Sign in with
Sign up | Sign in
Your question

School's wireless network

Last response: in Wireless Networking
Share
September 22, 2004 7:22:42 PM

Archived from groups: (More info?)

I have no clue what I'm doing with our school's wireless network but
since I have more knowledge than anyone else at our school as far as
computers are concerned, I got roped into being our "tech" guy. We
have no encryption set up, and have two Cisco Aironet 1200 series
AP's. Our school is located in an affluent neighborhood and there are
several wireless systems set up in people's homes. Yesterday all of a
sudden you could watch the AP's and it looked like Christmas cause the
green lights were just blinking like mad! I'm guessing that that
means that our system is getting pounded. This effected our lab
computers and they all lost their internet access and none of the
school's wireless laptops could access the internet, although all of
them showed in Win XP wireless monitors that they had excellent
connections. I don't know if this is too much info, or not nearly
enough, but if someone could ask me more questions, or give me an idea
of what to look at, I and my school would GREATLY appreciate it!

Thanks!
Anonymous
a b F Wireless
September 22, 2004 10:44:53 PM

Archived from groups: (More info?)

If you have no security setup you will be pounded by anyone in the area.
I suggest you set up a SSID, don't broadcast it, enable WPA if available on
the routers (or at least WEP if no WPA).
These steps won't protect you from dedicated hackers, but it will stop the
innocent logging on by anyone in the area.

"Blah" <blah@blah.com> wrote in message
news:gvq3l051t87gv2pmnuj7tttgb2lcrdqc2e@4ax.com...
>I have no clue what I'm doing with our school's wireless network but
> since I have more knowledge than anyone else at our school as far as
> computers are concerned, I got roped into being our "tech" guy. We
> have no encryption set up, and have two Cisco Aironet 1200 series
> AP's. Our school is located in an affluent neighborhood and there are
> several wireless systems set up in people's homes. Yesterday all of a
> sudden you could watch the AP's and it looked like Christmas cause the
> green lights were just blinking like mad! I'm guessing that that
> means that our system is getting pounded. This effected our lab
> computers and they all lost their internet access and none of the
> school's wireless laptops could access the internet, although all of
> them showed in Win XP wireless monitors that they had excellent
> connections. I don't know if this is too much info, or not nearly
> enough, but if someone could ask me more questions, or give me an idea
> of what to look at, I and my school would GREATLY appreciate it!
>
> Thanks!
Anonymous
a b F Wireless
September 22, 2004 10:44:54 PM

Archived from groups: (More info?)

How is this set up? Via the router, or do I actually go to the IP of
the AP's much like a router? How about if I don't know the IP of the
AP's, is there a way to find this? These were set up before my time at
the school. Our school is in an extremely out of the way location, so
it really wouldn't benefit anyone to come up to our school just for free
wifi, but I would like it to run correctly. Thanks for your help!

Alan White wrote:
> If you have no security setup you will be pounded by anyone in the area.
> I suggest you set up a SSID, don't broadcast it, enable WPA if available on
> the routers (or at least WEP if no WPA).
> These steps won't protect you from dedicated hackers, but it will stop the
> innocent logging on by anyone in the area.
>
> "Blah" <blah@blah.com> wrote in message
> news:gvq3l051t87gv2pmnuj7tttgb2lcrdqc2e@4ax.com...
>
>>I have no clue what I'm doing with our school's wireless network but
>>since I have more knowledge than anyone else at our school as far as
>>computers are concerned, I got roped into being our "tech" guy. We
>>have no encryption set up, and have two Cisco Aironet 1200 series
>>AP's. Our school is located in an affluent neighborhood and there are
>>several wireless systems set up in people's homes. Yesterday all of a
>>sudden you could watch the AP's and it looked like Christmas cause the
>>green lights were just blinking like mad! I'm guessing that that
>>means that our system is getting pounded. This effected our lab
>>computers and they all lost their internet access and none of the
>>school's wireless laptops could access the internet, although all of
>>them showed in Win XP wireless monitors that they had excellent
>>connections. I don't know if this is too much info, or not nearly
>>enough, but if someone could ask me more questions, or give me an idea
>>of what to look at, I and my school would GREATLY appreciate it!
>>
>>Thanks!
>
>
>
Related resources
Anonymous
a b F Wireless
September 23, 2004 2:07:07 AM

Archived from groups: (More info?)

"Blah" <blah@blah.com> wrote in message
news:gvq3l051t87gv2pmnuj7tttgb2lcrdqc2e@4ax.com...
>I have no clue what I'm doing with our school's wireless network but
> since I have more knowledge than anyone else at our school as far as
> computers are concerned, I got roped into being our "tech" guy. We
> have no encryption set up, and have two Cisco Aironet 1200 series
> AP's. Our school is located in an affluent neighborhood and there are
> several wireless systems set up in people's homes. Yesterday all of a
> sudden you could watch the AP's and it looked like Christmas cause the
> green lights were just blinking like mad! I'm guessing that that
> means that our system is getting pounded. This effected our lab
> computers and they all lost their internet access and none of the
> school's wireless laptops could access the internet, although all of
> them showed in Win XP wireless monitors that they had excellent
> connections. I don't know if this is too much info, or not nearly
> enough, but if someone could ask me more questions, or give me an idea
> of what to look at, I and my school would GREATLY appreciate it!
>
> Thanks!

Why not try to get one of the parents with wireless setup in their home to
help you? Or how about the high school computer guru from the student body?
Or as another poster recommended, maybe some guideance from another school
who is ahead of you. Finally, some schools have linkages with local
businesses who "adopt a school". If such exists for your school, talk to
the business's computer help for assistance.

What city are you in? Maybe someone will see this and offer some help.

--
Bob Alston

bobalston9 AT aol DOT com


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.767 / Virus Database: 514 - Release Date: 9/21/2004
Anonymous
a b F Wireless
September 23, 2004 2:50:03 AM

Archived from groups: (More info?)

"Blah" <blah@blah.com> wrote in message
news:gvq3l051t87gv2pmnuj7tttgb2lcrdqc2e@4ax.com...
> I have no clue what I'm doing with our school's wireless network but
> since I have more knowledge than anyone else at our school as far as
> computers are concerned, I got roped into being our "tech" guy. We
> have no encryption set up, and have two Cisco Aironet 1200 series
> AP's. Our school is located in an affluent neighborhood and there are
> several wireless systems set up in people's homes. Yesterday all of a
> sudden you could watch the AP's and it looked like Christmas cause the
> green lights were just blinking like mad! I'm guessing that that
> means that our system is getting pounded. This effected our lab
> computers and they all lost their internet access and none of the
> school's wireless laptops could access the internet, although all of
> them showed in Win XP wireless monitors that they had excellent
> connections. I don't know if this is too much info, or not nearly
> enough, but if someone could ask me more questions, or give me an idea
> of what to look at, I and my school would GREATLY appreciate it!
>
> Thanks!

GIYF:
http://www.cisco.com/en/US/netsol/ns339/ns395/ns176/ns1...

HTH.

William
Anonymous
a b F Wireless
September 23, 2004 5:26:09 AM

Archived from groups: (More info?)

Hiding the SSID will not stop hackers. It is a waste of time doing that as
it is easy to discover it. Using WPA will prevent unauthorized access. WEP
is the next best thing, but WPA is far superior.

