School's wireless network

Archived from groups: (More info?)

I have no clue what I'm doing with our school's wireless network but
since I have more knowledge than anyone else at our school as far as
computers are concerned, I got roped into being our "tech" guy. We
have no encryption set up, and have two Cisco Aironet 1200 series
AP's. Our school is located in an affluent neighborhood and there are
several wireless systems set up in people's homes. Yesterday all of a
sudden you could watch the AP's and it looked like Christmas cause the
green lights were just blinking like mad! I'm guessing that that
means that our system is getting pounded. This effected our lab
computers and they all lost their internet access and none of the
school's wireless laptops could access the internet, although all of
them showed in Win XP wireless monitors that they had excellent
connections. I don't know if this is too much info, or not nearly
enough, but if someone could ask me more questions, or give me an idea
of what to look at, I and my school would GREATLY appreciate it!

Thanks!
31 answers Last reply
More about school wireless network
  1. Archived from groups: (More info?)

    If you have no security setup you will be pounded by anyone in the area.
    I suggest you set up a SSID, don't broadcast it, enable WPA if available on
    the routers (or at least WEP if no WPA).
    These steps won't protect you from dedicated hackers, but it will stop the
    innocent logging on by anyone in the area.

    "Blah" <blah@blah.com> wrote in message
    news:gvq3l051t87gv2pmnuj7tttgb2lcrdqc2e@4ax.com...
    >I have no clue what I'm doing with our school's wireless network but
    > since I have more knowledge than anyone else at our school as far as
    > computers are concerned, I got roped into being our "tech" guy. We
    > have no encryption set up, and have two Cisco Aironet 1200 series
    > AP's. Our school is located in an affluent neighborhood and there are
    > several wireless systems set up in people's homes. Yesterday all of a
    > sudden you could watch the AP's and it looked like Christmas cause the
    > green lights were just blinking like mad! I'm guessing that that
    > means that our system is getting pounded. This effected our lab
    > computers and they all lost their internet access and none of the
    > school's wireless laptops could access the internet, although all of
    > them showed in Win XP wireless monitors that they had excellent
    > connections. I don't know if this is too much info, or not nearly
    > enough, but if someone could ask me more questions, or give me an idea
    > of what to look at, I and my school would GREATLY appreciate it!
    >
    > Thanks!
  2. Archived from groups: (More info?)

    How is this set up? Via the router, or do I actually go to the IP of
    the AP's much like a router? How about if I don't know the IP of the
    AP's, is there a way to find this? These were set up before my time at
    the school. Our school is in an extremely out of the way location, so
    it really wouldn't benefit anyone to come up to our school just for free
    wifi, but I would like it to run correctly. Thanks for your help!

    Alan White wrote:
    > If you have no security setup you will be pounded by anyone in the area.
    > I suggest you set up a SSID, don't broadcast it, enable WPA if available on
    > the routers (or at least WEP if no WPA).
    > These steps won't protect you from dedicated hackers, but it will stop the
    > innocent logging on by anyone in the area.
    >
    > "Blah" <blah@blah.com> wrote in message
    > news:gvq3l051t87gv2pmnuj7tttgb2lcrdqc2e@4ax.com...
    >
    >>I have no clue what I'm doing with our school's wireless network but
    >>since I have more knowledge than anyone else at our school as far as
    >>computers are concerned, I got roped into being our "tech" guy. We
    >>have no encryption set up, and have two Cisco Aironet 1200 series
    >>AP's. Our school is located in an affluent neighborhood and there are
    >>several wireless systems set up in people's homes. Yesterday all of a
    >>sudden you could watch the AP's and it looked like Christmas cause the
    >>green lights were just blinking like mad! I'm guessing that that
    >>means that our system is getting pounded. This effected our lab
    >>computers and they all lost their internet access and none of the
    >>school's wireless laptops could access the internet, although all of
    >>them showed in Win XP wireless monitors that they had excellent
    >>connections. I don't know if this is too much info, or not nearly
    >>enough, but if someone could ask me more questions, or give me an idea
    >>of what to look at, I and my school would GREATLY appreciate it!
    >>
    >>Thanks!
    >
    >
    >
  3. Archived from groups: (More info?)

    "Blah" <blah@blah.com> wrote in message
    news:gvq3l051t87gv2pmnuj7tttgb2lcrdqc2e@4ax.com...
    >I have no clue what I'm doing with our school's wireless network but
    > since I have more knowledge than anyone else at our school as far as
    > computers are concerned, I got roped into being our "tech" guy. We
    > have no encryption set up, and have two Cisco Aironet 1200 series
    > AP's. Our school is located in an affluent neighborhood and there are
    > several wireless systems set up in people's homes. Yesterday all of a
    > sudden you could watch the AP's and it looked like Christmas cause the
    > green lights were just blinking like mad! I'm guessing that that
    > means that our system is getting pounded. This effected our lab
    > computers and they all lost their internet access and none of the
    > school's wireless laptops could access the internet, although all of
    > them showed in Win XP wireless monitors that they had excellent
    > connections. I don't know if this is too much info, or not nearly
    > enough, but if someone could ask me more questions, or give me an idea
    > of what to look at, I and my school would GREATLY appreciate it!
    >
    > Thanks!

