conundrum

Archived from groups: (More info?)

I set up a small 54g wireless LAN at home a few months ago. It's got a
belkin 7130 access point, and one machine has a linksys wusb54g, which
is where the interesting things are happening.

I set the SSID as not broadcast, for the usual reasons, and usually,
trying a site survey does not show my home network. However, today,
after some problems connecting to the AP, I did a site survey, and found
my own network listed, as well as a new one in the neighbourhood
(normally, none are visible). I've had my network visible to a survey
briefly (seconds only) before, but it was visible today for a quite
extended period.

Any ideas please on why a supposedly suppressed SSID would be showing up
in the site survey?

Also, the signal strength of the 'foreign' network is actually greater
than my own (both being listed at around 40-50% in the survey). They
haven't secured it at all, and seem to be using their surname as their
SSID - a quick look in the phone book suggests they're possibly around
300m away, with a *lot* of brick walls in the line of sight to the
wusb54g (compared to own <10m, and one wall). Any idea how their signal
could be so strong relative to my own?

Could a new network cause loss of connectivity on my own? They're using
ch6, I'm on 13, so I'd have hoped things should be OK. But I've not had
extended problems before (although the transfer rates have been a bit on
the low side), and this other network seems new.......

--
Please use the corrected version of the address below for replies.
Replies to the header address will be junked, as will mail from
various domains listed at www.scottsonline.org.uk
Mike Scott Harlow Essex England.(unet -a-t- scottsonline.org.uk)
10 answers Last reply
More about conundrum
  1. Archived from groups: (More info?)

    On Mon, 26 Sep 2005 16:05:45 GMT, Mike Scott
    <usenet.9@spam.stopper.scottsonline.org.uk> wrote:

    >Any ideas please on why a supposedly suppressed SSID would be showing up
    >in the site survey?

    Someone is running a range extender or repeater that is setup to
    repeat anything it hears. I've seen these erratically appear on
    Netstumbler while the originating access point has the SSID broadcast
    turned off. I haven't investigated the exact cause.

    >Could a new network cause loss of connectivity on my own? They're using
    >ch6, I'm on 13, so I'd have hoped things should be OK.

    No problem as you're on a radically different channel. However, you
    should check for users on 11 and 12 as these might cause interference.


    --
    Jeff Liebermann jeffl@comix.santa-cruz.ca.us
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 http://802.11junk.com
    Skype: JeffLiebermann AE6KS 831-336-2558
  2. Archived from groups: (More info?)

    Jeff Liebermann wrote:
    > On Mon, 26 Sep 2005 16:05:45 GMT, Mike Scott
    > <usenet.9@spam.stopper.scottsonline.org.uk> wrote:
    >
    >> Any ideas please on why a supposedly suppressed SSID would be
    >> showing up in the site survey?
    >
    > Someone is running a range extender or repeater that is setup to
    > repeat anything it hears. I've seen these erratically appear on
    > Netstumbler while the originating access point has the SSID broadcast
    > turned off. I haven't investigated the exact cause.
    >
    >> Could a new network cause loss of connectivity on my own? They're
    >> using ch6, I'm on 13, so I'd have hoped things should be OK.
    >
    > No problem as you're on a radically different channel. However, you
    > should check for users on 11 and 12 as these might cause interference.

    First, you gain nothing by not broadcasting SSID. Your SSID is
    contained in the data stream anyway, many wireless cards will report the
    hidden SSID; and all hacking tools, umm, I meant to say wireless
    diagnostic tools will report it. Wireless Zero Configuration, if you
    use it, works best, if not outright required, with SSID broadcast
    enabled and you are finding out that without SSID broadcasting, all bets
    are off for a stable connection when other networks are in the area.

    In addition, in the advanced properties of your wireless properties,
    there are check boxes for "automatically connect to non-preferred
    networks" and setting the type of networks to restrict. Make sure that
    non-preferred networks is unchecked and that "infrastructure only" is
    checked.
  3. Archived from groups: (More info?)

    Quaoar wrote:
    > Jeff Liebermann wrote:
    >
    >>On Mon, 26 Sep 2005 16:05:45 GMT, Mike Scott
    >><usenet.9@spam.stopper.scottsonline.org.uk> wrote:
    >>
    >>
    >>>Any ideas please on why a supposedly suppressed SSID would be
    >>>showing up in the site survey?
    >>
    >>Someone is running a range extender or repeater that is setup to
    >>repeat anything it hears. I've seen these erratically appear on
    >>Netstumbler while the originating access point has the SSID broadcast
    >>turned off. I haven't investigated the exact cause.
    >>
    >>
    >>>Could a new network cause loss of connectivity on my own? They're
    >>>using ch6, I'm on 13, so I'd have hoped things should be OK.
    >>
    >>No problem as you're on a radically different channel. However, you
    >>should check for users on 11 and 12 as these might cause interference.
    >
    >
    > First, you gain nothing by not broadcasting SSID. Your SSID is
    > contained in the data stream anyway, many wireless cards will report the
    > hidden SSID; and all hacking tools, umm, I meant to say wireless
    > diagnostic tools will report it. Wireless Zero Configuration, if you
    > use it, works best, if not outright required, with SSID broadcast
    > enabled and you are finding out that without SSID broadcasting, all bets
    > are off for a stable connection when other networks are in the area.