Jeff


"Alan White" <alanwhite@hotmail.com> wrote in message
news:Bfn4d.17452$bL1.903919@news20.bellglobal.com...
> If you have no security setup you will be pounded by anyone in the area.
> I suggest you set up a SSID, don't broadcast it, enable WPA if available
> on the routers (or at least WEP if no WPA).
> These steps won't protect you from dedicated hackers, but it will stop the
> innocent logging on by anyone in the area.
>
> "Blah" <blah@blah.com> wrote in message
> news:gvq3l051t87gv2pmnuj7tttgb2lcrdqc2e@4ax.com...
>>I have no clue what I'm doing with our school's wireless network but
>> since I have more knowledge than anyone else at our school as far as
>> computers are concerned, I got roped into being our "tech" guy. We
>> have no encryption set up, and have two Cisco Aironet 1200 series
>> AP's. Our school is located in an affluent neighborhood and there are
>> several wireless systems set up in people's homes. Yesterday all of a
>> sudden you could watch the AP's and it looked like Christmas cause the
>> green lights were just blinking like mad! I'm guessing that that
>> means that our system is getting pounded. This effected our lab
>> computers and they all lost their internet access and none of the
>> school's wireless laptops could access the internet, although all of
>> them showed in Win XP wireless monitors that they had excellent
>> connections. I don't know if this is too much info, or not nearly
>> enough, but if someone could ask me more questions, or give me an idea
>> of what to look at, I and my school would GREATLY appreciate it!
>>
>> Thanks!
>
>
Anonymous
a b F Wireless
September 23, 2004 5:33:10 AM

Archived from groups: (More info?)

"Blah" <blah@blah.com> wrote in message
news:gvq3l051t87gv2pmnuj7tttgb2lcrdqc2e@4ax.com...
>I have no clue what I'm doing with our school's wireless network but
> since I have more knowledge than anyone else at our school as far as
> computers are concerned, I got roped into being our "tech" guy.

I know the feeling. Too bad you never had any Armed Forces training. I
went to the Army, then school, then to teaching.

In the Army I learned quite quickly-- never volunteer. As a teacher, I've
stuck by this credo. The more you do, the more someone else wants you to do
his or her job. It's rather disgusting.

As far as a wireless set up, I'm sorry, but I can't help you. I have a
wireless set up here at home and one thing you absolutely have to do is to
set secure the wireless.

If I were you I'd certainly be calling around to other schools and seeing
what other "tech" guys (or gals) have to say.

Schools work this way. Someone ropes (to quote a phrase) someone else into
taking on an assignment above and beyond what it is your duty to do. Then
no one wants to help or give guidance.

Sorry for the partial OT but I know how you feel. I've been teaching in the
Cleveland Public Schools now for nearly 20 years. I've seen this kind of
thing happen over and over and over. To play it safe, I just do what I'm
supposed to do, nothing more and nothing less.

Good luck with your new assignment and I hope things work out well for you.

Alanb
Anonymous
a b F Wireless
September 23, 2004 2:29:38 PM

Archived from groups: (More info?)

"Blah" <blah@blah.com> wrote in message
news:gvq3l051t87gv2pmnuj7tttgb2lcrdqc2e@4ax.com...
> I have no clue what I'm doing with our school's wireless network but
> since I have more knowledge than anyone else at our school as far as
> computers are concerned, I got roped into being our "tech" guy. We
> have no encryption set up, and have two Cisco Aironet 1200 series
> AP's.

Blah: Here's Cisco's page for the 1200.

http://www.cisco.com/en/US/products/hw/wireless/ps430/p...

Here's the 1200 FAQ. Down toward the bottom is a section on password
recovery if you don't know the password someone might have set it up with:

http://www.cisco.com/en/US/products/hw/wireless/ps430/p...


Our school is located in an affluent neighborhood and there are
> several wireless systems set up in people's homes. Yesterday all of a
> sudden you could watch the AP's and it looked like Christmas cause the
> green lights were just blinking like mad! I'm guessing that that
> means that our system is getting pounded. This effected our lab
> computers and they all lost their internet access and none of the
> school's wireless laptops could access the internet, although all of
> them showed in Win XP wireless monitors that they had excellent
> connections. I don't know if this is too much info, or not nearly
> enough, but if someone could ask me more questions, or give me an idea
> of what to look at, I and my school would GREATLY appreciate it!
>
> Thanks!

You've got to get into the AP's and set a unique security code, either WEP
or WPA, to isolate them from the surrounding neighborhood. Once you do that,
there's a nice, basic little program I found called Wireless Watch 2.0 that
will show you if someone ever comes onto your network. I'm sure that the
ubergeeks out there could find 100 ways around it but at least it will
basically tell you that things are safe with your WLAN. You can try it for
30 days then I thinks it's around 30 bucks to buy a license. Here's a review
of the program:

http://www.onlinesecurity.com/Community_Forum/Community...

Good luck. If you can get into the AP and set up the proper security so you
can isolate it, most of your battle will be won.
Anonymous
a b F Wireless
September 23, 2004 2:55:29 PM

Archived from groups: (More info?)

On Wed, 22 Sep 2004 15:22:42 -0600, Blah <blah@blah.com> wrote:

>We have no encryption set up, and have two Cisco Aironet 1200 series
>AP's.

Various people have suggested enabling encryption (WEP/WPA). This is
a good idea but largely useless on a skool wireless system that is
accessed by students. The problem is that the WEP key or WPA pass
phrase has to be known by every user of the system. Pass that out to
all the students and fairly soon the whole world will know the
password. In short, encryption is useless for public access WLAN's.

What you need is some kind of authorization and authentication system
for the network. Kerberos is one example. Such systems are resident
on a network server and control access to the network, not the
wireless access points. Random wireless users can associate with the
access points, but can't see anything on the network until they login
and authenticate.

I'm not terribly familiar with such systems as I don't often get into
this part of the puzzle. I suggest you speak with other skools that
have similar systems and ask them what they are using to control
access. Methinks you'll need to look at your network security as a
whole, and not just the wireless part. Perhaps some readers here have
experience and suggestions.

Now, back to the original problem. The light show on the wireless
side may be due to a worm or virus on your network or on a wireless
device (laptop). These tend to spray large quantities of broadcasts
looking for other machines to infect. Lots of ways to identify and
isolate the culprit, but the quickest is to uplug the ethernet cables
from each port on the central switch the light show magically stops.
It also might be one of the neighbors using the school system for
their personal broadband ISP. (Why subscribe to ADSL or cable modem
when you can just use the schools system for free?)

Incidentally, since you volunteered for this, get used to looking at
the lights so that you know how "normal" should appear. The lights
offer quite a bit of diagnostic information that is easily visible
without diagnostic software. For example, if ALL the lights on a
switch flash in unison, that's a broadcast packet doing that. If one
light is continuously flashing, there's quite a bit of traffic going
to/from that port. Two lights flashing somewhat in unison means that
there's quite a bit of traffic going between those two ports. An
abnormal light pattern will be your first indication of a problem.


--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558
Anonymous
a b F Wireless
September 23, 2004 3:09:22 PM

Archived from groups: (More info?)

"Bob Schmidt" <Smitty@telecom.SPAMNET> wrote in message
news:l5B4d.83$9M4.3122@news20.bellglobal.com...
>
> "Blah" <blah@blah.com> wrote in message
> news:gvq3l051t87gv2pmnuj7tttgb2lcrdqc2e@4ax.com...
>> I have no clue what I'm doing with our school's wireless network but
>> since I have more knowledge than anyone else at our school as far as
>> computers are concerned, I got roped into being our "tech" guy. We
>> have no encryption set up, and have two Cisco Aironet 1200 series
>> AP's.
>
> Blah: Here's Cisco's page for the 1200.
>
> http://www.cisco.com/en/US/products/hw/wireless/ps430/p...
>
> Here's the 1200 FAQ. Down toward the bottom is a section on password
> recovery if you don't know the password someone might have set it up with:
>
> http://www.cisco.com/en/US/products/hw/wireless/ps430/p...
>
>
> Our school is located in an affluent neighborhood and there are
>> several wireless systems set up in people's homes. Yesterday all of a
>> sudden you could watch the AP's and it looked like Christmas cause the
>> green lights were just blinking like mad! I'm guessing that that
>> means that our system is getting pounded. This effected our lab
>> computers and they all lost their internet access and none of the
>> school's wireless laptops could access the internet, although all of
>> them showed in Win XP wireless monitors that they had excellent
>> connections. I don't know if this is too much info, or not nearly
>> enough, but if someone could ask me more questions, or give me an idea
>> of what to look at, I and my school would GREATLY appreciate it!
>>
>> Thanks!
>
> You've got to get into the AP's and set a unique security code, either WEP
> or WPA, to isolate them from the surrounding neighborhood. Once you do
> that,
> there's a nice, basic little program I found called Wireless Watch 2.0
> that
> will show you if someone ever comes onto your network. I'm sure that the
> ubergeeks out there could find 100 ways around it but at least it will
> basically tell you that things are safe with your WLAN. You can try it for
> 30 days then I thinks it's around 30 bucks to buy a license. Here's a
> review
> of the program:
>
> http://www.onlinesecurity.com/Community_Forum/Community...
>
> Good luck. If you can get into the AP and set up the proper security so
> you
> can isolate it, most of your battle will be won.
>
>
Very nice little utility!

