Hi all,

Eversince i bought my BA, i did not need to use Wlan on it (over a year now !!) but i am getting a bit frustrated in the last couple of days as i am unable to use it.
here is the situation - when i come to a place where i know there is a wifi signal (at my friends house) i tap the little icon on the bottom right side of the desktop screen and i get the "Wireless LAN manager" , i check the "Wireless LAN ON" checkbox and then tap "ok" . then the screen changes back to the desktop screen and i can see the little antenna in searching mode (accumulating dots beside it), then i get a popped up baloon asking if i wish to connect to "internet" or "work", i check the internet circle and tap ok (or connect - i dont remmember as i have no wifi signal at the moment), but than nothing happens - the little icon of the antenna is still searching and if i tap it i get the same "Wireless LAN manager" with no signal strength or any thing...if i try the internet explorer, it tries to connect via the GPRS connection...
PLEASE....HELP ANYONE.... :(

It's only a notion but I'd check your friend's WiFi AP. I set one up recently in our place. The device used is a Wireless G Broadband Router and Access Point (AP) which also has a net port (4 physical connections).
I couldn't get a murmur out of it on the simplest device... ancient Jornada 720 Win 2000 with Aironet 340 card (they are matched) although it was evident that all parts were working and the setup programs recognised each other as being there. Tried our Acer n30 next on a Safecom card. Same result. Head scratching.

Eventually a light bulb went on.
Tried a hard reset on the AP/Router. It re-set from one channel (11) to another (6). Everything suddenly started talking.

Next problem... and this is where it gets close to yours... how to stop everyone getting on and in.
The AP Router is full of encryption options from WEP up. Your gadget has to match the requirement from the AP/Router... that might mean a keyword used as a base for encryption or steadily more complex requirements... depends on what your friend's AP Router is set to.

My solution had to be simpler. I could not be bothered to prat about sticking code words all over the place every time I wanted to add a device... and getting encryptions to agree is sometimes not as easy as they'd have you believe.

Answer: Every net device, including the Xiis we now use, has a device specific MAC number.
The AP Router has a table you can enter MAC numbers you want to permit access to... so you needn't fool around with all the clever stuff.
Our AP Router now has our MAC numbers in the table and permits access to them only.
The XDA iis reveals it's MAC number when you tell it to look for a connection.
We now have a WiFi AP serving an ancient egyptian Jornada 720, an Acer N30, an XDAiis, an ordinary PC (using one of the old PCMICIA Aironet Cards which configure on anything with windoze and are dirt cheap on eBay as they're only 802.11b) , and a Sony Vaio Laptop (also using an Aironet), all into a single broadband account.
So check with your chum and see what his settings on his WiFi are. Maybe try a hard re-set on it too if poking about in the admin program doesn't help.

QF



Hi all,

Eversince i bought my BA, i did not need to use Wlan on it (over a year now !!) but i am getting a bit frustrated in the last couple of days as i am unable to use it.
here is the situation - when i come to a place where i know there is a wifi signal (at my friends house) i tap the little icon on the bottom right side of the desktop screen and i get the "Wireless LAN manager" , i check the "Wireless LAN ON" checkbox and then tap "ok" . then the screen changes back to the desktop screen and i can see the little antenna in searching mode (accumulating dots beside it), then i get a popped up baloon asking if i wish to connect to "internet" or "work", i check the internet circle and tap ok (or connect - i dont remmember as i have no wifi signal at the moment), but than nothing happens - the little icon of the antenna is still searching and if i tap it i get the same "Wireless LAN manager" with no signal strength or any thing...if i try the internet explorer, it tries to connect via the GPRS connection...
PLEASE....HELP ANYONE.... :(

Next problem... and this is where it gets close to yours... how to stop everyone getting on and in.

