box since slimdevices is producing 2
versions of the SB. I even tried running Softsqueeze
to test functionality etc, so encountering this WEP
problem is a bit of a disappointment. Nevertheless the
SB is a great device in terms of functionality and
useability (I am using the wired lan now for the
moment, but I think I will get another AP).

Cheers
Cedric

--- Jules Taplin <slim-discuss (AT) ourhouse (DOT) org.uk>
wrote:
> Really? I've got 5 Squeezeboxes... 3 of them are
> permanently attached
> wirelessly, and I've never had any WEP difficulties,
> either with a B
> NetGear AP, or (more recently) with a B/G Linksys
> AP.
>
> To date, I've had exactly two problems - the first
> is interferance from
> the Microwave Oven in the kitchen, which meant audio
> drop-outs in the
> Kitchen when it was on. That was solved (for the
> most part) by moving
> the AP to somewhere that wasn't line-of-sight to the
> Microwave, and is
> hardly fair. The second was replacing the AP with
> the Linksys one - I
> set up the WEP key and network name to be identical
> to the old AP, but
> the Squeezeboxes weren't fooled... they needed a
> complete reset to fall
> for the new device.
>
> However... if you're really going to go ape about
> securing your
> networks, then I'd suggest a plan something like the
> following:
>
> For the Squeezeboxes - place them on a separate LAN
> segment, with their
> own AP. On that segment, disable SSID broadcast,
> enable WEP, filter by
> MAC address, and set up the squeezeboxes manually
> (you don't want to
> provide DHCP into that segment, for starters). As
> far as attaching the
> AP to the network, I'd suggest you place that AP
> into a separate
> firewall device, and restrict it to squeezebox
> protocol ports only.
>
> Then... for any other wireless requirement you have,
> I'd say you're
> close to being on the right lines. Set up a separate
> AP, disable SSID
> broadcast (chose a separate SSID to your squeezebox
> LAN), enable WEP
> (separate keyset, of course), and then connect that
> AP to another device
> that can terminate IPSEC or similar as a private VPN
> for your laptop or
> whatever.
>
> That oughta keep you safe. Although... even I don't
> bother with all of that.
>
>
> -- Jules
>
>
> Segedunum wrote:
>
> > On Wed, 29 Dec 2004 01:44:41, Cedric Tang wrote:
> > > I recently bought a SB Wireless hoping to hook
> it up to my 3COM
> > a/b/g AP with 128bit WEP enabled but
> > > unfortunately I still couldn't get it to work
> after numerous attempts.
> >
> > I sympathise, and I can assure you that everyone
> is having, or has
> > had, the same problem. WEP never really seems to
> work properly with
> > any access point. You'll get dropped connections
> or it just flat out
> > won't work in some circumstances.
> >
> > The problem seems to be compounded with dual B/G
> access points.
> > Remember that the Squeezebox is a B device. Some
> access points will
> > work absolutely fine with G only, but as soon as
> you throw a B device
> > into the mix it all throws a wobbler.
> >
> > The only thing I did was to turn off WEP, filter
> by MAC address and
> > turn off the SSID broadcast. Turning off the SSID
> broadcast is
> > probably the best thing you can do as people will
> not immediately know
> > a network is there, and make absolutely sure you
> change the default AP
> > password. If people are actively scanning for
> networks they *are*
> > going to get around WEP - it's that simple. For
> all the personal
> > traffic I want to keep secure I have my own
> private VPN, but that of
> > course can't work with the Sqeezebox and you need
> a computer running
> > as a server to do it.
> >
> > Also, lock the Slimserver down via the a password
> and an IP address
> > range.
> >
> > Just wondering - what other security methods can
> people take besides
> > using the usual wireless stuff? What possibilities
> are there for
> > locking the Squeezebox itself down further, maybe
> through password
> > protection. Is this all done through the
> Slimserver?
> >
> > Cheers,
> >
> > David
> >

Jules Taplin
2004-12-30, 05:59
Interestingly, though, we did throw out a number of 3COM AP's at work
(and replaced them with LinkSys's), because we had trouble getting 128
bit WEP to work on anything but 3COM Wireless Cards. They were pretty
old, and were of the era when you needed to get activation keys to even
allow something as 'secure' as 128-bit WEP (even though it's not really
128 bit, of course) to be allowed outside the US. I always assumed that
it was their age, rather than their manufacturer, but maybe they're
still wonky.

