WEP / WPA problems

Hello, everyone. This is my first time in a forum. The reason I'm here
is due to a rather heated discussion I had this evening with my teenage
son. I just purchased a new Dell desktop and was configuring the
Netgear router. I have learned that WPA is more secure than WEP, so
that's what I set it for. My son informed me that the last time I did
this, it ruined his gaming experience on his Alien gaming computer (both
computers run XP Home, SP2). He says that even having it on WEP slows
and even halts some of his games and causes "problems" with his
computer. He claims that no one can tap into our computers since they
don't have the password to the router, adding that they haven't been
able to hack into our computers in the two years that we've had no
secure encryption. And even if they did, they couldn't get into his
computer (he said my computer, which is directly connected to the
internet, would be safe). He showed me the routers in the area that we
can tap into and noted that we can't get into their computers. Please
help. If I truly need WPA, how can I configure it so that it won't
cause problems on my son's computer? Somehow, I think he's wrong about
people not being able to hack into our computers. I know a lot about
computers, can take them apart, etc., but wireless issues are rather
foreign to me. Thanks for any help you can provide. I'll eat dirt if
I'm wrong! I do tend to be overcautious.


------------------------------------------------------------------------
View this thread: http://www.wirelessforums.org/showthread.php?t=29513
http://www.wirelessforums.org

NancyB <(E-Mail Removed)> hath wroth:

>Hello, everyone. This is my first time in a forum. The reason I'm here
>is due to a rather heated discussion I had this evening with my teenage
>son.

With teenagers, it's either dead silence, or a heated discussion.
Nothing in between. He's normal.

>I just purchased a new Dell desktop and was configuring the
>Netgear router.

Model numbers? Operating system?

Check the Netgear site for firmware updates to the router.

>I have learned that WPA is more secure than WEP, so
>that's what I set it for.

Close. WEP is a giant gapeing security hole that is completely
useless for protecting a wireless network. WPA is still quite safe.

>My son informed me that the last time I did
>this, it ruined his gaming experience on his Alien gaming computer (both
>computers run XP Home, SP2). He says that even having it on WEP slows
>and even halts some of his games and causes "problems" with his
>computer.

WEP and WPA encryption will slow down a wireless connection about
10-15% as compared to unencrypted. Most users don't even notice it. I
get that much variation in test results when I run benchmarks. Point
him to Iperf:
<http://dast.nlanr.net/Projects/Iperf/>
and have him supply numbers for with and without encryption. If
there's a huge difference, something else might be happening. Out of
date firmware on the router could easily be a problem.

>He claims that no one can tap into our computers since they
>don't have the password to the router,

Wrong. That will only stop someone from reconfiguring the router. It
will not stop someone from using the wireless to connect to your
network, and eventually dive into his computer. If he has a personal
firewall running on his XP machine, then he's probably fairly safe.
However, my experience with gamers is that he's probably got a dozen
"holes" (IP ports that are forwarded) in his Windoze Firewall in order
to make this or that game work. If he's a speed freak, he probably
has the firewall disabled as that also eats a few CPU cycles.

>adding that they haven't been
>able to hack into our computers in the two years that we've had no
>secure encryption.

The issue is really why anyone would want to attack his computer or
your network. The reason he hasn't been broken into is that there's
nothing worth stealing on his machine. Also, most of the wireless
"tourists" aren't really interested in breaking into his machine. They
just want free internet access and want to use your wireless to get to
the internet. There's nothing wrong with that but it does carry a
risk. If they have a machine that's infected with a virus or worm,
you risk getting your machines infected, or the wrath of the ISP for
excessive traffic or becoming a source of spam. At the very least,
you should know who is borrowing your internet connection. In your
case, the security should not necessarily be to keep the evil bad guys
(like me) out of your system, but rather to make sure it doesn't get
abused.

>And even if they did, they couldn't get into his
>computer (he said my computer, which is directly connected to the
>internet, would be safe).

Not directly. Both your machines should be connected through the
router. Directly connected implies no router. Hopefully, that's not
the case.

>He showed me the routers in the area that we
>can tap into and noted that we can't get into their computers.

If they're running a personal firewall, that's true. However, simply
trying to test for open shares is not my idea of a proper security
test. There are exploits ranging from denial of service, crashing the
target computer, and sniffing traffic, that can be a problem without
getting access.

>Please
>help. If I truly need WPA, how can I configure it so that it won't
>cause problems on my son's computer?