--
Bob Alston

bobalston9 AT aol DOT com


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.767 / Virus Database: 514 - Release Date: 9/21/2004
Anonymous
a b F Wireless
September 23, 2004 9:17:06 PM

Archived from groups: (More info?)

That is a sad attitude. I am thankful that people in my company and
teachers at my children's public school do not have that kind of attitude.

Jeff


"Alan Bernardo" <master@oforion.net> wrote in message
news:qJp4d.5926$He1.5182@attbi_s01...
>
> "Blah" <blah@blah.com> wrote in message
> news:gvq3l051t87gv2pmnuj7tttgb2lcrdqc2e@4ax.com...
>>I have no clue what I'm doing with our school's wireless network but
>> since I have more knowledge than anyone else at our school as far as
>> computers are concerned, I got roped into being our "tech" guy.
>
> I know the feeling. Too bad you never had any Armed Forces training. I
> went to the Army, then school, then to teaching.
>
> In the Army I learned quite quickly-- never volunteer. As a teacher, I've
> stuck by this credo. The more you do, the more someone else wants you to
> do his or her job. It's rather disgusting.
>
> As far as a wireless set up, I'm sorry, but I can't help you. I have a
> wireless set up here at home and one thing you absolutely have to do is to
> set secure the wireless.
>
> If I were you I'd certainly be calling around to other schools and seeing
> what other "tech" guys (or gals) have to say.
>
> Schools work this way. Someone ropes (to quote a phrase) someone else
> into taking on an assignment above and beyond what it is your duty to do.
> Then no one wants to help or give guidance.
>
> Sorry for the partial OT but I know how you feel. I've been teaching in
> the Cleveland Public Schools now for nearly 20 years. I've seen this kind
> of thing happen over and over and over. To play it safe, I just do what
> I'm supposed to do, nothing more and nothing less.
>
> Good luck with your new assignment and I hope things work out well for
> you.
>
> Alanb
>
September 23, 2004 9:17:34 PM

Archived from groups: (More info?)

It seems that you have to contact Cisco since the default settings had
been changed, such as the default IP address and SSID. Or you have
to find the people who sold AP to your school. It is easy to be done if
you get the AP's IP address. But you have to inform the laptop/wireless
users that your wireless network has been encrypted and the WEP key
or PSK as well.

"coconut" <nospambaby@despaminize.com> wrote in message
news:10l41s9dushs57d@corp.supernews.com...
> How is this set up? Via the router, or do I actually go to the IP of
> the AP's much like a router? How about if I don't know the IP of the
> AP's, is there a way to find this? These were set up before my time at
> the school. Our school is in an extremely out of the way location, so
> it really wouldn't benefit anyone to come up to our school just for free
> wifi, but I would like it to run correctly. Thanks for your help!
>
> Alan White wrote:
> > If you have no security setup you will be pounded by anyone in the area.
> > I suggest you set up a SSID, don't broadcast it, enable WPA if available
on
> > the routers (or at least WEP if no WPA).
> > These steps won't protect you from dedicated hackers, but it will stop
the
> > innocent logging on by anyone in the area.
> >
> > "Blah" <blah@blah.com> wrote in message
> > news:gvq3l051t87gv2pmnuj7tttgb2lcrdqc2e@4ax.com...
> >
> >>I have no clue what I'm doing with our school's wireless network but
> >>since I have more knowledge than anyone else at our school as far as
> >>computers are concerned, I got roped into being our "tech" guy. We
> >>have no encryption set up, and have two Cisco Aironet 1200 series
> >>AP's. Our school is located in an affluent neighborhood and there are
> >>several wireless systems set up in people's homes. Yesterday all of a
> >>sudden you could watch the AP's and it looked like Christmas cause the
> >>green lights were just blinking like mad! I'm guessing that that
> >>means that our system is getting pounded. This effected our lab
> >>computers and they all lost their internet access and none of the
> >>school's wireless laptops could access the internet, although all of
> >>them showed in Win XP wireless monitors that they had excellent
> >>connections. I don't know if this is too much info, or not nearly
> >>enough, but if someone could ask me more questions, or give me an idea
> >>of what to look at, I and my school would GREATLY appreciate it!
> >>
> >>Thanks!
> >
> >
> >
Anonymous
a b F Wireless
September 23, 2004 10:19:20 PM

Archived from groups: (More info?)

Found the IP address of both of them, but not sure how to handle the
WEP. Is there documentation somewhere online on the 1200 series on how
to do this? I'm sure I can muddle my way through, but it's helpful to
have a wireless network that actually works, so want to make sure.
Also, we have 3 AP's, two are directly connected to the router and one
is a repeater. Is there a certain order I should go in while setting
these up, or does it matter? Thanks!

Walker wrote:
> It seems that you have to contact Cisco since the default settings had
> been changed, such as the default IP address and SSID. Or you have
> to find the people who sold AP to your school. It is easy to be done if
> you get the AP's IP address. But you have to inform the laptop/wireless
> users that your wireless network has been encrypted and the WEP key
> or PSK as well.
>
> "coconut" <nospambaby@despaminize.com> wrote in message
> news:10l41s9dushs57d@corp.supernews.com...
>
>>How is this set up? Via the router, or do I actually go to the IP of
>>the AP's much like a router? How about if I don't know the IP of the
>>AP's, is there a way to find this? These were set up before my time at
>>the school. Our school is in an extremely out of the way location, so
>>it really wouldn't benefit anyone to come up to our school just for free
>>wifi, but I would like it to run correctly. Thanks for your help!
>>
>>Alan White wrote:
>>
>>>If you have no security setup you will be pounded by anyone in the area.
>>>I suggest you set up a SSID, don't broadcast it, enable WPA if available
>
> on
>
>>>the routers (or at least WEP if no WPA).
>>>These steps won't protect you from dedicated hackers, but it will stop
>
> the
>
>>>innocent logging on by anyone in the area.
>>>
>>>"Blah" <blah@blah.com> wrote in message
>>>news:gvq3l051t87gv2pmnuj7tttgb2lcrdqc2e@4ax.com...
>>>
>>>
>>>>I have no clue what I'm doing with our school's wireless network but
>>>>since I have more knowledge than anyone else at our school as far as
>>>>computers are concerned, I got roped into being our "tech" guy. We
>>>>have no encryption set up, and have two Cisco Aironet 1200 series
>>>>AP's. Our school is located in an affluent neighborhood and there are
>>>>several wireless systems set up in people's homes. Yesterday all of a
>>>>sudden you could watch the AP's and it looked like Christmas cause the
>>>>green lights were just blinking like mad! I'm guessing that that
>>>>means that our system is getting pounded. This effected our lab
>>>>computers and they all lost their internet access and none of the
>>>>school's wireless laptops could access the internet, although all of
>>>>them showed in Win XP wireless monitors that they had excellent
>>>>connections. I don't know if this is too much info, or not nearly
>>>>enough, but if someone could ask me more questions, or give me an idea
>>>>of what to look at, I and my school would GREATLY appreciate it!
>>>>
>>>>Thanks!
>>>
>>>
>>>
>
Anonymous
a b F Wireless
September 23, 2004 10:21:51 PM

Archived from groups: (More info?)