    Now I'm puzzled. I thought SSID b/cast was basically for the benefit of
    site-survey needs: in other words, if you know the SSID, you don't need
    it broadcast in order to find the network. I've not seen it mentioned
    elsewhere that it is needed for normal operations. I know the SSID is
    embedded in the normal data stream anyway, and so accessible. But not
    broadcasting it keeps it out of the way of casual observers.

    Anyway, I did I site survey from my other bridge - a belkin 7330 - in
    another room. This shows a second external WLAN in the area (SSID
    "belkin54g", unencrypted; I strongly suspect the owner won't have half a
    clue about hacking into others' WLANs ). This 2nd WLAN has never shown
    up on the linksys; indeed the WUSB54G reports signal levels generally
    around 10dB lower than the belkin. I'm not sure if this is the room, or
    the bridge! That other WLAN's on ch11, which is getting a bit close to
    13......

    >
    > In addition, in the advanced properties of your wireless properties,
    > there are check boxes for "automatically connect to non-preferred
    > networks" and setting the type of networks to restrict. Make sure that
    > non-preferred networks is unchecked and that "infrastructure only" is
    > checked.

    Done already; at least, the linksys monitor equivalent.

    --
    Please use the corrected version of the address below for replies.
    Replies to the header address will be junked, as will mail from
    various domains listed at www.scottsonline.org.uk
    Mike Scott Harlow Essex England.(unet -a-t- scottsonline.org.uk)
  4. Archived from groups: (More info?)

    Mike Scott wrote:

    > Quaoar wrote:
    >> Jeff Liebermann wrote:
    >>
    >>>Someone is running a range extender or repeater that is setup to
    >>>repeat anything it hears. I've seen these erratically appear on
    >>>Netstumbler while the originating access point has the SSID broadcast
    >>>turned off. I haven't investigated the exact cause.
    >>>
    >> First, you gain nothing by not broadcasting SSID.
    >
    > Now I'm puzzled. I thought SSID b/cast was basically for the benefit of
    > site-survey needs: in other words, if you know the SSID, you don't need
    > it broadcast in order to find the network. I've not seen it mentioned
    > elsewhere that it is needed for normal operations.

    It's not. If Jeff's guess is right (and they usually are) this seems like a
    pretty good reason, to me, to NOT broadcast the SSID. Now you have an easy
    way to see if somebody's extending your signal. What you'd do about it is
    up to you...
    --
    derek
  5. Archived from groups: (More info?)

    On Wed, 28 Sep 2005 09:43:51 -0300, Derek Broughton
    <news@pointerstop.ca> wrote:

    >> Now I'm puzzled. I thought SSID b/cast was basically for the benefit of
    >> site-survey needs:
    >> in other words, if you know the SSID, you don't need
    >> it broadcast in order to find the network. I've not seen it mentioned
    >> elsewhere that it is needed for normal operations.

    Nope. Some really dumb clients can't connect unless they hear the
    SSID broadcasts. I bought a no-name PCMCIA card that did that. Even
    if you knew the SSID of the access point, it still refused to connect.
    However, I think this is the exception rather than the rule and really
    should not be a problem with today's clients.

    >It's not. If Jeff's guess is right (and they usually are)

    I've been wrong before. Caveat Emptor.

    >this seems like a
    >pretty good reason, to me, to NOT broadcast the SSID.

    In my never humble opinion, hiding the SSID is dumb. It screws up a
    few clients and make interference detection complicated. For what
    little security it adds, it sure makes life difficult for all
    involved. It's like hiding your house address from the post office.
    Normally, the mail will arrive, but it sure makes it difficult for
    everyone else.

    >Now you have an easy
    >way to see if somebody's extending your signal. What you'd do about it is
    >up to you...

    It's not too difficult to sniff the traffic and see if there's a
    repeater around. You'll see all the packets twice. Once going in,
    and once going out. The real problem is that some repeaters (I forgot
    which ones) can be set to ANY for the SSID and will regurgitate all
    packets, regardless of SSID. I think this feature was invented so
    that a single repeater can service multiple networks. Nice idea but
    there are complications when it starts regurgitating unwanted packets.

    In about 1999, I intentionally installed one of those at a high point
    overlooking the downtown area. You could connect to just about any of
    the dozen assorted networks. Everyone's range was magically extended
    over the entire town. I thought this was cool.

    Unfortunately, all the local wireless networks were also having
    trouble with what appeared to be co-channel interference. Traffic was
    slothish, erratic, and prone to disconnects. Turn off the repeater
    and everything was back to normal. Hmmm... Well, when the repeater
    literally doubles the amount of traffic in the air, adds everyone
    else's traffic to the mess, and guarantees that everyone will have to
    wait until the repeater is done sending, then we have interference.
    The repeater lasted about 3 days and went back to playing access
    point.

    I'm still not sure it's a repeater that was causing the SSID to
    appear, but I can't think of much else that could do it, other than a
    spoofed access point or hacker.