Dunno. If WPA really does slow things down, there's something broken
or misconfigured. I can't tell from here or without lots of details.
Incidentally, most teenagers are into file sharing, which turns his
machine into a server. They tend to forget about this and wonder why
their machine is running slow. If he's going to complain about speed,
make sure he's got all his "servers" turned off when testing.

>Somehow, I think he's wrong about
>people not being able to hack into our computers.

No, he's close but for the wrong reason. Simple security measures
will stop most of the casual tourists and hackers. However, once
anyone can connect to your inside LAN (thus bypassing the firewall in
the router), there are quite a number of things that can be done. It's
best to keep unwanted users out of your network through proper
encryption, than to risk a suprise.

>I know a lot about
>computers, can take them apart, etc., but wireless issues are rather
>foreign to me.

Wireless is encapsulated ethernet. Anything you can do on an ethernet
switch or hub, you can do with wireless. You wouldn't want strangers
plugging into your ethernet switch. I see no reason to do the same
via wireless.

>Thanks for any help you can provide. I'll eat dirt if
>I'm wrong! I do tend to be overcautious.

Evaluate the risks. There are plenty of wide open home systems where
nothing overt ever happens. It really depends on the neighborhood,
neighbors, and how well you have the machines secured. I run a
neighborhood LAN with a mess of users borrowing the bandwidth. It's
not a problem because I monitor the traffic and limit access to those
users and machines that I know about. I tried it with a wide open
system for a few days and was blessed with a neighbor that just
couldn't keep the worms and viruses off his laptop.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

"NancyB" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> Hello, everyone. This is my first time in a forum. The reason I'm here
> is due to a rather heated discussion I had this evening with my teenage
> son. I just purchased a new Dell desktop and was configuring the
> Netgear router. I have learned that WPA is more secure than WEP, so
> that's what I set it for. My son informed me that the last time I did
> this, it ruined his gaming experience on his Alien gaming computer (both
> computers run XP Home, SP2). He says that even having it on WEP slows
> and even halts some of his games and causes "problems" with his
> computer. He claims that no one can tap into our computers since they
> don't have the password to the router, adding that they haven't been
> able to hack into our computers in the two years that we've had no
> secure encryption. And even if they did, they couldn't get into his
> computer (he said my computer, which is directly connected to the
> internet, would be safe). He showed me the routers in the area that we
> can tap into and noted that we can't get into their computers. Please
> help. If I truly need WPA, how can I configure it so that it won't
> cause problems on my son's computer? Somehow, I think he's wrong about
> people not being able to hack into our computers. I know a lot about
> computers, can take them apart, etc., but wireless issues are rather
> foreign to me. Thanks for any help you can provide. I'll eat dirt if
> I'm wrong! I do tend to be overcautious.
>
>
> ------------------------------------------------------------------------
> View this thread: http://www.wirelessforums.org/showthread.php?t=29513
> http://www.wirelessforums.org
>

My dad used to say - send your teenagers out into the business world while
they still know everything and can make a fortune for you.

I can't add anything technical to what Jeff has posted, just some
experience.
My approach with teenagers (grandchildren now) is to avoid any confrontation
on techincal grounds. Therefore I would simply put on the WPA2 and tell him
that if it is a problem to him, he can run some RJ45 cable to his computer.
End of discussion.

Stuart

On Thu, 27 Sep 2007 18:04:23 GMT, "Stuart Miller"
<(E-Mail Removed)> wrote:

>My dad used to say - send your teenagers out into the business world while
>they still know everything and can make a fortune for you.

Chuckle. They're more likely to lose a fortune for you, but that's
all part of getting experience. When I was an aspiring juvenile
delinquent, I would work at my fathers lingerie factory. I had no
idea what I could or couldn't do, so I just did everything. One thing
I learned was to quickly (and quietly) recover from my mistakes and
from minor disasters. Basic skills such as how to clean up 50 gallons
of machine oil I dumped on the shop floor, came quickly. Plugging the
hole I had blown in the elevator hydraulics tank (with a Ramset gun)
was also quickly learned. I don't think I made my father a fortune,
but I certainly didn't cost him one either.

>I can't add anything technical to what Jeff has posted, just some
>experience.

>My approach with teenagers (grandchildren now) is to avoid any confrontation
>on techincal grounds. Therefore I would simply put on the WPA2 and tell him
>that if it is a problem to him, he can run some RJ45 cable to his computer.
>End of discussion.

May I suggest you reconsider your advice?