From Coconut (aka Blah)
I've got to agree with you Jeff. At our school we pride ourselves on
character education and volunteering to help out is an attribute greatly
desired and promoted. I don't want to comment on Alanb's current
situation, but I'm sure a more positive outlook on life, as well as
education would greatly help.

Jeff Durham wrote:

> That is a sad attitude. I am thankful that people in my company and
> teachers at my children's public school do not have that kind of attitude.
>
> Jeff
>
>
> "Alan Bernardo" <master@oforion.net> wrote in message
> news:qJp4d.5926$He1.5182@attbi_s01...
>
>>"Blah" <blah@blah.com> wrote in message
>>news:gvq3l051t87gv2pmnuj7tttgb2lcrdqc2e@4ax.com...
>>
>>>I have no clue what I'm doing with our school's wireless network but
>>>since I have more knowledge than anyone else at our school as far as
>>>computers are concerned, I got roped into being our "tech" guy.
>>
>>I know the feeling. Too bad you never had any Armed Forces training. I
>>went to the Army, then school, then to teaching.
>>
>>In the Army I learned quite quickly-- never volunteer. As a teacher, I've
>>stuck by this credo. The more you do, the more someone else wants you to
>>do his or her job. It's rather disgusting.
>>
>>As far as a wireless set up, I'm sorry, but I can't help you. I have a
>>wireless set up here at home and one thing you absolutely have to do is to
>>set secure the wireless.
>>
>>If I were you I'd certainly be calling around to other schools and seeing
>>what other "tech" guys (or gals) have to say.
>>
>>Schools work this way. Someone ropes (to quote a phrase) someone else
>>into taking on an assignment above and beyond what it is your duty to do.
>>Then no one wants to help or give guidance.
>>
>>Sorry for the partial OT but I know how you feel. I've been teaching in
>>the Cleveland Public Schools now for nearly 20 years. I've seen this kind
>>of thing happen over and over and over. To play it safe, I just do what
>>I'm supposed to do, nothing more and nothing less.
>>
>>Good luck with your new assignment and I hope things work out well for
>>you.
>>
>>Alanb
>>
>
>
>
Anonymous
a b F Wireless
September 23, 2004 10:28:52 PM

Archived from groups: (More info?)

Noticing the lights was my first clue to the situation. Thanks for all
your help. I've gathered enough info that I think I can take care of
it. We are a small charter school in Idaho and the only people that
will have access to the encryption key are the teachers. There are
about 20 of us in all. Does the key need to be entered in each and
every day, or just altered if I alter it on the AP? We're running Win
XP on all the laptops. The only machines that the students are using
are the lab computers that are hardwired to the DSL line. We have a few
students that live in the area that are tech geeks and I wouldn't be
surprised if they're doing the damage. As far as I can tell, with our
situation it seems that a WEP key would be the way to go. Now it's just
a matter of figuring out how to set it up on each of the AP's. Thanks
for all your help!
Chris


Jeff Liebermann wrote:

> On Wed, 22 Sep 2004 15:22:42 -0600, Blah <blah@blah.com> wrote:
>
>
>>We have no encryption set up, and have two Cisco Aironet 1200 series
>>AP's.
>
>
> Various people have suggested enabling encryption (WEP/WPA). This is
> a good idea but largely useless on a skool wireless system that is
> accessed by students. The problem is that the WEP key or WPA pass
> phrase has to be known by every user of the system. Pass that out to
> all the students and fairly soon the whole world will know the
> password. In short, encryption is useless for public access WLAN's.
>
> What you need is some kind of authorization and authentication system
> for the network. Kerberos is one example. Such systems are resident
> on a network server and control access to the network, not the
> wireless access points. Random wireless users can associate with the
> access points, but can't see anything on the network until they login
> and authenticate.
>
> I'm not terribly familiar with such systems as I don't often get into
> this part of the puzzle. I suggest you speak with other skools that
> have similar systems and ask them what they are using to control
> access. Methinks you'll need to look at your network security as a
> whole, and not just the wireless part. Perhaps some readers here have
> experience and suggestions.
>
> Now, back to the original problem. The light show on the wireless
> side may be due to a worm or virus on your network or on a wireless
> device (laptop). These tend to spray large quantities of broadcasts
> looking for other machines to infect. Lots of ways to identify and
> isolate the culprit, but the quickest is to uplug the ethernet cables
> from each port on the central switch the light show magically stops.
> It also might be one of the neighbors using the school system for
> their personal broadband ISP. (Why subscribe to ADSL or cable modem
> when you can just use the schools system for free?)
>
> Incidentally, since you volunteered for this, get used to looking at
> the lights so that you know how "normal" should appear. The lights
> offer quite a bit of diagnostic information that is easily visible
> without diagnostic software. For example, if ALL the lights on a
> switch flash in unison, that's a broadcast packet doing that. If one
> light is continuously flashing, there's quite a bit of traffic going
> to/from that port. Two lights flashing somewhat in unison means that
> there's quite a bit of traffic going between those two ports. An
> abnormal light pattern will be your first indication of a problem.
>
>
Anonymous
a b F Wireless
September 24, 2004 12:04:26 AM

Archived from groups: (More info?)

"coconut" <nospambaby@despaminize.com> wrote in message
news:10l6qi4ri397u00@corp.supernews.com...
> Noticing the lights was my first clue to the situation. Thanks for all
> your help. I've gathered enough info that I think I can take care of it.
> We are a small charter school in Idaho and the only people that will have
> access to the encryption key are the teachers. There are about 20 of us
> in all. Does the key need to be entered in each and every day, or just
> altered if I alter it on the AP? We're running Win XP on all the laptops.
> The only machines that the students are using are the lab computers that
> are hardwired to the DSL line. We have a few students that live in the
> area that are tech geeks and I wouldn't be surprised if they're doing the
> damage. As far as I can tell, with our situation it seems that a WEP key
> would be the way to go. Now it's just a matter of figuring out how to set
> it up on each of the AP's. Thanks for all your help!
> Chris
>
>
> Jeff Liebermann wrote:
>
>> On Wed, 22 Sep 2004 15:22:42 -0600, Blah <blah@blah.com> wrote:
>>
>>
>>>We have no encryption set up, and have two Cisco Aironet 1200 series
>>>AP's.
>>
>>
>> Various people have suggested enabling encryption (WEP/WPA). This is
>> a good idea but largely useless on a skool wireless system that is
>> accessed by students. The problem is that the WEP key or WPA pass
>> phrase has to be known by every user of the system. Pass that out to
>> all the students and fairly soon the whole world will know the
>> password. In short, encryption is useless for public access WLAN's.
>>
>> What you need is some kind of authorization and authentication system
>> for the network. Kerberos is one example. Such systems are resident
>> on a network server and control access to the network, not the
>> wireless access points. Random wireless users can associate with the
>> access points, but can't see anything on the network until they login
>> and authenticate.
>>
>> I'm not terribly familiar with such systems as I don't often get into
>> this part of the puzzle. I suggest you speak with other skools that
>> have similar systems and ask them what they are using to control
>> access. Methinks you'll need to look at your network security as a
>> whole, and not just the wireless part. Perhaps some readers here have
>> experience and suggestions. Now, back to the original problem. The light
>> show on the wireless
>> side may be due to a worm or virus on your network or on a wireless
>> device (laptop). These tend to spray large quantities of broadcasts
>> looking for other machines to infect. Lots of ways to identify and
>> isolate the culprit, but the quickest is to uplug the ethernet cables
>> from each port on the central switch the light show magically stops.
>> It also might be one of the neighbors using the school system for
>> their personal broadband ISP. (Why subscribe to ADSL or cable modem
>> when you can just use the schools system for free?)
>>
>> Incidentally, since you volunteered for this, get used to looking at
>> the lights so that you know how "normal" should appear. The lights
>> offer quite a bit of diagnostic information that is easily visible
>> without diagnostic software. For example, if ALL the lights on a
>> switch flash in unison, that's a broadcast packet doing that. If one
>> light is continuously flashing, there's quite a bit of traffic going
>> to/from that port. Two lights flashing somewhat in unison means that
>> there's quite a bit of traffic going between those two ports. An
>> abnormal light pattern will be your first indication of a problem.
>>