    Why not try to get one of the parents with wireless setup in their home to
    help you? Or how about the high school computer guru from the student body?
    Or as another poster recommended, maybe some guideance from another school
    who is ahead of you. Finally, some schools have linkages with local
    businesses who "adopt a school". If such exists for your school, talk to
    the business's computer help for assistance.

    What city are you in? Maybe someone will see this and offer some help.

    --
    Bob Alston

    bobalston9 AT aol DOT com


    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.767 / Virus Database: 514 - Release Date: 9/21/2004
  4. Archived from groups: (More info?)

    "Blah" <blah@blah.com> wrote in message
    news:gvq3l051t87gv2pmnuj7tttgb2lcrdqc2e@4ax.com...
    > I have no clue what I'm doing with our school's wireless network but
    > since I have more knowledge than anyone else at our school as far as
    > computers are concerned, I got roped into being our "tech" guy. We
    > have no encryption set up, and have two Cisco Aironet 1200 series
    > AP's. Our school is located in an affluent neighborhood and there are
    > several wireless systems set up in people's homes. Yesterday all of a
    > sudden you could watch the AP's and it looked like Christmas cause the
    > green lights were just blinking like mad! I'm guessing that that
    > means that our system is getting pounded. This effected our lab
    > computers and they all lost their internet access and none of the
    > school's wireless laptops could access the internet, although all of
    > them showed in Win XP wireless monitors that they had excellent
    > connections. I don't know if this is too much info, or not nearly
    > enough, but if someone could ask me more questions, or give me an idea
    > of what to look at, I and my school would GREATLY appreciate it!
    >
    > Thanks!

    GIYF:
    http://www.cisco.com/en/US/netsol/ns339/ns395/ns176/ns178/networking_solutions_package.html

    HTH.

    William
  5. Archived from groups: (More info?)

    Hiding the SSID will not stop hackers. It is a waste of time doing that as
    it is easy to discover it. Using WPA will prevent unauthorized access. WEP
    is the next best thing, but WPA is far superior.

    Jeff


    "Alan White" <alanwhite@hotmail.com> wrote in message
    news:Bfn4d.17452$bL1.903919@news20.bellglobal.com...
    > If you have no security setup you will be pounded by anyone in the area.
    > I suggest you set up a SSID, don't broadcast it, enable WPA if available
    > on the routers (or at least WEP if no WPA).
    > These steps won't protect you from dedicated hackers, but it will stop the
    > innocent logging on by anyone in the area.
    >
    > "Blah" <blah@blah.com> wrote in message
    > news:gvq3l051t87gv2pmnuj7tttgb2lcrdqc2e@4ax.com...
    >>I have no clue what I'm doing with our school's wireless network but
    >> since I have more knowledge than anyone else at our school as far as
    >> computers are concerned, I got roped into being our "tech" guy. We
    >> have no encryption set up, and have two Cisco Aironet 1200 series
    >> AP's. Our school is located in an affluent neighborhood and there are
    >> several wireless systems set up in people's homes. Yesterday all of a
    >> sudden you could watch the AP's and it looked like Christmas cause the
    >> green lights were just blinking like mad! I'm guessing that that
    >> means that our system is getting pounded. This effected our lab
    >> computers and they all lost their internet access and none of the
    >> school's wireless laptops could access the internet, although all of
    >> them showed in Win XP wireless monitors that they had excellent
    >> connections. I don't know if this is too much info, or not nearly
    >> enough, but if someone could ask me more questions, or give me an idea
    >> of what to look at, I and my school would GREATLY appreciate it!
    >>
    >> Thanks!
    >
    >
  6. Archived from groups: (More info?)

    "Blah" <blah@blah.com> wrote in message
    news:gvq3l051t87gv2pmnuj7tttgb2lcrdqc2e@4ax.com...
    >I have no clue what I'm doing with our school's wireless network but
    > since I have more knowledge than anyone else at our school as far as
    > computers are concerned, I got roped into being our "tech" guy.

    I know the feeling. Too bad you never had any Armed Forces training. I
    went to the Army, then school, then to teaching.

    In the Army I learned quite quickly-- never volunteer. As a teacher, I've
    stuck by this credo. The more you do, the more someone else wants you to do
    his or her job. It's rather disgusting.