[snip]

Answer: Every net device, including the Xiis we now use, has a device specific MAC number.
The AP Router has a table you can enter MAC numbers you want to permit access to... so you needn't fool around with all the clever stuff.
Our AP Router now has our MAC numbers in the table and permits access to them only.
The XDA iis reveals it's MAC number when you tell it to look for a connection.
We now have a WiFi AP serving an ancient egyptian Jornada 720, an Acer N30, an XDAiis, an ordinary PC (using one of the old PCMICIA Aironet Cards which configure on anything with windoze and are dirt cheap on eBay as they're only 802.11b) , and a Sony Vaio Laptop (also using an Aironet), all into a single broadband account.


QF,

Are you aware that it's a fairly simple task for someone to spoof a MAC?

And in that you haven't implemented any kind of encryption that means you're broadcasting everything in the clear ... which means that anyone who wishes to access your network needs only wait until they pick up one of your valid MAC's and they're in.

Blocking MAC's is useful ... but enabling WEP (even though we all know it's not going to stop a determined attempt at penetration) will do more to keep out a casual 'visitor'. If your clients can handle WPA-PSK (which may not be the case) given a sufficiently long and random passphrase the only attack is bruteforce which can take years.

Implementing decent security just isn't that hard ... there are plenty of howto's on the net that will walk someone through everything from getting WEP going right through to setting up a VPN.

Yol,

Your friend may have set up some kind of encryption on his Access Point ... if he's connecting to it with a client then he should know what he's using.

If he's NOT connecting to it then check the manual and have a look at the settings on the Access Point. Almost all Access Points will let you connect to them using a web browser.

So if (as an example) your friends AP is at 192.168.1.254 you just plug that into your web browser on a computer that is on the network (in other words, NOT from your BA).

You'll then need to navigate your way to the settings for Wireless security (I can't help you with that ... it's different for pretty much every brand of AP) and see what's set up.

Once you know what the required settings ARE for his AP you need to configure your phone to match. Not having a BA I can't really help with that either ... but I'm sure someone else here can. :D

I just knew there'd be a more complicated way ;-))...

Seriously Mr Doormat... Thanks for the heads up though.
This guy was just hanging here without a response this morning when I found this XDA board.

I tested our net pretty hard but I was unable to get in without a valid MAC and could find no way of revealing one... not to say there isn't one... I just couldn't find it... which apparently doesn't mean a lot.

What would they gain by getting in though?
Interent Access... sure, but not access to our systems as there is no network in that sense surely? So we could lose bandwidth?

We have the AP/Router open for web access only AFAIK.
The only physical connection is the one you mention... to the computer via the Ethernet card, which accesses the Admin Menu.
I'm unable to get any access around logged in machines myself and I'm on the admin machine.
I dloaded WiFi for Dummies but, as usual, I haven't got past the boring bit in the front where they describe what you are dealing with rather than what you can do to/with it.

I tried bringing in WEP on the AP and setting the old Jornada to WEP too. Firstly it slowed everything to a crawl... and a Jornada is not quick at this anyway as you can imagine... and then the on-board Jornada driver decided to "dis-associate" itself... which is of course Jornada for "adios amigos"... and stopped working altogether.

I picked up a Safecom 802.11g PCMCIA card to try in the laptop, but it really hated that and refused to see it in the end. But it really loves the old Aironets.

Both Vaio and PC are on a nice Windoze XP SP2, from our friends at Appznet. The Jornada is Win 2000, and the two Pocket PCs are 2003.

I looked for a walk thru for bringing this AP on stream. Even the suppliers were baffled... until we did the hard re-set and the channel changed. I don't know what else changed.

As for bringing security on stream... well I tried sorting out the lowest common denominator... the oldest handhelds... they balked at it and I reverted to the last good setting... an old tradition.

It seems to be a question of finding the level for whatever you have.
I can allegedly bring 802.11g on with this PCMCIA card and the AP, but if I do the XDA can only do 802.11b can't it? As can the Safecom for the Acer.

I am so pleased to have found a forum for the XDA, but you'll understand I hope that I'm a bit bemused to find the first topic I get into is WiFi. I thought that had been sorted... I should have known better. :-))

Any information you feel relevant to this would be much appreciated. Jornada forums are all but dead now. The Acer N30 is having an unusual revival for no reason I can think of. And the AP Router is from a pleasant bunch of folks, but they eveidently know about as much as I do.