You just have to set the WEP key once - on the AP and on each laptop. Be
sure your AP supports WEP and not WAP - they are different. WEP is older
and less secure. But not all equipment supports WAP. If you find your APs
support WAP - make sure all your laptops do also before you try to use it.

Also, in setting WEP keys, often you can enter a phrase, which is then
translated into WEP hex keys. However, not all hardware setup software does
the translation the same way. I have found it safer to enter the WEP key as
hex characters directly into all devices.

It may have been said before, but be sure to reset the administrative
password on the APs so that only you and no one else can alter the AP
settings.

Also, given you have two APs and one repeater, suggest you turn off the
repeater initially and deal with the APs. Unless the APs are far apart from
each other, they need to be set to transmit on different channels 1-11.
Only channels 1,6 & 11 are non overlapping channels. And channel 6 is the
default. So to avoid colliding with a local home AP, I suggest you use
channels 1 and 11.

Make sure the laptop will connect to the AP 1) at a close proximity to the
AP and 2) without any security - first - each access point - before you turn
on WEP. Then test each laptop with WEP on - again close to the AP. You
want to ensure that the configuration and equipment is all working before
you start to deal with issues of distance from the AP and loss of signal.

Good luck!

Bob

--
Bob Alston

bobalston9 AT aol DOT com


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.767 / Virus Database: 514 - Release Date: 9/21/2004
Anonymous
a b F Wireless
September 24, 2004 3:16:10 AM

Archived from groups: (More info?)

On Thu, 23 Sep 2004 18:28:52 -0600, coconut
<nospambaby@despaminize.com> wrote:

>We are a small charter school in Idaho and the only people that
>will have access to the encryption key are the teachers. There are
>about 20 of us in all.

That's different from what I assumed. I guessed that you had student
accessing the wireless network. If it's for teachers only, then
either WEP or WPA encryption should be sufficient. No need for
elaborate authentication schemes.

>Does the key need to be entered in each and
>every day, or just altered if I alter it on the AP?

Only once. You enter it in the access point(s). When the client
radio connects, XP will will ask for the WEP key. It can be saved so
that it need only be entered once. However, I would recommend
changing the WEP key at regular intervals (once per quarter or
semester) to reduce exposure from the inevitable leaks.

>We're running Win
>XP on all the laptops.

I strongly suggest installing XP SP2 on these laptops. The
improvements to Wireless Zero Config and general useability are worth
the one hour update ordeal. You should be sure that there are no
viruses, worms, spyware, or trojans running on the machine before
installing SP2.

>The only machines that the students are using
>are the lab computers that are hardwired to the DSL line.

Well, I think it's hardwired to the switch or router that eventually
ends up on the DSL line.

>We have a few
>students that live in the area that are tech geeks and I wouldn't be
>surprised if they're doing the damage.

Careful. I've found that staying on good terms with the local hackers
is a good idea. They can be very helpful, as well as very
destructive. In my experience, massive amounts of traffic are
machines that have been hijacked by a trojan horse for the purpose of
initiating a DDOS (distributed denial of service) attack. Usually
such machines are owned by clueless users that have never bothered to
stay up to date with the latest Microsoft security band-aid of the
week.

>As far as I can tell, with our
>situation it seems that a WEP key would be the way to go. Now it's just
>a matter of figuring out how to set it up on each of the AP's.

No problem. Cisco 1200 access points are fairly straight forward.
Enable WEP 128 bit encryption. Inscribe a suitably cryptic password.
Save. Maybe reboot.

Cisco 1200 security setup:
http://www.cisco.com/en/US/products/hw/wireless/ps430/p...
See the section on "Setting up WEP".

You may also wanna enable MAC address authentication. This will limit
access to only those radios who's MAC address is inscribed in the
access point(s). It's not a great security method, but will slow down
thehackers somewhat. See "Setting up MAC based authentication".

Oh yeah... be sure to set the configuration password for the Cisco
1200 access points to something fairly secure.

Good luck.

--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558
Anonymous
a b F Wireless
September 24, 2004 5:05:59 AM

Archived from groups: (More info?)

I don't have experience with a repeater. I would though get each of my
access points working first. Then, I would tackle the repeater. As for the
repeater, is it possible to use another access point instead? To do that,
you would need to have a wired connection available to the access point. Be
sure to use non-overlapping channels for your access points. Channels 1, 6,
or 11 are good choices. If you are only using two access points, you can
use channels that are essentially 5 channels apart -- 1 and 6, 2 and 7, 3
and 8, etc.

Jeff


"coconut" <nospambaby@despaminize.com> wrote in message
news:10l6q06afl36faa@corp.supernews.com...
> Found the IP address of both of them, but not sure how to handle the WEP.
> Is there documentation somewhere online on the 1200 series on how to do
> this? I'm sure I can muddle my way through, but it's helpful to have a
> wireless network that actually works, so want to make sure. Also, we have
> 3 AP's, two are directly connected to the router and one is a repeater.
> Is there a certain order I should go in while setting these up, or does it
> matter? Thanks!
>
> Walker wrote:
>> It seems that you have to contact Cisco since the default settings had
>> been changed, such as the default IP address and SSID. Or you have
>> to find the people who sold AP to your school. It is easy to be done if
>> you get the AP's IP address. But you have to inform the laptop/wireless
>> users that your wireless network has been encrypted and the WEP key
>> or PSK as well.
>>
>> "coconut" <nospambaby@despaminize.com> wrote in message
>> news:10l41s9dushs57d@corp.supernews.com...
>>
>>>How is this set up? Via the router, or do I actually go to the IP of
>>>the AP's much like a router? How about if I don't know the IP of the
>>>AP's, is there a way to find this? These were set up before my time at
>>>the school. Our school is in an extremely out of the way location, so
>>>it really wouldn't benefit anyone to come up to our school just for free
>>>wifi, but I would like it to run correctly. Thanks for your help!
>>>
>>>Alan White wrote:
>>>
>>>>If you have no security setup you will be pounded by anyone in the area.
>>>>I suggest you set up a SSID, don't broadcast it, enable WPA if available
>>
>> on
>>
>>>>the routers (or at least WEP if no WPA).
>>>>These steps won't protect you from dedicated hackers, but it will stop
>>
>> the
>>
>>>>innocent logging on by anyone in the area.
>>>>
>>>>"Blah" <blah@blah.com> wrote in message
>>>>news:gvq3l051t87gv2pmnuj7tttgb2lcrdqc2e@4ax.com...
>>>>
>>>>
>>>>>I have no clue what I'm doing with our school's wireless network but
>>>>>since I have more knowledge than anyone else at our school as far as
>>>>>computers are concerned, I got roped into being our "tech" guy. We
>>>>>have no encryption set up, and have two Cisco Aironet 1200 series
>>>>>AP's. Our school is located in an affluent neighborhood and there are
>>>>>several wireless systems set up in people's homes. Yesterday all of a
>>>>>sudden you could watch the AP's and it looked like Christmas cause the
>>>>>green lights were just blinking like mad! I'm guessing that that
>>>>>means that our system is getting pounded. This effected our lab
>>>>>computers and they all lost their internet access and none of the
>>>>>school's wireless laptops could access the internet, although all of
>>>>>them showed in Win XP wireless monitors that they had excellent
>>>>>connections. I don't know if this is too much info, or not nearly
>>>>>enough, but if someone could ask me more questions, or give me an idea
>>>>>of what to look at, I and my school would GREATLY appreciate it!
>>>>>
>>>>>Thanks!
>>>>
>>>>
>>>>
>>
Anonymous
a b F Wireless
September 24, 2004 10:51:08 AM

Archived from groups: (More info?)