    As far as a wireless set up, I'm sorry, but I can't help you. I have a
    wireless set up here at home and one thing you absolutely have to do is to
    set secure the wireless.

    If I were you I'd certainly be calling around to other schools and seeing
    what other "tech" guys (or gals) have to say.

    Schools work this way. Someone ropes (to quote a phrase) someone else into
    taking on an assignment above and beyond what it is your duty to do. Then
    no one wants to help or give guidance.

    Sorry for the partial OT but I know how you feel. I've been teaching in the
    Cleveland Public Schools now for nearly 20 years. I've seen this kind of
    thing happen over and over and over. To play it safe, I just do what I'm
    supposed to do, nothing more and nothing less.

    Good luck with your new assignment and I hope things work out well for you.

    Alanb
  7. Archived from groups: (More info?)

    "Blah" <blah@blah.com> wrote in message
    news:gvq3l051t87gv2pmnuj7tttgb2lcrdqc2e@4ax.com...
    > I have no clue what I'm doing with our school's wireless network but
    > since I have more knowledge than anyone else at our school as far as
    > computers are concerned, I got roped into being our "tech" guy. We
    > have no encryption set up, and have two Cisco Aironet 1200 series
    > AP's.

    Blah: Here's Cisco's page for the 1200.

    http://www.cisco.com/en/US/products/hw/wireless/ps430/ps4076/

    Here's the 1200 FAQ. Down toward the bottom is a section on password
    recovery if you don't know the password someone might have set it up with:

    http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_qandas_list.html


    Our school is located in an affluent neighborhood and there are
    > several wireless systems set up in people's homes. Yesterday all of a
    > sudden you could watch the AP's and it looked like Christmas cause the
    > green lights were just blinking like mad! I'm guessing that that
    > means that our system is getting pounded. This effected our lab
    > computers and they all lost their internet access and none of the
    > school's wireless laptops could access the internet, although all of
    > them showed in Win XP wireless monitors that they had excellent
    > connections. I don't know if this is too much info, or not nearly
    > enough, but if someone could ask me more questions, or give me an idea
    > of what to look at, I and my school would GREATLY appreciate it!
    >
    > Thanks!

    You've got to get into the AP's and set a unique security code, either WEP
    or WPA, to isolate them from the surrounding neighborhood. Once you do that,
    there's a nice, basic little program I found called Wireless Watch 2.0 that
    will show you if someone ever comes onto your network. I'm sure that the
    ubergeeks out there could find 100 ways around it but at least it will
    basically tell you that things are safe with your WLAN. You can try it for
    30 days then I thinks it's around 30 bucks to buy a license. Here's a review
    of the program:

    http://www.onlinesecurity.com/Community_Forum/Community_Forum_detail163.php

    Good luck. If you can get into the AP and set up the proper security so you
    can isolate it, most of your battle will be won.
  8. Archived from groups: (More info?)

    On Wed, 22 Sep 2004 15:22:42 -0600, Blah <blah@blah.com> wrote:

    >We have no encryption set up, and have two Cisco Aironet 1200 series
    >AP's.

    Various people have suggested enabling encryption (WEP/WPA). This is
    a good idea but largely useless on a skool wireless system that is
    accessed by students. The problem is that the WEP key or WPA pass
    phrase has to be known by every user of the system. Pass that out to
    all the students and fairly soon the whole world will know the
    password. In short, encryption is useless for public access WLAN's.

    What you need is some kind of authorization and authentication system
    for the network. Kerberos is one example. Such systems are resident
    on a network server and control access to the network, not the
    wireless access points. Random wireless users can associate with the
    access points, but can't see anything on the network until they login
    and authenticate.

    I'm not terribly familiar with such systems as I don't often get into
    this part of the puzzle. I suggest you speak with other skools that
    have similar systems and ask them what they are using to control
    access. Methinks you'll need to look at your network security as a
    whole, and not just the wireless part. Perhaps some readers here have
    experience and suggestions.

    Now, back to the original problem. The light show on the wireless
    side may be due to a worm or virus on your network or on a wireless
    device (laptop). These tend to spray large quantities of broadcasts
    looking for other machines to infect. Lots of ways to identify and
    isolate the culprit, but the quickest is to uplug the ethernet cables
    from each port on the central switch the light show magically stops.
    It also might be one of the neighbors using the school system for
    their personal broadband ISP. (Why subscribe to ADSL or cable modem
    when you can just use the schools system for free?)

    Incidentally, since you volunteered for this, get used to looking at
    the lights so that you know how "normal" should appear. The lights
    offer quite a bit of diagnostic information that is easily visible
    without diagnostic software. For example, if ALL the lights on a
    switch flash in unison, that's a broadcast packet doing that. If one
    light is continuously flashing, there's quite a bit of traffic going
    to/from that port. Two lights flashing somewhat in unison means that
    there's quite a bit of traffic going between those two ports. An
    abnormal light pattern will be your first indication of a problem.