    --
    Jeff Liebermann jeffl@comix.santa-cruz.ca.us
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 http://802.11junk.com
    Skype: JeffLiebermann AE6KS 831-336-2558
  6. Archived from groups: (More info?)

    > way to see if somebody's extending your signal. What you'd do about it is
    > up to you...

    and with a dumb repeater, your options to do something about it are?...

    a) Nothing
    b) Nothing
    c) Nothing

    Ok, there's d) which is modify your own radio propagation so that it's
    not within reach of the repeater but there's not much you can do as far
    as the other person is concerned and doing this could be to the
    detriment of your own service.

    David.
  7. Archived from groups: (More info?)

    David Taylor wrote:

    >> way to see if somebody's extending your signal. What you'd do about it
    >> is up to you...
    >
    > and with a dumb repeater, your options to do something about it are?...
    >
    > a) Nothing
    > b) Nothing
    > c) Nothing

    Find the culprit and ask them to stop stealing your signal?

    > Ok, there's d) which is modify your own radio propagation so that it's
    > not within reach of the repeater but there's not much you can do as far
    > as the other person is concerned and doing this could be to the
    > detriment of your own service.
    --
    derek
  8. Archived from groups: (More info?)

    > Find the culprit and ask them to stop stealing your signal?

    But he's not stealing it, just rebroadcasting it via a pretty dumb
    device.
  9. Archived from groups: (More info?)

    David Taylor wrote:

    >> Find the culprit and ask them to stop stealing your signal?
    >
    > But he's not stealing it, just rebroadcasting it via a pretty dumb
    > device.

    You're right, and actually phrasing it that way would put the person on the
    defensive right away, so I probably shouldn't have said it even flippantly.

    What I really should have said, is "find the culprit and point out to him
    that he's rebroadcasting your signal - making it easier for someone _else_
    to steal". Because, in all likelihood, the guy doesn't have a clue what
    he's done and _isn't_ trying to steal your signal. And he may still be
    trying to figure out why his repeater _isn't_ connecting to his own AP :-)

    otoh, you may not even care if someone else uses it, and think it's a pretty
    neat idea that your network is becoming a MAN.
    --
    derek
  10. Archived from groups: (More info?)

    Jeff Liebermann <jeffl@comix.santa-cruz.ca.us> wrote:
    > On Wed, 28 Sep 2005 09:43:51 -0300, Derek Broughton
    > <news@pointerstop.ca> wrote:

    >>> Now I'm puzzled. I thought SSID b/cast was basically for the benefit of
    >>> site-survey needs:
    >>> in other words, if you know the SSID, you don't need
    >>> it broadcast in order to find the network. I've not seen it mentioned
    >>> elsewhere that it is needed for normal operations.

    > Nope. Some really dumb clients can't connect unless they hear the
    > SSID broadcasts. I bought a no-name PCMCIA card that did that. Even
    > if you knew the SSID of the access point, it still refused to connect.
    > However, I think this is the exception rather than the rule and really
    > should not be a problem with today's clients.

    >>It's not. If Jeff's guess is right (and they usually are)

    > I've been wrong before. Caveat Emptor.

    >>this seems like a
    >>pretty good reason, to me, to NOT broadcast the SSID.

    > In my never humble opinion, hiding the SSID is dumb. It screws up a
    > few clients and make interference detection complicated. For what
    > little security it adds, it sure makes life difficult for all
    > involved. It's like hiding your house address from the post office.
    > Normally, the mail will arrive, but it sure makes it difficult for
    > everyone else.

    >>Now you have an easy
    >>way to see if somebody's extending your signal. What you'd do about it is
    >>up to you...

    > It's not too difficult to sniff the traffic and see if there's a
    > repeater around. You'll see all the packets twice. Once going in,
    > and once going out. The real problem is that some repeaters (I forgot
    > which ones) can be set to ANY for the SSID and will regurgitate all
    > packets, regardless of SSID. I think this feature was invented so
    > that a single repeater can service multiple networks. Nice idea but
    > there are complications when it starts regurgitating unwanted packets.

    > In about 1999, I intentionally installed one of those at a high point
    > overlooking the downtown area. You could connect to just about any of
    > the dozen assorted networks. Everyone's range was magically extended
    > over the entire town. I thought this was cool.

    > Unfortunately, all the local wireless networks were also having
    > trouble with what appeared to be co-channel interference. Traffic was
    > slothish, erratic, and prone to disconnects. Turn off the repeater
    > and everything was back to normal. Hmmm... Well, when the repeater
    > literally doubles the amount of traffic in the air, adds everyone
    > else's traffic to the mess, and guarantees that everyone will have to
    > wait until the repeater is done sending, then we have interference.
    > The repeater lasted about 3 days and went back to playing access
    > point.

    > I'm still not sure it's a repeater that was causing the SSID to
    > appear, but I can't think of much else that could do it, other than a
    > spoofed access point or hacker.

    There is one more thing,was the ssid of the non-broadcasting AP in
    the clients active profile used in the the site survey?
    it could cause it to appear in that clients survey but not another
    configured for a different ssid..
Ask a new question

Read More

Configuration Wireless Lan Wireless Networking