QF



Next problem... and this is where it gets close to yours... how to stop everyone getting on and in.

[snip]

Answer: Every net device, including the Xiis we now use, has a device specific MAC number.
The AP Router has a table you can enter MAC numbers you want to permit access to... so you needn't fool around with all the clever stuff.
Our AP Router now has our MAC numbers in the table and permits access to them only.
The XDA iis reveals it's MAC number when you tell it to look for a connection.
We now have a WiFi AP serving an ancient egyptian Jornada 720, an Acer N30, an XDAiis, an ordinary PC (using one of the old PCMICIA Aironet Cards which configure on anything with windoze and are dirt cheap on eBay as they're only 802.11b) , and a Sony Vaio Laptop (also using an Aironet), all into a single broadband account.


QF,

Are you aware that it's a fairly simple task for someone to spoof a MAC?

And in that you haven't implemented any kind of encryption that means you're broadcasting everything in the clear ... which means that anyone who wishes to access your network needs only wait until they pick up one of your valid MAC's and they're in.

Blocking MAC's is useful ... but enabling WEP (even though we all know it's not going to stop a determined attempt at penetration) will do more to keep out a casual 'visitor'. If your clients can handle WPA-PSK (which may not be the case) given a sufficiently long and random passphrase the only attack is bruteforce which can take years.

Implementing decent security just isn't that hard ... there are plenty of howto's on the net that will walk someone through everything from getting WEP going right through to setting up a VPN.

Yol,

Your friend may have set up some kind of encryption on his Access Point ... if he's connecting to it with a client then he should know what he's using.

If he's NOT connecting to it then check the manual and have a look at the settings on the Access Point. Almost all Access Points will let you connect to them using a web browser.

So if (as an example) your friends AP is at 192.168.1.254 you just plug that into your web browser on a computer that is on the network (in other words, NOT from your BA).

You'll then need to navigate your way to the settings for Wireless security (I can't help you with that ... it's different for pretty much every brand of AP) and see what's set up.

Once you know what the required settings ARE for his AP you need to configure your phone to match. Not having a BA I can't really help with that either ... but I'm sure someone else here can. :D

I just knew there'd be a more complicated way ;-))...

There is always a more complicated way ... that's part of the fun, I think :D



I tested our net pretty hard but I was unable to get in without a valid MAC and could find no way of revealing one... not to say there isn't one... I just couldn't find it... which apparently doesn't mean a lot.

What would they gain by getting in though?
Interent Access... sure, but not access to our systems as there is no network in that sense surely? So we could lose bandwidth?


Yes and No.

An unsecured AP provides a simple means for someone to access the Net anonymously. For someone with malicious intent this has great advantages, as you can imagine. And whatever they might do would be traced back to you.

Don't get me wrong ... I'm not suggesting that there is a pack of rabid hackers circling your place using your wifi as an initial entry point to permit them to realise their schemes to bring down the Internet and western civilisation ;-)

But, as I often point out to my clients ... How would you feel if you found out that in the middle of the night someone used your unsecure AP to upload a couple of hundred MB of kiddie porn? And that you then had to prove that it wasn't YOU.

I admit - it's unlikely and a bit graphic ... but it IS a possible senario.

Less dramtically there is the cost. I'm not sure what your deal is with your ISP ... but in Australia a lot of people have quota's - a given data allowance per month, after which they are either charged excess data rates or are shaped to narrowband speeds. I imagine it would suck to experience either because someone has been downloading movies over your wifi.


We have the AP/Router open for web access only AFAIK.


It is fairly simple to tunnel any kind of connection through port 80 (which is used for http). Goggle for http AND tunnel and count the hits.


I tried bringing in WEP on the AP and setting the old Jornada to WEP too. Firstly it slowed everything to a crawl... and a Jornada is not quick at this anyway as you can imagine... and then the on-board Jornada driver decided to "dis-associate" itself... which is of course Jornada for "adios amigos"... and stopped working altogether.