    --
    Jeff Liebermann jeffl@comix.santa-cruz.ca.us
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 AE6KS 831-336-2558
  9. Archived from groups: (More info?)

    "Bob Schmidt" <Smitty@telecom.SPAMNET> wrote in message
    news:l5B4d.83$9M4.3122@news20.bellglobal.com...
    >
    > "Blah" <blah@blah.com> wrote in message
    > news:gvq3l051t87gv2pmnuj7tttgb2lcrdqc2e@4ax.com...
    >> I have no clue what I'm doing with our school's wireless network but
    >> since I have more knowledge than anyone else at our school as far as
    >> computers are concerned, I got roped into being our "tech" guy. We
    >> have no encryption set up, and have two Cisco Aironet 1200 series
    >> AP's.
    >
    > Blah: Here's Cisco's page for the 1200.
    >
    > http://www.cisco.com/en/US/products/hw/wireless/ps430/ps4076/
    >
    > Here's the 1200 FAQ. Down toward the bottom is a section on password
    > recovery if you don't know the password someone might have set it up with:
    >
    > http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_qandas_list.html
    >
    >
    > Our school is located in an affluent neighborhood and there are
    >> several wireless systems set up in people's homes. Yesterday all of a
    >> sudden you could watch the AP's and it looked like Christmas cause the
    >> green lights were just blinking like mad! I'm guessing that that
    >> means that our system is getting pounded. This effected our lab
    >> computers and they all lost their internet access and none of the
    >> school's wireless laptops could access the internet, although all of
    >> them showed in Win XP wireless monitors that they had excellent
    >> connections. I don't know if this is too much info, or not nearly
    >> enough, but if someone could ask me more questions, or give me an idea
    >> of what to look at, I and my school would GREATLY appreciate it!
    >>
    >> Thanks!
    >
    > You've got to get into the AP's and set a unique security code, either WEP
    > or WPA, to isolate them from the surrounding neighborhood. Once you do
    > that,
    > there's a nice, basic little program I found called Wireless Watch 2.0
    > that
    > will show you if someone ever comes onto your network. I'm sure that the
    > ubergeeks out there could find 100 ways around it but at least it will
    > basically tell you that things are safe with your WLAN. You can try it for
    > 30 days then I thinks it's around 30 bucks to buy a license. Here's a
    > review
    > of the program:
    >
    > http://www.onlinesecurity.com/Community_Forum/Community_Forum_detail163.php
    >
    > Good luck. If you can get into the AP and set up the proper security so
    > you
    > can isolate it, most of your battle will be won.
    >
    >
    Very nice little utility!

    --
    Bob Alston

    bobalston9 AT aol DOT com


    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.767 / Virus Database: 514 - Release Date: 9/21/2004
  10. Archived from groups: (More info?)

    "Bob Alston" <bobalston9NOSPAM@aol.com> wrote:
    >> http://www.onlinesecurity.com/Community_Forum/Community_Forum_detail163.php

    >Very nice little utility!

    http://www.otosoftware.com/wireless.asp seems to have replaced it (now
    $40 after the 30-day free trial).
  11. Archived from groups: (More info?)

    <William P.N. Smith> wrote in message
    news:7f46l0lfsek55o2c0kftdsbjhdav5ong25@4ax.com...
    > "Bob Alston" <bobalston9NOSPAM@aol.com> wrote:
    > >>
    http://www.onlinesecurity.com/Community_Forum/Community_Forum_detail163.php
    >
    > >Very nice little utility!
    >
    > http://www.otosoftware.com/wireless.asp seems to have replaced it (now
    > $40 after the 30-day free trial).

    Thanks for the update on the replacement!
    >
  12. Archived from groups: (More info?)

    That is a sad attitude. I am thankful that people in my company and
    teachers at my children's public school do not have that kind of attitude.

    Jeff


    "Alan Bernardo" <master@oforion.net> wrote in message
    news:qJp4d.5926$He1.5182@attbi_s01...
    >
    > "Blah" <blah@blah.com> wrote in message
    > news:gvq3l051t87gv2pmnuj7tttgb2lcrdqc2e@4ax.com...
    >>I have no clue what I'm doing with our school's wireless network but
    >> since I have more knowledge than anyone else at our school as far as
    >> computers are concerned, I got roped into being our "tech" guy.
    >
    > I know the feeling. Too bad you never had any Armed Forces training. I
    > went to the Army, then school, then to teaching.
    >
    > In the Army I learned quite quickly-- never volunteer. As a teacher, I've
    > stuck by this credo. The more you do, the more someone else wants you to
    > do his or her job. It's rather disgusting.
    >
    > As far as a wireless set up, I'm sorry, but I can't help you. I have a
    > wireless set up here at home and one thing you absolutely have to do is to
    > set secure the wireless.
    >
    > If I were you I'd certainly be calling around to other schools and seeing
    > what other "tech" guys (or gals) have to say.
    >
    > Schools work this way. Someone ropes (to quote a phrase) someone else
    > into taking on an assignment above and beyond what it is your duty to do.
    > Then no one wants to help or give guidance.
    >
    > Sorry for the partial OT but I know how you feel. I've been teaching in
    > the Cleveland Public Schools now for nearly 20 years. I've seen this kind
    > of thing happen over and over and over. To play it safe, I just do what
    > I'm supposed to do, nothing more and nothing less.
    >
    > Good luck with your new assignment and I hope things work out well for
    > you.
    >
    > Alanb
    >
  13. Archived from groups: (More info?)

