Sign in with
Sign up | Sign in
Your question

conundrum

Last response: in Wireless Networking
Share
Anonymous
September 26, 2005 8:05:45 PM

Archived from groups: (More info?)

I set up a small 54g wireless LAN at home a few months ago. It's got a
belkin 7130 access point, and one machine has a linksys wusb54g, which
is where the interesting things are happening.

I set the SSID as not broadcast, for the usual reasons, and usually,
trying a site survey does not show my home network. However, today,
after some problems connecting to the AP, I did a site survey, and found
my own network listed, as well as a new one in the neighbourhood
(normally, none are visible). I've had my network visible to a survey
briefly (seconds only) before, but it was visible today for a quite
extended period.

Any ideas please on why a supposedly suppressed SSID would be showing up
in the site survey?

Also, the signal strength of the 'foreign' network is actually greater
than my own (both being listed at around 40-50% in the survey). They
haven't secured it at all, and seem to be using their surname as their
SSID - a quick look in the phone book suggests they're possibly around
300m away, with a *lot* of brick walls in the line of sight to the
wusb54g (compared to own <10m, and one wall). Any idea how their signal
could be so strong relative to my own?

Could a new network cause loss of connectivity on my own? They're using
ch6, I'm on 13, so I'd have hoped things should be OK. But I've not had
extended problems before (although the transfer rates have been a bit on
the low side), and this other network seems new.......

--
Please use the corrected version of the address below for replies.
Replies to the header address will be junked, as will mail from
various domains listed at www.scottsonline.org.uk
Mike Scott Harlow Essex England.(unet -a-t- scottsonline.org.uk)

More about : conundrum

Anonymous
September 26, 2005 8:05:46 PM

Archived from groups: (More info?)

On Mon, 26 Sep 2005 16:05:45 GMT, Mike Scott
<usenet.9@spam.stopper.scottsonline.org.uk> wrote:

>Any ideas please on why a supposedly suppressed SSID would be showing up
>in the site survey?

Someone is running a range extender or repeater that is setup to
repeat anything it hears. I've seen these erratically appear on
Netstumbler while the originating access point has the SSID broadcast
turned off. I haven't investigated the exact cause.

>Could a new network cause loss of connectivity on my own? They're using
>ch6, I'm on 13, so I'd have hoped things should be OK.

No problem as you're on a radically different channel. However, you
should check for users on 11 and 12 as these might cause interference.


--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
Anonymous
September 27, 2005 2:28:21 PM

Archived from groups: (More info?)

Jeff Liebermann wrote:
> On Mon, 26 Sep 2005 16:05:45 GMT, Mike Scott
> <usenet.9@spam.stopper.scottsonline.org.uk> wrote:
>
>> Any ideas please on why a supposedly suppressed SSID would be
>> showing up in the site survey?
>
> Someone is running a range extender or repeater that is setup to
> repeat anything it hears. I've seen these erratically appear on
> Netstumbler while the originating access point has the SSID broadcast
> turned off. I haven't investigated the exact cause.
>
>> Could a new network cause loss of connectivity on my own? They're
>> using ch6, I'm on 13, so I'd have hoped things should be OK.
>
> No problem as you're on a radically different channel. However, you
> should check for users on 11 and 12 as these might cause interference.

First, you gain nothing by not broadcasting SSID. Your SSID is
contained in the data stream anyway, many wireless cards will report the
hidden SSID; and all hacking tools, umm, I meant to say wireless
diagnostic tools will report it. Wireless Zero Configuration, if you
use it, works best, if not outright required, with SSID broadcast
enabled and you are finding out that without SSID broadcasting, all bets
are off for a stable connection when other networks are in the area.

In addition, in the advanced properties of your wireless properties,
there are check boxes for "automatically connect to non-preferred
networks" and setting the type of networks to restrict. Make sure that
non-preferred networks is unchecked and that "infrastructure only" is
checked.
Related resources
Anonymous
September 27, 2005 9:34:15 PM

Archived from groups: (More info?)

Quaoar wrote:
> Jeff Liebermann wrote:
>
>>On Mon, 26 Sep 2005 16:05:45 GMT, Mike Scott
>><usenet.9@spam.stopper.scottsonline.org.uk> wrote:
>>
>>
>>>Any ideas please on why a supposedly suppressed SSID would be
>>>showing up in the site survey?
>>
>>Someone is running a range extender or repeater that is setup to
>>repeat anything it hears. I've seen these erratically appear on
>>Netstumbler while the originating access point has the SSID broadcast
>>turned off. I haven't investigated the exact cause.
>>
>>
>>>Could a new network cause loss of connectivity on my own? They're
>>>using ch6, I'm on 13, so I'd have hoped things should be OK.
>>
>>No problem as you're on a radically different channel. However, you
>>should check for users on 11 and 12 as these might cause interference.
>
>
> First, you gain nothing by not broadcasting SSID. Your SSID is
> contained in the data stream anyway, many wireless cards will report the
> hidden SSID; and all hacking tools, umm, I meant to say wireless
> diagnostic tools will report it. Wireless Zero Configuration, if you
> use it, works best, if not outright required, with SSID broadcast
> enabled and you are finding out that without SSID broadcasting, all bets
> are off for a stable connection when other networks are in the area.