There is, of course, an overhead with WEP or any other encryption scheme. I personally haven't ever had a problem, although I know some who have.

Generally they found updating the firmware on the router/AP end, and using the latest drivers for their client got them the best performance. YMMV of course.



I looked for a walk thru for bringing this AP on stream. Even the suppliers were baffled... until we did the hard re-set and the channel changed. I don't know what else changed.


Quite possibly nothing ... it is not uncommon for people (even people who should know better) to focus on everything but the channel. Everyone does it :D


As for bringing security on stream... well I tried sorting out the lowest common denominator... the oldest handhelds... they balked at it and I reverted to the last good setting... an old tradition.


If WEP is your only common denominator and updating firmware and drivers doesn't improve your peformance sufficiently under WEP then there is one security measure that I routinely employ, which rarely seems to be mentioned. TURN THE WIFI OFF WHEN YOU AREN'T USING IT.

Case in point ... my home AP is currently running (I see no point in power cycling it over and over) but the wireless is disabled. It takes 30 seconds to browse to the setting on the menu to enable it. It then takes about 30 seconds before I can associate. Before I go to bed at night I make sure that the wireless on the AP is disabled ... I'm not going to be using it so there's no need for it.

There is a lot of discussion about how easy it is to crack WEP ... and it IS easy. IF you have the hardware and sofware and know what you're doing, etc. I should point out that I do NOT have the setup to crack a WEP key ... but I've studied it sufficiently so that I know it's not really secure. BUT it will keep the majority of those who wish to jump on your bandwidth out. So if you can get it going, do so.


The other aspect is the security of what you are moving across the network. Internet banking, for example, is pretty secure as the data is encrypted anyway. But your usernames and passwords for your email, forum accounts, and anything that you are sending that isn't encrypted by default is being broadcast in clear.

This only becomes a problem IF someone is bothering to gather the packets being broadcast and then extracts the relevant info from all the other noise. Which is probably pretty unlikely. Unless, like a mate of mine, you live in a block of apartments with 3 unsecure wifi AP's in reach. I recently suggested that if he were to sell his flat, he could get more by pointing out that it came with free internet :D

Now thats what I call some good advice. A lot of the topics in this board are a bit over my head... upgrading or cooking new ROMs for example... but this is good practical advice for relatively simple old boys like me.

Our police are so good at arresting people who are not criminals, and so bad at catching those who are, that it is more than likely that bandwidth stolen to upload stuff like porn would land us in prison. They are pathalogically unable to admit that they themselves lie as much as the criminals do and deliberately cause miscarriages of justice now, so unless you can produce an iron-clad case then you are stuffed. They stopped policing some time ago when they started working for the government.

Eight of them performed a judicial murder in the tube, in full view of everyone, and still they deny that they were responsible for a needless death. That about sums them up now. Overpowered and Overpowering.
Sometimes I'm glad I'm confined to the house and the locale so much.

I will certainly turn off the WiFi when not in use. Thanks a lot for the tip.

<Less dramtically there is the cost. I'm not sure what your deal is with your ISP ... but in Australia a lot of people have quota's - a given data allowance per month, after which they are either charged excess data rates or are shaped to narrowband speeds. I imagine it would suck to experience either because someone has been downloading movies over your wifi.>

Here in the increasingly Orwellian UK we use an outfit called ntl. The deal we have is £25 pm 2Gig Broadband and (as yet) no practical dload limits. Although traffic limits are in the agreements, no one so far has reported a penalty. I stayed on 512k for a while when they brought them in, as the limit on there was far higher. But next door went on the 10Gig and dloaded more in a week than I had in a year (films mostly I think) and suffered no hit from ntl.

<It is fairly simple to tunnel any kind of connection through port 80 (which is used for http). Goggle for http AND tunnel and count the hits.>

This I must look into further. Thanks.

<
I tried bringing in WEP on the AP and setting the old Jornada to WEP too. Firstly it slowed everything to a crawl... and a Jornada is not quick at this anyway as you can imagine... and then the on-board Jornada driver decided to "dis-associate" itself... which is of course Jornada for "adios amigos"... and stopped working altogether.