    It seems that you have to contact Cisco since the default settings had
    been changed, such as the default IP address and SSID. Or you have
    to find the people who sold AP to your school. It is easy to be done if
    you get the AP's IP address. But you have to inform the laptop/wireless
    users that your wireless network has been encrypted and the WEP key
    or PSK as well.

    "coconut" <nospambaby@despaminize.com> wrote in message
    news:10l41s9dushs57d@corp.supernews.com...
    > How is this set up? Via the router, or do I actually go to the IP of
    > the AP's much like a router? How about if I don't know the IP of the
    > AP's, is there a way to find this? These were set up before my time at
    > the school. Our school is in an extremely out of the way location, so
    > it really wouldn't benefit anyone to come up to our school just for free
    > wifi, but I would like it to run correctly. Thanks for your help!
    >
    > Alan White wrote:
    > > If you have no security setup you will be pounded by anyone in the area.
    > > I suggest you set up a SSID, don't broadcast it, enable WPA if available
    on
    > > the routers (or at least WEP if no WPA).
    > > These steps won't protect you from dedicated hackers, but it will stop
    the
    > > innocent logging on by anyone in the area.
    > >
    > > "Blah" <blah@blah.com> wrote in message
    > > news:gvq3l051t87gv2pmnuj7tttgb2lcrdqc2e@4ax.com...
    > >
    > >>I have no clue what I'm doing with our school's wireless network but
    > >>since I have more knowledge than anyone else at our school as far as
    > >>computers are concerned, I got roped into being our "tech" guy. We
    > >>have no encryption set up, and have two Cisco Aironet 1200 series
    > >>AP's. Our school is located in an affluent neighborhood and there are
    > >>several wireless systems set up in people's homes. Yesterday all of a
    > >>sudden you could watch the AP's and it looked like Christmas cause the
    > >>green lights were just blinking like mad! I'm guessing that that
    > >>means that our system is getting pounded. This effected our lab
    > >>computers and they all lost their internet access and none of the
    > >>school's wireless laptops could access the internet, although all of
    > >>them showed in Win XP wireless monitors that they had excellent
    > >>connections. I don't know if this is too much info, or not nearly
    > >>enough, but if someone could ask me more questions, or give me an idea
    > >>of what to look at, I and my school would GREATLY appreciate it!
    > >>
    > >>Thanks!
    > >
    > >
    > >
  14. Archived from groups: (More info?)

    Found the IP address of both of them, but not sure how to handle the
    WEP. Is there documentation somewhere online on the 1200 series on how
    to do this? I'm sure I can muddle my way through, but it's helpful to
    have a wireless network that actually works, so want to make sure.
    Also, we have 3 AP's, two are directly connected to the router and one
    is a repeater. Is there a certain order I should go in while setting
    these up, or does it matter? Thanks!