Now I'm puzzled. I thought SSID b/cast was basically for the benefit of
site-survey needs: in other words, if you know the SSID, you don't need
it broadcast in order to find the network. I've not seen it mentioned
elsewhere that it is needed for normal operations. I know the SSID is
embedded in the normal data stream anyway, and so accessible. But not
broadcasting it keeps it out of the way of casual observers.

Anyway, I did I site survey from my other bridge - a belkin 7330 - in
another room. This shows a second external WLAN in the area (SSID
"belkin54g", unencrypted; I strongly suspect the owner won't have half a
clue about hacking into others' WLANs ). This 2nd WLAN has never shown
up on the linksys; indeed the WUSB54G reports signal levels generally
around 10dB lower than the belkin. I'm not sure if this is the room, or
the bridge! That other WLAN's on ch11, which is getting a bit close to
13......

>
> In addition, in the advanced properties of your wireless properties,
> there are check boxes for "automatically connect to non-preferred
> networks" and setting the type of networks to restrict. Make sure that
> non-preferred networks is unchecked and that "infrastructure only" is
> checked.

Done already; at least, the linksys monitor equivalent.

--
Please use the corrected version of the address below for replies.
Replies to the header address will be junked, as will mail from
various domains listed at www.scottsonline.org.uk
Mike Scott Harlow Essex England.(unet -a-t- scottsonline.org.uk)
Anonymous
September 28, 2005 1:43:51 PM

Archived from groups: (More info?)

Mike Scott wrote:

> Quaoar wrote:
>> Jeff Liebermann wrote:
>>
>>>Someone is running a range extender or repeater that is setup to
>>>repeat anything it hears. I've seen these erratically appear on
>>>Netstumbler while the originating access point has the SSID broadcast
>>>turned off. I haven't investigated the exact cause.
>>>
>> First, you gain nothing by not broadcasting SSID.
>
> Now I'm puzzled. I thought SSID b/cast was basically for the benefit of
> site-survey needs: in other words, if you know the SSID, you don't need
> it broadcast in order to find the network. I've not seen it mentioned
> elsewhere that it is needed for normal operations.

It's not. If Jeff's guess is right (and they usually are) this seems like a
pretty good reason, to me, to NOT broadcast the SSID. Now you have an easy
way to see if somebody's extending your signal. What you'd do about it is
up to you...
--
derek
Anonymous
September 28, 2005 1:53:59 PM

Archived from groups: (More info?)

On Wed, 28 Sep 2005 09:43:51 -0300, Derek Broughton
<news@pointerstop.ca> wrote:

>> Now I'm puzzled. I thought SSID b/cast was basically for the benefit of
>> site-survey needs:
>> in other words, if you know the SSID, you don't need
>> it broadcast in order to find the network. I've not seen it mentioned
>> elsewhere that it is needed for normal operations.

Nope. Some really dumb clients can't connect unless they hear the
SSID broadcasts. I bought a no-name PCMCIA card that did that. Even
if you knew the SSID of the access point, it still refused to connect.
However, I think this is the exception rather than the rule and really
should not be a problem with today's clients.

>It's not. If Jeff's guess is right (and they usually are)

I've been wrong before. Caveat Emptor.

>this seems like a
>pretty good reason, to me, to NOT broadcast the SSID.

In my never humble opinion, hiding the SSID is dumb. It screws up a
few clients and make interference detection complicated. For what
little security it adds, it sure makes life difficult for all
involved. It's like hiding your house address from the post office.
Normally, the mail will arrive, but it sure makes it difficult for
everyone else.

>Now you have an easy
>way to see if somebody's extending your signal. What you'd do about it is
>up to you...

It's not too difficult to sniff the traffic and see if there's a
repeater around. You'll see all the packets twice. Once going in,
and once going out. The real problem is that some repeaters (I forgot
which ones) can be set to ANY for the SSID and will regurgitate all
packets, regardless of SSID. I think this feature was invented so
that a single repeater can service multiple networks. Nice idea but
there are complications when it starts regurgitating unwanted packets.

In about 1999, I intentionally installed one of those at a high point
overlooking the downtown area. You could connect to just about any of
the dozen assorted networks. Everyone's range was magically extended
over the entire town. I thought this was cool.

Unfortunately, all the local wireless networks were also having
trouble with what appeared to be co-channel interference. Traffic was
slothish, erratic, and prone to disconnects. Turn off the repeater
and everything was back to normal. Hmmm... Well, when the repeater
literally doubles the amount of traffic in the air, adds everyone
else's traffic to the mess, and guarantees that everyone will have to
wait until the repeater is done sending, then we have interference.
The repeater lasted about 3 days and went back to playing access
point.

