Impact of WEP on connectivity

Discussion in 'Wireless Internet' started by Gav, Dec 15, 2003.

  1. Gav

    Gav Guest

    Hi,

    I have an 802.11b AP (unknown make) and a PC with a Netgear MA311 PCI
    card installed a few rooms away. With WEP turned off (but MAC
    filtering enabled) it works good enough, signal strength is about 65%
    and link quality about 45%.

    However, if I enable WEP it no longer works - or at best
    intermittently if I am lucky (I have of course double-checked the
    key). This happens with both 64 and 128 bit encryption.

    Since the signal is not great could enabling WEP introduce just enough
    of an overhead that, coupled with the weakish signal results in
    timeouts or some other connection failure?

    If I cant use WEP just how safe is MAC filtering? (I know MAC can be
    spoofed). I am not really that concerned about people intercepting
    packets of data but am worried about unauthorized use of my
    bandwidth. With MAC filtering enabled and SSID broadcasting off, can
    would be hackers you still detect my AP?

    thanks for any info guys,

    Gav :-D
     
    Gav, Dec 15, 2003
    #1
    1. Advertisements

  2. Gav

    gary Guest

    You don't say how it fails. Does it never connect at all?

    If it sometimes connects and moves IP traffic in both directions, then you
    have it configured correctly. It needs to be configured correctly in both
    directions - the keylists on the router and the client need to be identical
    and in identical order.

    Let's assume you have it configured correctly. Some older 802.11b equipment
    takes a performance hit when using WEP, because on older gear the encryption
    is done on the host CPU and not on the adapter. If your client host is
    underpowered, or running too many tasks, the overhead from WEP could push it
    over the edge.

    If this is what is happening, then a marginal signal probably would make it
    worse, because data loss due to frame errors might be compounded by frame
    loss due to queue overruns or underruns.

    You can test this by moving the router right next to the client. If you
    still get intermittent connectivity with WEP on, then signal strength is not
    really the issue, but WEP cpu requirements might be. If performance
    improves, then you need improve your signal quality.

    If you're worried about someone hijacking your ISP service, MAC filtering
    won't really help much at all . An intruder only has to monitor your network
    for a few minutes to find out what your MAC addresses are, then come back
    later when you're not using the net and spoof one of them. WEP can certainly
    be cracked, but they have to hang around a lot longer to do it. And if you
    change your keys frequently, an intruder is likely to look for one of the
    hundreds of less-protected targets out there.
     
    gary, Dec 15, 2003
    #2
    1. Advertisements

  3. Gav

    Gav Guest

    Hi,

    Thanks for your response.
    It did connect briefly, in fact I was able to browse a few web pages
    but then it would cease to function. The PCI card is on a windows 98
    client, after the connection failed I tried to ping the Access Point
    but could not - I could ping it however with WEP off. Excuse my
    ignorance of wifi but if I am in range of an AP and have a signal but
    DO NOT have the right WEP key, would I still be able to ping the AP?

    If this is the case then this all must be due to a weak signal, as I
    mentioned my AP is of unknown origin however, it does seem to have
    some sort of extra socket on the back (aside from the two antenna) - I
    wonder if I might be able to get some generic large antenna to boost
    the signal range?

    thanks!

    Gav
     
    Gav, Dec 16, 2003
    #3
  4. Gav

    gary Guest

    Pings are WEP-encrypted. If your connection is working with WEP up to a
    point, and then fails, I woudn't expect ping to work. It does sound like a
    signal strength problem exacerbated by WEP processing requirements, but it
    still could be purely a WEP issue. I have no idea how your no-name AP works.
    Do you have a manual? Does it try to do something "clever" like
    automatically switch to a new key in its list? Are you absolutely sure that
    the keylists in the AP and the client are identical and in identical order?
    I would test by putting the router and the PC near one another to get a
    strong signal. If you still have WEP problems, then signal strength is not a
    factor.
    There are lots of threads on this list discussing external antennas, corner
    reflectors, and other solutions to strengthen your signal. I've never tried
    any of these, so I leave recommendations to others. You might check the
    Google archive for this list at

    http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&group=alt.internet&gidx=20
     
    gary, Dec 16, 2003
    #4
  5. Gav

    RN Guest

    ---> My reply to what gary wrote 12/16/2003 1:58:03 PM

    One thing you may want to try, turn the Authentication off on both your card
    and the AP (Set it for open). This not only improves security (so they say)
    but I have found that if you are trying to use WEP on two (the AP and card)
    that are not the same manufacturer it helps.