    Walker wrote:
    > It seems that you have to contact Cisco since the default settings had
    > been changed, such as the default IP address and SSID. Or you have
    > to find the people who sold AP to your school. It is easy to be done if
    > you get the AP's IP address. But you have to inform the laptop/wireless
    > users that your wireless network has been encrypted and the WEP key
    > or PSK as well.
    >
    > "coconut" <nospambaby@despaminize.com> wrote in message
    > news:10l41s9dushs57d@corp.supernews.com...
    >
    >>How is this set up? Via the router, or do I actually go to the IP of
    >>the AP's much like a router? How about if I don't know the IP of the
    >>AP's, is there a way to find this? These were set up before my time at
    >>the school. Our school is in an extremely out of the way location, so
    >>it really wouldn't benefit anyone to come up to our school just for free
    >>wifi, but I would like it to run correctly. Thanks for your help!
    >>
    >>Alan White wrote:
    >>
    >>>If you have no security setup you will be pounded by anyone in the area.
    >>>I suggest you set up a SSID, don't broadcast it, enable WPA if available
    >
    > on
    >
    >>>the routers (or at least WEP if no WPA).
    >>>These steps won't protect you from dedicated hackers, but it will stop
    >
    > the
    >
    >>>innocent logging on by anyone in the area.
    >>>
    >>>"Blah" <blah@blah.com> wrote in message
    >>>news:gvq3l051t87gv2pmnuj7tttgb2lcrdqc2e@4ax.com...
    >>>
    >>>
    >>>>I have no clue what I'm doing with our school's wireless network but
    >>>>since I have more knowledge than anyone else at our school as far as
    >>>>computers are concerned, I got roped into being our "tech" guy. We
    >>>>have no encryption set up, and have two Cisco Aironet 1200 series
    >>>>AP's. Our school is located in an affluent neighborhood and there are
    >>>>several wireless systems set up in people's homes. Yesterday all of a
    >>>>sudden you could watch the AP's and it looked like Christmas cause the
    >>>>green lights were just blinking like mad! I'm guessing that that
    >>>>means that our system is getting pounded. This effected our lab
    >>>>computers and they all lost their internet access and none of the
    >>>>school's wireless laptops could access the internet, although all of
    >>>>them showed in Win XP wireless monitors that they had excellent
    >>>>connections. I don't know if this is too much info, or not nearly
    >>>>enough, but if someone could ask me more questions, or give me an idea
    >>>>of what to look at, I and my school would GREATLY appreciate it!
    >>>>
    >>>>Thanks!
    >>>
    >>>
    >>>
    >
  15. Archived from groups: (More info?)

    From Coconut (aka Blah)
    I've got to agree with you Jeff. At our school we pride ourselves on
    character education and volunteering to help out is an attribute greatly
    desired and promoted. I don't want to comment on Alanb's current
    situation, but I'm sure a more positive outlook on life, as well as
    education would greatly help.

    Jeff Durham wrote:

    > That is a sad attitude. I am thankful that people in my company and
    > teachers at my children's public school do not have that kind of attitude.
    >
    > Jeff
    >
    >
    > "Alan Bernardo" <master@oforion.net> wrote in message
    > news:qJp4d.5926$He1.5182@attbi_s01...
    >
    >>"Blah" <blah@blah.com> wrote in message
    >>news:gvq3l051t87gv2pmnuj7tttgb2lcrdqc2e@4ax.com...
    >>
    >>>I have no clue what I'm doing with our school's wireless network but
    >>>since I have more knowledge than anyone else at our school as far as
    >>>computers are concerned, I got roped into being our "tech" guy.
    >>
    >>I know the feeling. Too bad you never had any Armed Forces training. I
    >>went to the Army, then school, then to teaching.
    >>
    >>In the Army I learned quite quickly-- never volunteer. As a teacher, I've
    >>stuck by this credo. The more you do, the more someone else wants you to
    >>do his or her job. It's rather disgusting.
    >>
    >>As far as a wireless set up, I'm sorry, but I can't help you. I have a
    >>wireless set up here at home and one thing you absolutely have to do is to
    >>set secure the wireless.
    >>
    >>If I were you I'd certainly be calling around to other schools and seeing
    >>what other "tech" guys (or gals) have to say.
    >>
    >>Schools work this way. Someone ropes (to quote a phrase) someone else
    >>into taking on an assignment above and beyond what it is your duty to do.
    >>Then no one wants to help or give guidance.
    >>
    >>Sorry for the partial OT but I know how you feel. I've been teaching in
    >>the Cleveland Public Schools now for nearly 20 years. I've seen this kind
    >>of thing happen over and over and over. To play it safe, I just do what
    >>I'm supposed to do, nothing more and nothing less.
    >>
    >>Good luck with your new assignment and I hope things work out well for
    >>you.
    >>
    >>Alanb
    >>
    >
    >
    >
  16. Archived from groups: (More info?)

    Noticing the lights was my first clue to the situation. Thanks for all
    your help. I've gathered enough info that I think I can take care of
    it. We are a small charter school in Idaho and the only people that
    will have access to the encryption key are the teachers. There are
    about 20 of us in all. Does the key need to be entered in each and
    every day, or just altered if I alter it on the AP? We're running Win
    XP on all the laptops. The only machines that the students are using
    are the lab computers that are hardwired to the DSL line. We have a few
    students that live in the area that are tech geeks and I wouldn't be
    surprised if they're doing the damage. As far as I can tell, with our
    situation it seems that a WEP key would be the way to go. Now it's just
    a matter of figuring out how to set it up on each of the AP's. Thanks
    for all your help!
    Chris


    Jeff Liebermann wrote:

