Straightforward out-of-the-box solution for extending WiFi range

Discussion in 'Wireless Internet' started by Danny D'Amico, Dec 13, 2013.

  1. Danny D'Amico

    Char Jackson Guest

    Could you talk a little more about how this is problematic? For example, do
    you only run into problems when administering two or more units, and if so,
    isn't there an easy way to differentiate one unit from another so you always
    know which unit you're accessing? I haven't played with any ubnt equipment
    but I'm very impressed by what I've read.
     
    Char Jackson, Dec 26, 2013
    1. Advertisements

  2. Danny D'Amico

    DevilsPGD Guest

    In the last episode of <>,
    The issue is more that when a mobile device jumps from one access point
    to another (with the same SSID), it'll attempt to re-use it's existing
    IP and ARP the default gateway. If the default gateway has the expected
    MAC address it's assumed to be the same network and the device can
    proceed as though nothing changed.

    If the APR test succeeds, the total network interruption time is that of
    one ARP lookup, which is probably on the order of 100ms-200ms, which is
    barely noticed by the user. Small networks will be even faster,
    obviously.

    If the ARP fails, or returns a different MAC address, the device will
    silently drop it's IP and start a new DHCP request. This is fine, but it
    will cause a momentary interruption in traffic from the user's
    perspective, possibly lasting long enough to generate application level
    errors. In this case, using a different SSID is better because a smart
    device may track past DHCP allocations and use the quick-start process
    described above when returning to a SSID it recognizes, within it's
    original DHCP lifespan.
     
    DevilsPGD, Dec 26, 2013
    1. Advertisements

  3. I'm not sure what version of software people here are talking about but
    one of the local churches uses Unify access points. They installed the
    software on one of their file servers since they are powered on 7/24.

    The controlling software let them import a drawings of the building
    which is multi-story and comprises approximately 60 rooms. Icons of the
    devices were placed on the drawings by the program/user showing where
    each AP was installed. Now they just click on the icon in question and
    are able to control just the device they need to when problems turn up
    or they want to update an individual AP wireless password.

    They use the logging features to check on the younger crowd to verify
    that the network is not being used to visit or download stuff that the
    church elders are against. Mostly they just check for accidental visits
    or redirects to porn sites which they then block using other parts of
    the software.

    I believe they also use the software to schedule "outages" on the
    network in areas of the building that have regularly scheduled sermons.
    I guess they don't want the competition from the wireless sites while
    they preach to the masses...

    It's also nice that the devices they choose to use all look like round
    fire alarms so they tend to blend in with the rest of the stuff on the
    ceilings and walls.

    For those who just want to set up a device or two the software makes
    configuring the devices quite easy from what I've seen. Once you set
    things up you can actually power off the controlling software and the
    devices will continue to function just fine using the configuration
    stored in each device, just like any other AP. One does not need to use
    the "management" parts of the software if you have no need or reason to
    keep watch on things. Just power it up when changes are needed and
    power it back off when it's not needed.
     
    GlowingBlueMist, Dec 26, 2013
  4. Danny D'Amico

    Char Jackson Guest

    Thanks, GBM. That certainly seems to be straightforward. I've got to get
    some of this stuff and play with it when I get a chance. I don't have any
    current problems to solve, but it's nice to have tools in the toollbox for
    times when they're needed.
     
    Char Jackson, Dec 27, 2013
  5. Danny D'Amico

    miso Guest

    Most linux OSs have a gui so as to avoid the iws type commands. KDE for
    sure. I haven't run gnome in a long time.

    We've been through this before on the forum, and it is monitor mode. I
    already forgot the difference with promiscuous mode.

    If you are going to connect to the access point, there is no need to be
    stealthy. Well presuming you aren't hacking.

    The deal with Kismet is you fire it up and let it log for a long time.
    Some people turn off their routers routinely. Or they turn off their
    router if leaving town for a while. Site surveys in theory should be
    something you do in 5 minutes, though in 5 minutes you can often spot a
    lot of problems.