There is, of course, an overhead with WEP or any other encryption scheme. I personally haven't ever had a problem, although I know some who have. >

I'll try the WEP once more.

<Generally they found updating the firmware on the router/AP end, and using the latest drivers for their client got them the best performance. YMMV of course. >

This AP/Router is UD'd to date AFAIK. Drivers for the old Jornadas are built-in to the ROM... they don't do Firmware... it's hard wired. I'll really have to retire them I suppose. They're prematurely becoming as anachronistic as my old Atari Portolio and DIPs. :-))


This is the kicker... simple, effective, and easily done by the punter. The mark of the professional at work.

<If WEP is your only common denominator and updating firmware and drivers doesn't improve your peformance sufficiently under WEP then there is one security measure that I routinely employ, which rarely seems to be mentioned. TURN THE WIFI OFF WHEN YOU AREN'T USING IT.>


<Case in point ... >

Funny you should mention flats. There are some next door and some houses on the other side.
Yesterday our XDAiis and PC notified me that a net was operational and the usual "did I want to connect". I didn't then.
However after reading your post I have.
You're right again. I needn't have bothered with all the work I did WiFi-ing, and the £40 for the AP/Router. This lets the XDA and our laptop in the upstairs sitting room on-line anyway.

My initial task was to get off dial-up in the upstairs sitting room and on to our downstairs BB account... saving the cost of the old account and the extra phone line we had put in, then to re-direct that saving to upping the BB speed.

The AP is off at night anyway... my lady won't have electrics on (aside from the phone) at night... and religiously goes round shutting them off b4 we retire.

I'm going to get my nose back into WiFi for Dummies now, and another one I just 'found' called Wireless Network Hacks and Mods. Please let me know if anything else occurs to you.

QF

This AP/Router is UD'd to date AFAIK. Drivers for the old Jornadas are built-in to the ROM... they don't do Firmware... it's hard wired. I'll really have to retire them I suppose. They're prematurely becoming as anachronistic as my old Atari Portolio and DIPs. :-))


I love old hardware ... I think it's a shame to waste it and with the passion everyone has for 'latest and greatest' one can pick up 'outdated' stuff really cheap.

Add to that the fact that never I upgrade OS or software unless it very clearly provides something that I really want. So I can totally empathise with your desire to keep the Jornada alive as it were.

I'll send you a PM, as we're really drifting into stuff that has little relevance to these forums. :D

YOL anyone having WIFI WIRELESS PROBLEM

http://forum.xda-developers.com/viewtopic.php?t=40712&highlight=wifi+problem

read this thread fully.. should help..

I tested our net pretty hard but I was unable to get in without a valid MAC and could find no way of revealing one... not to say there isn't one... I just couldn't find it... which apparently doesn't mean a lot.

What would they gain by getting in though?
Interent Access... sure, but not access to our systems as there is no network in that sense surely? So we could lose bandwidth?


Yes and No.

An unsecured AP provides a simple means for someone to access the Net anonymously. For someone with malicious intent this has great advantages, as you can imagine. And whatever they might do would be traced back to you.


More importantly, once someone has access to the wireless side of your router (i.e., you don't use encryption or you use WEP/WPA-PSK and they cracked your key/passphrase), it's possible for them to poison the ARP tables and launch a man-in-the-middle (MITM) attack against BOTH your wireless clients AND the wired clients plugged into the router. This sounds hard, but it actually quite simple with a tool like Cain. Once they are set up as a MITM, anything goes, including attacks on your SSH connections and web browser SSL sessions (i.e., https). A successful MITM attack such as this can compromise all of the data in these "secure" connections, including usernames, passwords, PINs, etc.

It is very important to lock down the wireless side of your router, even if you do all of your "sensitive" surfing from the wired side. Also, you should always be careful when accepting certificates for secure sites in your web browser. For more information, I suggest you read this whitepaper: http://www.eecs.umich.edu/~aprakash/eecs588/handouts/arppoison.pdf.

Good luck,
Paul