    > On Wed, 22 Sep 2004 15:22:42 -0600, Blah <blah@blah.com> wrote:
    >
    >
    >>We have no encryption set up, and have two Cisco Aironet 1200 series
    >>AP's.
    >
    >
    > Various people have suggested enabling encryption (WEP/WPA). This is
    > a good idea but largely useless on a skool wireless system that is
    > accessed by students. The problem is that the WEP key or WPA pass
    > phrase has to be known by every user of the system. Pass that out to
    > all the students and fairly soon the whole world will know the
    > password. In short, encryption is useless for public access WLAN's.
    >
    > What you need is some kind of authorization and authentication system
    > for the network. Kerberos is one example. Such systems are resident
    > on a network server and control access to the network, not the
    > wireless access points. Random wireless users can associate with the
    > access points, but can't see anything on the network until they login
    > and authenticate.
    >
    > I'm not terribly familiar with such systems as I don't often get into
    > this part of the puzzle. I suggest you speak with other skools that
    > have similar systems and ask them what they are using to control
    > access. Methinks you'll need to look at your network security as a
    > whole, and not just the wireless part. Perhaps some readers here have
    > experience and suggestions.
    >
    > Now, back to the original problem. The light show on the wireless
    > side may be due to a worm or virus on your network or on a wireless
    > device (laptop). These tend to spray large quantities of broadcasts
    > looking for other machines to infect. Lots of ways to identify and
    > isolate the culprit, but the quickest is to uplug the ethernet cables
    > from each port on the central switch the light show magically stops.
    > It also might be one of the neighbors using the school system for
    > their personal broadband ISP. (Why subscribe to ADSL or cable modem
    > when you can just use the schools system for free?)
    >
    > Incidentally, since you volunteered for this, get used to looking at
    > the lights so that you know how "normal" should appear. The lights
    > offer quite a bit of diagnostic information that is easily visible
    > without diagnostic software. For example, if ALL the lights on a
    > switch flash in unison, that's a broadcast packet doing that. If one
    > light is continuously flashing, there's quite a bit of traffic going
    > to/from that port. Two lights flashing somewhat in unison means that
    > there's quite a bit of traffic going between those two ports. An
    > abnormal light pattern will be your first indication of a problem.
    >
    >
  17. Archived from groups: (More info?)

    "coconut" <nospambaby@despaminize.com> wrote in message
    news:10l6qi4ri397u00@corp.supernews.com...
    > Noticing the lights was my first clue to the situation. Thanks for all
    > your help. I've gathered enough info that I think I can take care of it.
    > We are a small charter school in Idaho and the only people that will have
    > access to the encryption key are the teachers. There are about 20 of us
    > in all. Does the key need to be entered in each and every day, or just
    > altered if I alter it on the AP? We're running Win XP on all the laptops.
    > The only machines that the students are using are the lab computers that
    > are hardwired to the DSL line. We have a few students that live in the
    > area that are tech geeks and I wouldn't be surprised if they're doing the
    > damage. As far as I can tell, with our situation it seems that a WEP key
    > would be the way to go. Now it's just a matter of figuring out how to set
    > it up on each of the AP's. Thanks for all your help!
    > Chris
    >
    >
    > Jeff Liebermann wrote:
    >
    >> On Wed, 22 Sep 2004 15:22:42 -0600, Blah <blah@blah.com> wrote:
    >>
    >>
    >>>We have no encryption set up, and have two Cisco Aironet 1200 series
    >>>AP's.
    >>
    >>
    >> Various people have suggested enabling encryption (WEP/WPA). This is
    >> a good idea but largely useless on a skool wireless system that is
    >> accessed by students. The problem is that the WEP key or WPA pass
    >> phrase has to be known by every user of the system. Pass that out to
    >> all the students and fairly soon the whole world will know the
    >> password. In short, encryption is useless for public access WLAN's.
    >>
    >> What you need is some kind of authorization and authentication system
    >> for the network. Kerberos is one example. Such systems are resident
    >> on a network server and control access to the network, not the
    >> wireless access points. Random wireless users can associate with the
    >> access points, but can't see anything on the network until they login
    >> and authenticate.
    >>
    >> I'm not terribly familiar with such systems as I don't often get into
    >> this part of the puzzle. I suggest you speak with other skools that
    >> have similar systems and ask them what they are using to control
    >> access. Methinks you'll need to look at your network security as a
    >> whole, and not just the wireless part. Perhaps some readers here have
    >> experience and suggestions. Now, back to the original problem. The light
    >> show on the wireless
    >> side may be due to a worm or virus on your network or on a wireless
    >> device (laptop). These tend to spray large quantities of broadcasts
    >> looking for other machines to infect. Lots of ways to identify and
    >> isolate the culprit, but the quickest is to uplug the ethernet cables
    >> from each port on the central switch the light show magically stops.
    >> It also might be one of the neighbors using the school system for
    >> their personal broadband ISP. (Why subscribe to ADSL or cable modem
    >> when you can just use the schools system for free?)
    >>
    >> Incidentally, since you volunteered for this, get used to looking at
    >> the lights so that you know how "normal" should appear. The lights
    >> offer quite a bit of diagnostic information that is easily visible
    >> without diagnostic software. For example, if ALL the lights on a
    >> switch flash in unison, that's a broadcast packet doing that. If one
    >> light is continuously flashing, there's quite a bit of traffic going
    >> to/from that port. Two lights flashing somewhat in unison means that
    >> there's quite a bit of traffic going between those two ports. An
    >> abnormal light pattern will be your first indication of a problem.
    >>