    Worth a try

    ----------------------- Original Message ------------------------------



    Pings are WEP-encrypted. If your connection is working with WEP up to a
    point, and then fails, I woudn't expect ping to work. It does sound like a
    signal strength problem exacerbated by WEP processing requirements, but it
    still could be purely a WEP issue. I have no idea how your no-name AP works.
    Do you have a manual? Does it try to do something "clever" like
    automatically switch to a new key in its list? Are you absolutely sure that
    the keylists in the AP and the client are identical and in identical order?
    I would test by putting the router and the PC near one another to get a
    strong signal. If you still have WEP problems, then signal strength is not a
    factor.
    There are lots of threads on this list discussing external antennas, corner
    reflectors, and other solutions to strengthen your signal. I've never tried
    any of these, so I leave recommendations to others. You might check the
    Google archive for this list at

    http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&group=alt.internet&gidx=20



    [Some portions of this message may have been removed]

    --------------------- Original Message Ends ------------------------
     
    RN, Dec 16, 2003
    #5
  6. Gav

    RN Guest

    ---> My reply to what RN wrote 12/16/2003 2:32:46 PM

    I am sorry, you set it to open in your AP not your card


    ----------------------- Original Message ------------------------------


    ---> My reply to what gary wrote 12/16/2003 1:58:03 PM

    One thing you may want to try, turn the Authentication off on both your card
    and the AP (Set it for open). This not only improves security (so they say)
    but I have found that if you are trying to use WEP on two (the AP and card)
    that are not the same manufacturer it helps.

    Worth a try

    ----------------------- Original Message ------------------------------



    Pings are WEP-encrypted. If your connection is working with WEP up to a
    point, and then fails, I woudn't expect ping to work. It does sound like a
    signal strength problem exacerbated by WEP processing requirements, but it
    still could be purely a WEP issue. I have no idea how your no-name AP works.
    Do you have a manual? Does it try to do something "clever" like
    automatically switch to a new key in its list? Are you absolutely sure that
    the keylists in the AP and the client are identical and in identical order?
    I would test by putting the router and the PC near one another to get a
    strong signal. If you still have WEP problems, then signal strength is not a
    factor.
    There are lots of threads on this list discussing external antennas, corner
    reflectors, and other solutions to strengthen your signal. I've never tried
    any of these, so I leave recommendations to others. You might check the
    Google archive for this list at

    http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&group=alt.internet&gidx=20



    [Some portions of this message may have been removed]

    --------------------- Original Message Ends ------------------------



    [Some portions of this message may have been removed]

    --------------------- Original Message Ends ------------------------
     
    RN, Dec 16, 2003
    #6
  7. Gav

    gary Guest

    This might help if you can't connect with WEP at all. But if you have a
    connection that works, and then just stops, you already got past the
    association phase.l

     
    gary, Dec 17, 2003
    #7
  8. Gav

    Gav Guest

    Guys,

    OK After reading your advice I thought "ok I will check the keys one
    more time!" (about the 20th time) and guess what I FINALLY noticed -
    in the AP config there are 4 keys you can supply and underneath those
    textboxes is a dropdown box that lets you choose the key you wish to
    use (1 - 4). In this Dropdown box is also the option "none".
    Bizarrely you can select to enable WEP but it does not force you to
    choose a key so in a display of utter incompetence I was inputting a
    key and then leaving the chosen key to use set to "none"!!

    I can only appolgise for being such an idiot! However, still lots of
    good info so I guess it was not a total waste of time, I do feel like
    I have learned something (aside from READING THE OPTIONS more
    carefully!).

    Thanks again for all the help :)

    Gav




     
    Gav, Dec 17, 2003
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.