On Thu, 23 Sep 2004 11:09:22 -0500, "Bob Alston"
<bobalston9NOSPAM@aol.com> wrote:


>Very nice little utility!

Rather over priced for a utility that only tells you someone is
accessing your system and that is it.

You can block access for the same cost.
Anonymous
a b F Wireless
September 24, 2004 3:30:56 PM

Archived from groups: (More info?)

"Brian S. Jones" <brian-s-jonesatcomcast.net> wrote in message
news:4f98l0h7u5dogqlf0iio64pd5o4qpjdigl@4ax.com...
> On Thu, 23 Sep 2004 11:09:22 -0500, "Bob Alston"
> <bobalston9NOSPAM@aol.com> wrote:
>
>
> >Very nice little utility!
>
> Rather over priced for a utility that only tells you someone is
> accessing your system and that is it.
>
> You can block access for the same cost.

I downloaded the new one yesterday (Wireless Defender 1.0) and it will block
access to a foe after you tell it that the intruder is indeed a foe. At
least that's what it says it will do. I don't believe the previous iteration
(Wireless Watch 2.0) had this function.
>
Anonymous
a b F Wireless
September 24, 2004 3:41:14 PM

Archived from groups: (More info?)

As viewed from alt.internet.wireless, Bob Schmidt wrote:

>I downloaded the new one yesterday (Wireless Defender 1.0) and it
>will block access to a foe after you tell it that the intruder is
>indeed a foe. At least that's what it says it will do. I don't
>believe the previous iteration (Wireless Watch 2.0) had this
>function.

I tried it yesterday and it didn't block access to a marked Foe at
all. But maybe that feature is only available on the paid version
and not on the 30-day trial version?

--
Jafo
Anonymous
a b F Wireless
September 24, 2004 4:16:53 PM

Archived from groups: (More info?)

"Bob Schmidt" <Smitty@telecom.SPAMNET> wrote:
>I downloaded the new one yesterday (Wireless Defender 1.0) and it will block
>access to a foe after you tell it that the intruder is indeed a foe. At
>least that's what it says it will do. I don't believe the previous iteration
>(Wireless Watch 2.0) had this function.

How does it do that? My impression was that it's a LAN scanner that
just tells you who is there... [I've got it, but haven't installed it
yet, and given the price point, I'm not sure I'll bother...]
September 24, 2004 4:16:54 PM

Archived from groups: (More info?)

We have our router that the 2 ap's are hooked up to and then another
cable runs to our server. Can Wireless Watch see any activity through
the AP's even if it's running on the server? Or do the AP's need to be
run through the server in order for it to watch activity?

William P.N. Smith wrote:
> "Bob Schmidt" <Smitty@telecom.SPAMNET> wrote:
>
>>I downloaded the new one yesterday (Wireless Defender 1.0) and it will block
>>access to a foe after you tell it that the intruder is indeed a foe. At
>>least that's what it says it will do. I don't believe the previous iteration
>>(Wireless Watch 2.0) had this function.
>
>
> How does it do that? My impression was that it's a LAN scanner that
> just tells you who is there... [I've got it, but haven't installed it
> yet, and given the price point, I'm not sure I'll bother...]
>
Anonymous
a b F Wireless
September 25, 2004 4:09:44 AM

Archived from groups: (More info?)

"Jafo" <a@nospam.invalid> wrote in message
news:8gq8l05mjs9i1phf4h46d69obl7eis43hu@4ax.com...
> As viewed from alt.internet.wireless, Bob Schmidt wrote:
>
> >I downloaded the new one yesterday (Wireless Defender 1.0) and it
> >will block access to a foe after you tell it that the intruder is
> >indeed a foe. At least that's what it says it will do. I don't
> >believe the previous iteration (Wireless Watch 2.0) had this
> >function.
>
> I tried it yesterday and it didn't block access to a marked Foe at
> all. But maybe that feature is only available on the paid version
> and not on the 30-day trial version?
>
> --
> Jafo

Jafo

Make sure you have the settings right in the software. In the Security tab
your router name and password has to be set so it can communicate and set up
with the router, along with the "only allow friends on your network" checked
off. I also had my sensitivity set to high. I played with it tonight and
when I booted up my laptop and attempted router access (with no previous
setting in WiFi Defender for its net name), I couldn't even get the laptop
to associate with my AP. Nothing indicating a network intrusion showed up in
WiFi Defender on my router-connected PC either.

Next, I went into WiFi Defender on the router PC and did an Add Friend to
Network. It saw the laptop and I went ahead, for test purposes, to ID it as
foe and it showed it connected in red. On my laptop I had a connection to my
router but it was only for a few seconds and I never was able to get
internet access or WLAN access. By the next scan WiFi Defender showed the
laptop as disconnected. It looks like, in this case, until I did the add
friend to network scan, my laptop wouldn't even connect to the router and
there was never any indication in WiFi Defender on the router PC that the
laptop existed. Once I did the add friend scan and it found the laptop and I
ID'd it as foe, like I said, it showed connected (and my laptop showed a
brief connection even though I was unable to connect to anything) but by the
next scan it showed as disconnected.

As an aside to this (it gets more complicated), when that laptop booted up
and its WiFi Defender notified me that two new PC's were on the network (my
main router connected PC and another PCI wifi machine downstairs), I went
ahead and classified both of them as foes. I WAS able to access the laptop
briefly from one of those foe PC's. Not so hot. Eventually, on the laptop,
after a couple scans, WiFi Defender killed my router access altogether and I
lost not only the foe's access to my laptop (good) but also the laptop's
router access (no internet or WLAN)-- not great but at least it cut off the
attacker, eventually. And it showed both foe PC's as disconnected. Just a
note if you have the Linksys group of router, PC and/or PCI card: After
screwing around with everybody on the network, I re-ID'd all my guys as
friends; but to get individual PC's reconnected to the router, I had to go
into the WLAN monitor software on each machine, go into profile,edit and
keep hitting next to reaffirm my settings. Once it did this, it reconnected
to the AP(router).

Bottom line: this isn't hardware-level WLAN defense software by any means
but at 40 bucks I don't think it was meant to be. For the average user, it's
probably worth the money from my limited experience with it.
Anonymous
a b F Wireless
September 25, 2004 6:57:39 AM

Archived from groups: (More info?)

"Jeff Durham" <jdurham.outdoor.life@cinci.rr.com> wrote in message
news:myD4d.1163$fZ.242@fe2.columbus.rr.com...
> That is a sad attitude. I am thankful that people in my company and
> teachers at my children's public school do not have that kind of attitude.
>
> Jeff
>
>

It's not a sad attitude, it's reality. What happens in the schools--
administratively-- is embarrassing. I still teach and am committed to doing
so. My students learn and I enjoy myself. But if you're pretending that
there is no slacking or brown-nosing going on in the schools, then-- as is
the case with you-- you've never been in the schools.

It just amuses me to no end how most times someone who has never taught
before can suddenly be so smug and objectionable. If there's a problem, it
needs addressed: it would be sad if it weren't addressed.