    Obviously the kismet logging is more useful when mobile, especially with
    the GPS daemon running.

    Once you have run kismet, netstumbler will seem kind of silly. To my
    recollection, netstumbler doesn't even see wifi probing, unless it has
    been modified. The probe is a way of alerting you that there are wifi
    clients within range, even if not connected to an access point. The vast
    majority of the public just leaves wifi enabled all the time, so as soon
    as they turn on a notebook or phone, they start to look for previous
    access points. I've been tempted to set up my notebook to look like a
    starbucks SSID, park by a busy but not too fast road (or any urban
    highway during rush hour) and see how many phones will try to connect to
    me. I'm sure this had been done already.

    I suspect there is a DoD version of Kismet just to find illegal wifi on
    base. Supposedly no DoD network can have wifi, though there are
    exceptions. Some bases have an wifi scheme where aircraft mechanics can
    request parts via wifi. And of course the BX/PX can have wifi. But that
    5.8GHz wifi is just too close to UAV frequencies. If you search of WIPS
    versus WISP, you can see the detection toys. (Wireless intrusion
    protection system)
     
    miso, Dec 27, 2013
  6. Danny D'Amico

    miso Guest


    Most devices that you put on the main these days have offline switchers.
    They just square up the voltage on the mains (which could be PG&E or
    your inverter). But the flat pulses out of the inverter stress
    components more than the clean sine wave. So you might fry the power
    supply. You will find people who swear this isn't a problem, and you
    will find people that have fried gear with a cheap inverter. It is a
    matter of running into a device that can't take the strain. [Not
    everybody gets a breaded rat in their KFC, but it does happen.]

    If you have a old isolation transformer, which were common in the days
    of analog TV, you can run the cheap ass inverter into the isolation
    transformer. It will buzz a bit, and the output is just less ugly, not
    really a sine wave.

    I finally got to the point where I bought a good pure sine inverter so
    if I need to use an expensive instrument in the field, I have suitable
    power. The so called 12V market is kind of limited in selection.

    There are inverter generators that are pretty quiet. Yahama and Honda
    make them. They have true sine inverters on them. I really wish some
    forward thinking SUV and/or truck manufacturer would just put one in the
    engine compartment. Kind of like a APU in a tractor-trailer rig.
     
    miso, Dec 27, 2013
  7. Danny D'Amico

    miso Guest

    Nagios is the one that comes on most linux distributions. The number of
    plugins is extensive, and more entertaining are the functions. For
    instance, some can detect if one of your employees has plugged in a game
    server. Back in the day, putting Doom on the company network was
    standard procedure in the valley.
     
    miso, Dec 27, 2013
  8. Danny D'Amico

    miso Guest

    Somewhere buried on the Google Code website is a program that converts
    kismet log geocoordinates to KML.
     
    miso, Dec 27, 2013
  9. <http://airsnort.shmoo.com/faq.html#Q3>
    Basically, you do NOT need to connect to an AP in order to sniff
    traffic in monitor mode. In promiscuous mode, you need to be
    connected. More:
    <http://en.wikipedia.org/wiki/Monitor_mode>
    DD-WRT and Kismet Drone:
    <http://www.dd-wrt.com/wiki/index.php/Kismet_Server/Drone>
    <http://www.supertechguy.com/help/security/kismet-drone>
    <https://www.sans.org/reading-room/w...nexpensive-wireless-ids-kismet-openwrt-33103>
     
    Jeff Liebermann, Dec 27, 2013
  10. Jeff Liebermann, Dec 27, 2013
  11. Danny D'Amico

    miso Guest

    Of course...pykismetkml...a name at the tip of my tongue!

    On usb, the gpsd daemon is pretty good. It was kind of ugly in the
    serial port days.

    Lots of interesting SSIDs out there.
    FBISURVEILLANCEVAN
    all sorts of names with virus in them
    names not to be used in polite company
    star trek themes galore, but Klingon based names are the most popular
    and of course
    CLICKHEREMOM

    I gave a demo of Kismet at 4th street Peets in Berkeley. You would be
    amazed at how fast people put away a computer when you say "I see a
    Macbook just signed on." You can also sniff the wifi on the AC Transit
    buses.