I'm still not sure it's a repeater that was causing the SSID to
appear, but I can't think of much else that could do it, other than a
spoofed access point or hacker.

--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
Anonymous
September 28, 2005 5:45:02 PM

Archived from groups: (More info?)

> way to see if somebody's extending your signal. What you'd do about it is
> up to you...

and with a dumb repeater, your options to do something about it are?...

a) Nothing
b) Nothing
c) Nothing

Ok, there's d) which is modify your own radio propagation so that it's
not within reach of the repeater but there's not much you can do as far
as the other person is concerned and doing this could be to the
detriment of your own service.

David.
Anonymous
September 28, 2005 5:45:03 PM

Archived from groups: (More info?)

David Taylor wrote:

>> way to see if somebody's extending your signal. What you'd do about it
>> is up to you...
>
> and with a dumb repeater, your options to do something about it are?...
>
> a) Nothing
> b) Nothing
> c) Nothing

Find the culprit and ask them to stop stealing your signal?

> Ok, there's d) which is modify your own radio propagation so that it's
> not within reach of the repeater but there's not much you can do as far
> as the other person is concerned and doing this could be to the
> detriment of your own service.
--
derek
Anonymous
September 28, 2005 8:16:04 PM

Archived from groups: (More info?)

> Find the culprit and ask them to stop stealing your signal?

But he's not stealing it, just rebroadcasting it via a pretty dumb
device.
Anonymous
September 28, 2005 8:16:05 PM

Archived from groups: (More info?)

David Taylor wrote:

>> Find the culprit and ask them to stop stealing your signal?
>
> But he's not stealing it, just rebroadcasting it via a pretty dumb
> device.

You're right, and actually phrasing it that way would put the person on the
defensive right away, so I probably shouldn't have said it even flippantly.

What I really should have said, is "find the culprit and point out to him
that he's rebroadcasting your signal - making it easier for someone _else_
to steal". Because, in all likelihood, the guy doesn't have a clue what
he's done and _isn't_ trying to steal your signal. And he may still be
trying to figure out why his repeater _isn't_ connecting to his own AP :-)

otoh, you may not even care if someone else uses it, and think it's a pretty
neat idea that your network is becoming a MAN.
--
derek
September 28, 2005 10:58:32 PM

Archived from groups: (More info?)

Jeff Liebermann <jeffl@comix.santa-cruz.ca.us> wrote:
> On Wed, 28 Sep 2005 09:43:51 -0300, Derek Broughton
> <news@pointerstop.ca> wrote:

>>> Now I'm puzzled. I thought SSID b/cast was basically for the benefit of
>>> site-survey needs:
>>> in other words, if you know the SSID, you don't need
>>> it broadcast in order to find the network. I've not seen it mentioned
>>> elsewhere that it is needed for normal operations.

> Nope. Some really dumb clients can't connect unless they hear the
> SSID broadcasts. I bought a no-name PCMCIA card that did that. Even
> if you knew the SSID of the access point, it still refused to connect.
> However, I think this is the exception rather than the rule and really
> should not be a problem with today's clients.

>>It's not. If Jeff's guess is right (and they usually are)

> I've been wrong before. Caveat Emptor.

>>this seems like a
>>pretty good reason, to me, to NOT broadcast the SSID.

> In my never humble opinion, hiding the SSID is dumb. It screws up a
> few clients and make interference detection complicated. For what
> little security it adds, it sure makes life difficult for all
> involved. It's like hiding your house address from the post office.
> Normally, the mail will arrive, but it sure makes it difficult for
> everyone else.

>>Now you have an easy
>>way to see if somebody's extending your signal. What you'd do about it is
>>up to you...

> It's not too difficult to sniff the traffic and see if there's a
> repeater around. You'll see all the packets twice. Once going in,
> and once going out. The real problem is that some repeaters (I forgot
> which ones) can be set to ANY for the SSID and will regurgitate all
> packets, regardless of SSID. I think this feature was invented so
> that a single repeater can service multiple networks. Nice idea but
> there are complications when it starts regurgitating unwanted packets.

> In about 1999, I intentionally installed one of those at a high point
> overlooking the downtown area. You could connect to just about any of
> the dozen assorted networks. Everyone's range was magically extended
> over the entire town. I thought this was cool.

> Unfortunately, all the local wireless networks were also having
> trouble with what appeared to be co-channel interference. Traffic was
> slothish, erratic, and prone to disconnects. Turn off the repeater
> and everything was back to normal. Hmmm... Well, when the repeater
> literally doubles the amount of traffic in the air, adds everyone
> else's traffic to the mess, and guarantees that everyone will have to
> wait until the repeater is done sending, then we have interference.
> The repeater lasted about 3 days and went back to playing access
> point.

> I'm still not sure it's a repeater that was causing the SSID to
> appear, but I can't think of much else that could do it, other than a
> spoofed access point or hacker.

There is one more thing,was the ssid of the non-broadcasting AP in
the clients active profile used in the the site survey?
it could cause it to appear in that clients survey but not another
configured for a different ssid..
!