-- Jules

Cedric Tang wrote:

>Hi all
>Thanks for all the responses.
>I agree that doing VPN and stuff is an overkill. But
>since have only 1 AP at home and I live in a flat
>where I can pick up at least 1/2 a dozen other APs
>broadcasting, certainly I would like some sort of
>security.
>
>Slimdevices support is quite helpful but they asked me
>to check with 3COM if there will have a new firmware
>for my AP with the option to change between share/open
>key (currently no). I am not an expert in WLAN but I
>would imagine it is something they can fix the
>share/open key issue in the SB firmware. While I was
>considering buying the SB, WEP encryption was the last
>of my concerns, I had just expected this to work fine
>out of the box since slimdevices is producing 2
>versions of the SB. I even tried running Softsqueeze
>to test functionality etc, so encountering this WEP
>problem is a bit of a disappointment. Nevertheless the
>SB is a great device in terms of functionality and
>useability (I am using the wired lan now for the
>moment, but I think I will get another AP).
>
>Cheers
>Cedric
>
> --- Jules Taplin <slim-discuss (AT) ourhouse (DOT) org.uk>
>wrote:
>
>
>>Really? I've got 5 Squeezeboxes... 3 of them are
>>permanently attached
>>wirelessly, and I've never had any WEP difficulties,
>>either with a B
>>NetGear AP, or (more recently) with a B/G Linksys
>>AP.
>>
>>To date, I've had exactly two problems - the first
>>is interferance from
>>the Microwave Oven in the kitchen, which meant audio
>>drop-outs in the
>>Kitchen when it was on. That was solved (for the
>>most part) by moving
>>the AP to somewhere that wasn't line-of-sight to the
>>Microwave, and is
>>hardly fair. The second was replacing the AP with
>>the Linksys one - I
>>set up the WEP key and network name to be identical
>>to the old AP, but
>>the Squeezeboxes weren't fooled... they needed a
>>complete reset to fall
>>for the new device.
>>
>>However... if you're really going to go ape about
>>securing your
>>networks, then I'd suggest a plan something like the
>>following:
>>
>>For the Squeezeboxes - place them on a separate LAN
>>segment, with their
>>own AP. On that segment, disable SSID broadcast,
>>enable WEP, filter by
>>MAC address, and set up the squeezeboxes manually
>>(you don't want to
>>provide DHCP into that segment, for starters). As
>>far as attaching the
>>AP to the network, I'd suggest you place that AP
>>into a separate
>>firewall device, and restrict it to squeezebox
>>protocol ports only.
>>
>>Then... for any other wireless requirement you have,
>>I'd say you're
>>close to being on the right lines. Set up a separate
>>AP, disable SSID
>>broadcast (chose a separate SSID to your squeezebox
>>LAN), enable WEP
>>(separate keyset, of course), and then connect that
>>AP to another device
>>that can terminate IPSEC or similar as a private VPN
>>for your laptop or
>>whatever.
>>
>>That oughta keep you safe. Although... even I don't
>>bother with all of that.
>>
>>
>>-- Jules
>>
>>
>>Segedunum wrote:
>>
>>
>>
>>>On Wed, 29 Dec 2004 01:44:41, Cedric Tang wrote:
>>>
>>>
>>>>I recently bought a SB Wireless hoping to hook
>>>>
>>>>
>>it up to my 3COM
>>
>>
>>>a/b/g AP with 128bit WEP enabled but
>>>
>>>
>>>>unfortunately I still couldn't get it to work
>>>>
>>>>
>>after numerous attempts.
>>
>>
>>>I sympathise, and I can assure you that everyone
>>>
>>>
>>is having, or has
>>
>>
>>>had, the same problem. WEP never really seems to
>>>
>>>
>>work properly with
>>
>>
>>>any access point. You'll get dropped connections
>>>
>>>
>>or it just flat out
>>
>>
>>>won't work in some circumstances.
>>>
>>>The problem seems to be compounded with dual B/G
>>>
>>>
>>access points.
>>
>>
>>>Remember that the Squeezebox is a B device. Some
>>>
>>>
>>access points will
>>
>>
>>>work absolutely fine with G only, but as soon as
>>>
>>>
>>you throw a B device
>>
>>
>>>into the mix it all throws a wobbler.
>>>
>>>The only thing I did was to turn off WEP, filter
>>>
>>>
>>by MAC address and
>>
>>
>>>turn off the SSID broadcast. Turning off the SSID
>>>
>>>
>>broadcast is
>>
>>
>>>probably the best thing you can do as people will
>>>
>>>
>>not immediately know
>>
>>
>>>a network is there, and make absolutely sure you
>>>
>>>
>>change the default AP
>>
>>
>>>password. If people are actively scanning for
>>>
>>>
>>networks they *are*
>>
>>
>>>going to get around WEP - it's that simple. For
>>>
>>>
>>all the personal
>>
>>
>>>traffic I want to keep secure I have my own
>>>
>>>
>>private VPN, but that of
>>
>>
>>>course can't work with the Sqeezebox and you need
>>>
>>>
>>a computer running
>>
>>
>>>as a server to do it.
>>>
>>>Also, lock the Slimserver down via the a password
>>>
>>>
>>and an IP address
>>
>>
>>>range.
>>>
>>>Just wondering - what other security methods can
>>>
>>>
>>people take besides
>>
>>
>>>using the usual wireless stuff? What possibilities
>>>
>>>
>>are there for
>>
>>
>>>locking the Squeezebox itself down further, maybe
>>>
>>>
>>through password
>>
>>
>>>protection. Is this all done through the
>>>
>>>
>>Slimserver?
>>
>>
>>>Cheers,
>>>
>>>David
>>>