Can you imagine what it's like in the Detroit Public Schools, or LA, or NYC?
Here we have students who need help the most but they get it the least--
always the dregs, the stuff about to be thrown out by the more affluent
districts.

So please, don't pretend as if you have any idea of what might be happening
in some of the poorer districts across America. And don't pretend as if you
really care, or label me as having a bad attitude.

I teach and my students learn and I know the value of a sound education.
But the odds some districts are up against, because of utter incompetence
and borderline malfeasance, is something you'll probably never know or care
about.

Alanb
Anonymous
a b F Wireless
September 25, 2004 4:55:22 PM

Archived from groups: (More info?)

That's fine, and somewhat true, but I think what he's saying is your
lack of volunteering and helping out in ways that you can, and share
your knowledge can better situations. I'm not naive, and I have been in
many different school districts, many financial situations for the
parents. I've seen parents and kids that live in a trailer house in the
middle of a desert without anything over their head but a blue tarp
tattered with holes. Screw administration, you can volunteer in some
way and better your school instead of carrying a chip on your shoulder
every where you go. My volunteering with this wireless network has
nothing to do with brown nosing, working my way up the ladder, or any
other alterior motive, just simply helping my school out because I love
it and know that I can share my limited knowledge to help things run a
bit smoother.
Alan Bernardo wrote:
> "Jeff Durham" <jdurham.outdoor.life@cinci.rr.com> wrote in message
> news:myD4d.1163$fZ.242@fe2.columbus.rr.com...
>
>>That is a sad attitude. I am thankful that people in my company and
>>teachers at my children's public school do not have that kind of attitude.
>>
>>Jeff
>>
>>
>
>
> It's not a sad attitude, it's reality. What happens in the schools--
> administratively-- is embarrassing. I still teach and am committed to doing
> so. My students learn and I enjoy myself. But if you're pretending that
> there is no slacking or brown-nosing going on in the schools, then-- as is
> the case with you-- you've never been in the schools.
>
> It just amuses me to no end how most times someone who has never taught
> before can suddenly be so smug and objectionable. If there's a problem, it
> needs addressed: it would be sad if it weren't addressed.
>
> Can you imagine what it's like in the Detroit Public Schools, or LA, or NYC?
> Here we have students who need help the most but they get it the least--
> always the dregs, the stuff about to be thrown out by the more affluent
> districts.
>
> So please, don't pretend as if you have any idea of what might be happening
> in some of the poorer districts across America. And don't pretend as if you
> really care, or label me as having a bad attitude.
>
> I teach and my students learn and I know the value of a sound education.
> But the odds some districts are up against, because of utter incompetence
> and borderline malfeasance, is something you'll probably never know or care
> about.
>
> Alanb
>
>
>
Anonymous
a b F Wireless
September 27, 2004 2:22:50 AM

Archived from groups: (More info?)

'Blah',

Just as a reassurance: happily blinking lights on the APs do *not* mean your
network computers are infected with a virus, it simply shows that the
network is being used.

To check if this is being done by unauthorised machines, monitor the traffic
using a 'sniffer' (Ethereal is a good one). Ideally you would have a list
with the MAC addresses of all your equipment to compare against, but
switching everything off (perhaps including other APs!) may also work for
you

> Now, back to the original problem. The light show on the wireless
> side may be due to a worm or virus on your network or on a wireless
> device (laptop). These tend to spray large quantities of broadcasts
> looking for other machines to infect. Lots of ways to identify and
> isolate the culprit, but the quickest is to uplug the ethernet cables
> from each port on the central switch the light show magically stops.
> It also might be one of the neighbors using the school system for
> their personal broadband ISP. (Why subscribe to ADSL or cable modem
> when you can just use the schools system for free?)
>
> Incidentally, since you volunteered for this, get used to looking at
> the lights so that you know how "normal" should appear. The lights
> offer quite a bit of diagnostic information that is easily visible
> without diagnostic software. For example, if ALL the lights on a
> switch flash in unison, that's a broadcast packet doing that. If one
> light is continuously flashing, there's quite a bit of traffic going
> to/from that port. Two lights flashing somewhat in unison means that
> there's quite a bit of traffic going between those two ports. An
> abnormal light pattern will be your first indication of a problem.
Anonymous
a b F Wireless
September 27, 2004 2:22:51 AM

Archived from groups: (More info?)

On Sun, 26 Sep 2004 22:22:50 +0200, "Jeroen van Bemmel"
<someone@somewhere.com> wrote:

>'Blah',

Really?

>Just as a reassurance: happily blinking lights on the APs do *not* mean your
>network computers are infected with a virus, it simply shows that the
>network is being used.

True. However, continuously blinking lights, that never stop, and
"abnormal" activity levels, are a good indication that something is
wrong. Unfortunately, intermittent abnormal activity can be
deceiving. Whenever MS issues a band-aid or automagic update, I get
calls from my customers wondering what's wrong with their LAN. They
set their PC's to download updates and casually inform the user that
an update is waiting to get installed. Unfortunately, when 50
machines get turned on in the morning, and all wanna update at exactly
the same time, abnormal activity would be a good description. Anyway,
paranoia is the way of life for the system administrator. I consider
it a good thing.

>To check if this is being done by unauthorised machines, monitor the traffic
>using a 'sniffer' (Ethereal is a good one). Ideally you would have a list
>with the MAC addresses of all your equipment to compare against, but
>switching everything off (perhaps including other APs!) may also work for
>you

Bleh(tm).

Sniffers are good for identifying the culprit and nature of the
problem. They're almost useless for detecting the problem. For that,
I use an SNMP based traffic monitor such as MRTG or RRDTool.
http://www.mrtg.org
http://www.rrdtool.org
These will give a history of what constitutes normal traffic patterns.
If something suddenly changes, it will be obvious on the aggregate
traffic graphs. After something is determined to be screwed up, then
you can use a sniffer to determine the nature of the beast. However,
I only have one customer qualified to interpret the results of a
capture session and prefer something that can be orchestrated over the
phone. I have them pull the ethernet plugs on the central switch
until the excessive traffic (i.e. excessively flashing lights) goes
away. The culprit can usually be found at the other end of the cable.

The Cisco 1200 supports SNMP and can therefore be monitored with these
tools. Lots of examples on the web:
http://openfire.coloradocollege.edu/mrtg/how.html
The catch is that the skool will need to dedicate a machine to data
collection and network management. This is not impossible, but at the
level of activity, is probably not cost justifiable.


--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558
Anonymous
a b F Wireless
September 27, 2004 2:42:50 AM

Archived from groups: (More info?)

Chris,

From what you're saying here and before I gather that someone was heavily
using the WLAN, causing the other users of the DSL line (including the fixed
stations) to loose their Internet connection (perhaps not totally lost but
terribly slow?)

Since you have such a small set of laptops, I would suggets to use MAC
address filtering on the APs. It is not fool proof, but it will keep out
casual unauthorised users. See the Cisco manual on how to set it up, you
simply need to enter the MAC addresses of valid school laptops into each AP.
This can be combined with WEP

Depending on the capabilities of the router you're using towards the DSL
line, perhaps you can somehow limit the bandwidth being used by all wireless
users together? This would avoid the situation where all the stations loose
their connection because some wireless person is stealing all resources.

Some questions:
- Could it be that one of the teachers installed a bandwidth-intensive
application on his/her laptop? (e.g. p2p file sharing client...)
- Do you use private IP addressing to protect the school's computers from
being addressed from the Internet?