    Wireless security could be an oxymoron. I work at putting out a crappy
    signal. Put the router as low as possible. Adjust the timing to make
    long distance reception difficult. While we don't have basements around
    here, there is no shortage of pimple faced kids with all summer to hack
    you.
     
    miso, Dec 27, 2013
  12. Maybe PyKismetKML sounds better.
    You left out the most popular default SSID's. linksys, dlink,
    change me, Free Public Wifi, hpsetup, default, wireless, etc.
    This should be fun to install at the local coffee shop. It's running
    DriftNet or EtherPEG:
    <http://freegeekvancouver.blogspot.com/2011/06/another-hack-wiretap-picture-frame.html>
    <http://www.ex-parrot.com/~chris/driftnet/>
    Finally, something we can agree on. The very concept of a pre-shared
    key reeks of security problems.
    I'm old skool and prefer wiretap (ethertap), social engineering, and
    physical security hacks. For the holidays, I bought myself a lock
    pick set, but either I misplaced it or someone stole it before I had a
    chance to try it. Sigh.
     
    Jeff Liebermann, Dec 27, 2013
  13. Danny D'Amico

    DevilsPGD Guest

    In the last episode of <>,
    I've wondered if there's any access point out there that can handle a
    larger number of SSIDs mapped to a single VLAN (along with 1-2 others
    that are mapped to their own VLAN)?

    Ideally I'd have one secured internal, one mixed internal-guest, and one
    honeypot with a bunch of SSIDs on it, all the public ones I can think
    of.

    Unfortunately the gear I can find only handles 4-8 SSIDs, which isn't
    quite enough for all the defaults I can think of plus whatever others I
    discover (linksys, dlink, Free Public Wifi, default, Apple Store,
    shawopen, guest, plus whatever Tim Hortons and McDonalds use)

    Why? For giggles :) But I'll be nice and provide a bit of free
    connectivity on these SSIDs.
     
    DevilsPGD, Dec 28, 2013
  14. Danny D'Amico

    miso Guest

    Driftnet sounds like a winner. You'd probably have to use it at a coffee
    house near a college or high school to actually catch anything. I've
    sent the occasion hot chick in the coffee shop photo to a friend, but
    I'm on BIS, which makes me sniff proof.

    BTW, rather than using things like puppy linux, which kind of dead ends,
    Suse made JEOS. It is also on Opensuse, the free Suse. JEOS stands for
    "just enough operating system." I've used it on Arm. Since Redhat ended
    up being the defacto server platform, Suse ended up in cash registers
    and other embedded products. As a money machine, Redhat looks
    unbeatable. Suse is about a quarter the size.

    Is there a universal way to get wifi cam video?
     
    miso, Dec 28, 2013
  15. Is 16 radios, 2 bands, and about 1000 users enough?
    <http://www.xirrus.com/Products/Wireless-Arrays/Product-Comparison>
    VLAN support can be per user, which allows for some load balancing
    (useful for sports events, auditoriums, events, etc). You can put
    priority users on a fast VLAN, and dump visitors on a slow VLAN.
    However, normally there's each SSID is mapped to a separate VLAN. I
    think (not sure) that each VLAN will support either 2 or 4 SSID's, but
    I'm too lazy to dig for the specifics.

    You don't want to know the price. (Old price list):
    Yep, that's exactly what it does.
    Sigh. I've created a monster.
    I think that is called the start of a "man in the middle" exploit. Has
    some my evil intentions and diabolical schemes rubbed off on you?
     