I don't have any children or grandchildren (than I know about), so I
don't have the benifit of testing the following. However, when I was
younger, my father and other relatives would constantly challenge me
on technical grounds. When I didn't understand something or when the
explanation was over my head, we dragged out the Encyclopedia
Britannica or other reference books and did the necessary reading.
When I eventually proved my father wrong on some obscure topic, it was
as if I had won the Nobel prize.

In this case, the question is why is WEP and/or WPA so much slower
than unencrypted. Never mind the stopwatch timing and guesswork. Tell
the kid to put some numbers and measurements behind his claims and to
draw his conclusions only on test results, not unsubstantiated claims.
That's what my parents and relatives did with me and I can honestly
say it mostly worked.

I also had to think twice before asking for something. When I wanted
my bicycle replaced after a crunch, I was handed an oxy-acetylene
torch, helmet, glasses, gloves, rod, and some practice scrap metal. I
think I was the only 13 year old in my class that could braze fairly
well. When I blew up my mothers car (by driving 8000 miles without
changing the oil), I was presented with the car and told to rebuild
the engine if I wanted something to drive. Same with everything else
I destroyed growing up. Repair first, then replace, an important
lesson.

Incidentally, that's also where I learned the difference between
attacking the technical merits or the person whom I was in
disagreement. There's a huge difference here, which is often not
obvious to the typical teenager.


Anyway, if the kid ends up running his own CAT5 cable, have him do his
own connector crimps and wiring. It will probably need to be redone
perhaps 3 times, but in the end, he'll have picked up a useful skill.

--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558 (E-Mail Removed)
# http://802.11junk.com (E-Mail Removed)
# http://www.LearnByDestroying.com AE6KS

"Jeff Liebermann" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Thu, 27 Sep 2007 18:04:23 GMT, "Stuart Miller"
> <(E-Mail Removed)> wrote:
>

>
>>My approach with teenagers (grandchildren now) is to avoid any
>>confrontation
>>on techincal grounds. Therefore I would simply put on the WPA2 and tell
>>him
>>that if it is a problem to him, he can run some RJ45 cable to his
>>computer.
>>End of discussion.
>
> May I suggest you reconsider your advice?
>

Good suggestion. It was a rather poor choice of words. I welcome a technical
discussion or disagreement, in this case I was referring to real 'argument'
stage with the 'entrenched' teenage mind which sometimes refuses to accept
reason. "my mind is made up, don't both me with the facts'.


> I don't have any children or grandchildren (than I know about), so I
> don't have the benifit of testing the following. However, when I was
> younger, my father and other relatives would constantly challenge me
> on technical grounds. When I didn't understand something or when the
> explanation was over my head, we dragged out the Encyclopedia
> Britannica or other reference books and did the necessary reading.
> When I eventually proved my father wrong on some obscure topic, it was
> as if I had won the Nobel prize.
>
> In this case, the question is why is WEP and/or WPA so much slower
> than unencrypted. Never mind the stopwatch timing and guesswork. Tell
> the kid to put some numbers and measurements behind his claims and to
> draw his conclusions only on test results, not unsubstantiated claims.
> That's what my parents and relatives did with me and I can honestly
> say it mostly worked.

Agreed, and when he is proven wrong or refuses to do the homework or just
argues, then switch to 'beacuse I'm the dad (and pay the bills) - when you
are the dad you can do it your way'
>
> I also had to think twice before asking for something. When I wanted
> my bicycle replaced after a crunch, I was handed an oxy-acetylene
> torch, helmet, glasses, gloves, rod, and some practice scrap metal. I
> think I was the only 13 year old in my class that could braze fairly
> well. When I blew up my mothers car (by driving 8000 miles without
> changing the oil), I was presented with the car and told to rebuild
> the engine if I wanted something to drive. Same with everything else
> I destroyed growing up. Repair first, then replace, an important
> lesson.
>
> Incidentally, that's also where I learned the difference between
> attacking the technical merits or the person whom I was in
> disagreement. There's a huge difference here, which is often not
> obvious to the typical teenager.
>
....or fanatic or troll

>
> Anyway, if the kid ends up running his own CAT5 cable, have him do his
> own connector crimps and wiring. It will probably need to be redone
> perhaps 3 times, but in the end, he'll have picked up a useful skill.
>
> --
> # Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
> # 831-336-2558 (E-Mail Removed)
> # http://802.11junk.com (E-Mail Removed)
> # http://www.LearnByDestroying.com AE6KS