"coconut" <nospambaby@despaminize.com> wrote in message
news:10l6qi4ri397u00@corp.supernews.com...
> Noticing the lights was my first clue to the situation. Thanks for all
> your help. I've gathered enough info that I think I can take care of it.
> We are a small charter school in Idaho and the only people that will have
> access to the encryption key are the teachers. There are about 20 of us
> in all. Does the key need to be entered in each and every day, or just
> altered if I alter it on the AP? We're running Win XP on all the laptops.
> The only machines that the students are using are the lab computers that
> are hardwired to the DSL line. We have a few students that live in the
> area that are tech geeks and I wouldn't be surprised if they're doing the
> damage. As far as I can tell, with our situation it seems that a WEP key
> would be the way to go. Now it's just a matter of figuring out how to set
> it up on each of the AP's. Thanks for all your help!
> Chris
>
>
> Jeff Liebermann wrote:
>
>> On Wed, 22 Sep 2004 15:22:42 -0600, Blah <blah@blah.com> wrote:
>>
>>
>>>We have no encryption set up, and have two Cisco Aironet 1200 series
>>>AP's.
>>
>>
>> Various people have suggested enabling encryption (WEP/WPA). This is
>> a good idea but largely useless on a skool wireless system that is
>> accessed by students. The problem is that the WEP key or WPA pass
>> phrase has to be known by every user of the system. Pass that out to
>> all the students and fairly soon the whole world will know the
>> password. In short, encryption is useless for public access WLAN's.
>>
>> What you need is some kind of authorization and authentication system
>> for the network. Kerberos is one example. Such systems are resident
>> on a network server and control access to the network, not the
>> wireless access points. Random wireless users can associate with the
>> access points, but can't see anything on the network until they login
>> and authenticate.
>>
>> I'm not terribly familiar with such systems as I don't often get into
>> this part of the puzzle. I suggest you speak with other skools that
>> have similar systems and ask them what they are using to control
>> access. Methinks you'll need to look at your network security as a
>> whole, and not just the wireless part. Perhaps some readers here have
>> experience and suggestions. Now, back to the original problem. The light
>> show on the wireless
>> side may be due to a worm or virus on your network or on a wireless
>> device (laptop). These tend to spray large quantities of broadcasts
>> looking for other machines to infect. Lots of ways to identify and
>> isolate the culprit, but the quickest is to uplug the ethernet cables
>> from each port on the central switch the light show magically stops.
>> It also might be one of the neighbors using the school system for
>> their personal broadband ISP. (Why subscribe to ADSL or cable modem
>> when you can just use the schools system for free?)
>>
>> Incidentally, since you volunteered for this, get used to looking at
>> the lights so that you know how "normal" should appear. The lights
>> offer quite a bit of diagnostic information that is easily visible
>> without diagnostic software. For example, if ALL the lights on a
>> switch flash in unison, that's a broadcast packet doing that. If one
>> light is continuously flashing, there's quite a bit of traffic going
>> to/from that port. Two lights flashing somewhat in unison means that
>> there's quite a bit of traffic going between those two ports. An
>> abnormal light pattern will be your first indication of a problem.
>>
Anonymous
a b F Wireless
September 27, 2004 2:42:51 AM

Archived from groups: (More info?)

The WEP seemed to do the trick on Friday. Everyone had access, and our
statewide testing that requires internet access wasn't hurt. I think
I'm going to add in the MAC filtering as well, just for extra measures.
The only thing that I can think of that may be causing it is we have
many teachers out of the 25 that are employed there that have no clue
what the hell they're doing with the machines. I'm going thru and
running ad aware and spybot on all just to make sure they haven't gotten
something installed that they don't want. I'm going to configure
wireless watch tomorrow to see whose IP is causing the hassle.
Hopefully that will work as well. Thanks for everyone's help!

Jeroen van Bemmel wrote:

> Chris,
>
> From what you're saying here and before I gather that someone was heavily
> using the WLAN, causing the other users of the DSL line (including the fixed
> stations) to loose their Internet connection (perhaps not totally lost but
> terribly slow?)
>
> Since you have such a small set of laptops, I would suggets to use MAC
> address filtering on the APs. It is not fool proof, but it will keep out
> casual unauthorised users. See the Cisco manual on how to set it up, you
> simply need to enter the MAC addresses of valid school laptops into each AP.
> This can be combined with WEP
>
> Depending on the capabilities of the router you're using towards the DSL
> line, perhaps you can somehow limit the bandwidth being used by all wireless
> users together? This would avoid the situation where all the stations loose
> their connection because some wireless person is stealing all resources.
>
> Some questions:
> - Could it be that one of the teachers installed a bandwidth-intensive
> application on his/her laptop? (e.g. p2p file sharing client...)
> - Do you use private IP addressing to protect the school's computers from
> being addressed from the Internet?
>
> "coconut" <nospambaby@despaminize.com> wrote in message
> news:10l6qi4ri397u00@corp.supernews.com...
>
>>Noticing the lights was my first clue to the situation. Thanks for all
>>your help. I've gathered enough info that I think I can take care of it.
>>We are a small charter school in Idaho and the only people that will have
>>access to the encryption key are the teachers. There are about 20 of us
>>in all. Does the key need to be entered in each and every day, or just
>>altered if I alter it on the AP? We're running Win XP on all the laptops.
>>The only machines that the students are using are the lab computers that
>>are hardwired to the DSL line. We have a few students that live in the
>>area that are tech geeks and I wouldn't be surprised if they're doing the
>>damage. As far as I can tell, with our situation it seems that a WEP key
>>would be the way to go. Now it's just a matter of figuring out how to set
>>it up on each of the AP's. Thanks for all your help!
>>Chris
>>
>>
>>Jeff Liebermann wrote:
>>
>>
>>>On Wed, 22 Sep 2004 15:22:42 -0600, Blah <blah@blah.com> wrote:
>>>
>>>
>>>
>>>>We have no encryption set up, and have two Cisco Aironet 1200 series
>>>>AP's.
>>>
>>>
>>>Various people have suggested enabling encryption (WEP/WPA). This is
>>>a good idea but largely useless on a skool wireless system that is
>>>accessed by students. The problem is that the WEP key or WPA pass
>>>phrase has to be known by every user of the system. Pass that out to
>>>all the students and fairly soon the whole world will know the
>>>password. In short, encryption is useless for public access WLAN's.
>>>
>>>What you need is some kind of authorization and authentication system
>>>for the network. Kerberos is one example. Such systems are resident
>>>on a network server and control access to the network, not the
>>>wireless access points. Random wireless users can associate with the
>>>access points, but can't see anything on the network until they login
>>>and authenticate.
>>>
>>>I'm not terribly familiar with such systems as I don't often get into
>>>this part of the puzzle. I suggest you speak with other skools that
>>>have similar systems and ask them what they are using to control
>>>access. Methinks you'll need to look at your network security as a
>>>whole, and not just the wireless part. Perhaps some readers here have
>>>experience and suggestions. Now, back to the original problem. The light
>>>show on the wireless
>>>side may be due to a worm or virus on your network or on a wireless
>>>device (laptop). These tend to spray large quantities of broadcasts
>>>looking for other machines to infect. Lots of ways to identify and
>>>isolate the culprit, but the quickest is to uplug the ethernet cables
>>>from each port on the central switch the light show magically stops.
>>>It also might be one of the neighbors using the school system for
>>>their personal broadband ISP. (Why subscribe to ADSL or cable modem
>>>when you can just use the schools system for free?)
>>>
>>>Incidentally, since you volunteered for this, get used to looking at
>>>the lights so that you know how "normal" should appear. The lights
>>>offer quite a bit of diagnostic information that is easily visible
>>>without diagnostic software. For example, if ALL the lights on a
>>>switch flash in unison, that's a broadcast packet doing that. If one
>>>light is continuously flashing, there's quite a bit of traffic going
>>>to/from that port. Two lights flashing somewhat in unison means that
>>>there's quite a bit of traffic going between those two ports. An
>>>abnormal light pattern will be your first indication of a problem.
>>>
>
>
!