    Jeff Liebermann, Dec 28, 2013
  16. You mean like a standard? Fat chance. I have to monitor a few
    security cameras at mountain top radio sites. I haven't seen anything
    that looks like a usable standard. To screw things up, quite a few
    security camera servers use some kind of Microsoft API that requires
    installing an Active X control and Internet Exploder to view. Retch.
    Of the more sane protocols, Motion JPG and AVI seem to be the most
    popular among the security cameras. For HDTV, there's various
    mutations of MPEG-4. For every video CODEC, there's a camera server
    vendor that will try to stream it.

    As an added bonus, most video CODEC's are rate adaptive in that they
    will adjust their frame rate or compression level to accomodate
    variations in channel bandwidth. What that really means is that no
    matter what the available bandwidth, the video server will try to take
    it all.

    So, what are you trying to accomplish?
     
    Jeff Liebermann, Dec 28, 2013
  17. Danny D'Amico

    miso Guest

    Accomplish? Just look at unencrypted wifi video in the aether.

    I got a wifi cam at a local surplus shop. [Buried in a closest someplace
    else I would tell you the make and model.] It required active X and IE,
    and was a pain in the ass to get going on win7. I didn't even attempt
    wine. $5 was nice, but what I really liked is you could screw in any
    c-mount lens.
     
    miso, Dec 28, 2013
  18. Danny D'Amico

    DevilsPGD Guest

    In the last episode of <>,
    And that's why I won't be buying one... *sigh*
    I'll likely just live with 3 SSIDs, one for the internal network, one
    for guests that can manage to enter a password correctly, and one that's
    insecure and only allows time-limited connectivity unless I approve the
    MAC address (mostly for the kids' visitors and other short-term visits)

    We live on a large property and I'll eventually end up putting in some
    outdoor gear to cover the driveway down to the road as that dip has no
    mobile coverage and it's a pain to be unable to pull up a map or driving
    directions during the first 45 seconds of a trip.
    Naa, this isn't a new dream. But the hardware is cost prohibitive for
    giggles.
    The worst I'd do would be the old "flip images using a transparent
    proxy" trick, I have no real evil intentions beyond that. However, we do
    have a pullout from a major road that gets frequently used for phone
    calls, I'm actually already in talks with our cable company to put in
    wifi coverage down there, if that falls through, I might do it myself to
    be neighbourly (and yes, I understand the risks of running open wifi)
     
    DevilsPGD, Dec 28, 2013
  19. Also, you seem to have missed my last message on SNMP.
    <https://groups.google.com/forum/message/raw?msg=alt.internet.wireless/fMLTzEHlzE8/B_-qhgqAXGcJ>
    You can't do much with the free version of PRTG, but it's an easy
    start. If not, go find another MIB browser.
    <http://www.ireasoning.com/mibbrowser.shtml>
    or SNMP graphing program.
    <http://oss.oetiker.ch/mrtg/>
    If you have a web server handy, use RRDTool and a template for Cacti
    such as:
    <http://docs.cacti.net/usertemplate:host:scgrab:ubiquiti>
    <http://community.ubnt.com/t5/airMax...acti-Host-template-for-AirOS-5-5/td-p/331019>
    Note that the Ubiquiti supplied MIB for the various models is rather
    limited, but does work for most common things. The rest will need to
    be scraped from various configuration web page until Ubiquiti decides
    to update the MIBs.

    Or, you can have someone else do the monitoring for you:
    <http://www.odmon.com>
    Useless for troubleshooting a broken internet link because the data
    goes over the internet.
    With SNMP, I don't believe that he needs your admin password. The
    SNMP read and write community name acts as a password.
    Most WISP's use SNMP in some form for remote management and
    monitoring. You might ask him what software (probably Nagios) he's
    using.
     
    Jeff Liebermann, Dec 29, 2013
  20. Danny D'Amico

    miso Guest

    BTW, Fry's is stocking Engenius if you want the "pro" stuff. Personally
    if it doesn't have open source firmware, I have no interest in the product.

    The Engenius products are on the end of an isle, which usually but not
    always means the manufacturer is paying the store to carry the product.
    Remember the Fry's brothers know grocery store marketing techniques.
    Stuff like the impulse buy isle.
     
    miso, Jan 2, 2014
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.