    You just have to set the WEP key once - on the AP and on each laptop. Be
    sure your AP supports WEP and not WAP - they are different. WEP is older
    and less secure. But not all equipment supports WAP. If you find your APs
    support WAP - make sure all your laptops do also before you try to use it.

    Also, in setting WEP keys, often you can enter a phrase, which is then
    translated into WEP hex keys. However, not all hardware setup software does
    the translation the same way. I have found it safer to enter the WEP key as
    hex characters directly into all devices.

    It may have been said before, but be sure to reset the administrative
    password on the APs so that only you and no one else can alter the AP
    settings.

    Also, given you have two APs and one repeater, suggest you turn off the
    repeater initially and deal with the APs. Unless the APs are far apart from
    each other, they need to be set to transmit on different channels 1-11.
    Only channels 1,6 & 11 are non overlapping channels. And channel 6 is the
    default. So to avoid colliding with a local home AP, I suggest you use
    channels 1 and 11.

    Make sure the laptop will connect to the AP 1) at a close proximity to the
    AP and 2) without any security - first - each access point - before you turn
    on WEP. Then test each laptop with WEP on - again close to the AP. You
    want to ensure that the configuration and equipment is all working before
    you start to deal with issues of distance from the AP and loss of signal.

    Good luck!

    Bob

    --
    Bob Alston

    bobalston9 AT aol DOT com


    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.767 / Virus Database: 514 - Release Date: 9/21/2004
  18. Archived from groups: (More info?)

    On Thu, 23 Sep 2004 18:28:52 -0600, coconut
    <nospambaby@despaminize.com> wrote:

    >We are a small charter school in Idaho and the only people that
    >will have access to the encryption key are the teachers. There are
    >about 20 of us in all.

    That's different from what I assumed. I guessed that you had student
    accessing the wireless network. If it's for teachers only, then
    either WEP or WPA encryption should be sufficient. No need for
    elaborate authentication schemes.

    >Does the key need to be entered in each and
    >every day, or just altered if I alter it on the AP?

    Only once. You enter it in the access point(s). When the client
    radio connects, XP will will ask for the WEP key. It can be saved so
    that it need only be entered once. However, I would recommend
    changing the WEP key at regular intervals (once per quarter or
    semester) to reduce exposure from the inevitable leaks.

    >We're running Win
    >XP on all the laptops.

    I strongly suggest installing XP SP2 on these laptops. The
    improvements to Wireless Zero Config and general useability are worth
    the one hour update ordeal. You should be sure that there are no
    viruses, worms, spyware, or trojans running on the machine before
    installing SP2.

    >The only machines that the students are using
    >are the lab computers that are hardwired to the DSL line.

    Well, I think it's hardwired to the switch or router that eventually
    ends up on the DSL line.

    >We have a few
    >students that live in the area that are tech geeks and I wouldn't be
    >surprised if they're doing the damage.

    Careful. I've found that staying on good terms with the local hackers
    is a good idea. They can be very helpful, as well as very
    destructive. In my experience, massive amounts of traffic are
    machines that have been hijacked by a trojan horse for the purpose of
    initiating a DDOS (distributed denial of service) attack. Usually
    such machines are owned by clueless users that have never bothered to
    stay up to date with the latest Microsoft security band-aid of the
    week.

    >As far as I can tell, with our
    >situation it seems that a WEP key would be the way to go. Now it's just
    >a matter of figuring out how to set it up on each of the AP's.

    No problem. Cisco 1200 access points are fairly straight forward.
    Enable WEP 128 bit encryption. Inscribe a suitably cryptic password.
    Save. Maybe reboot.

    Cisco 1200 security setup:
    http://www.cisco.com/en/US/products/hw/wireless/ps430/products_configuration_guide_chapter09186a008010f63d.html
    See the section on "Setting up WEP".

    You may also wanna enable MAC address authentication. This will limit
    access to only those radios who's MAC address is inscribed in the
    access point(s). It's not a great security method, but will slow down
    thehackers somewhat. See "Setting up MAC based authentication".

    Oh yeah... be sure to set the configuration password for the Cisco
    1200 access points to something fairly secure.

    Good luck.

    --
    Jeff Liebermann jeffl@comix.santa-cruz.ca.us
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 AE6KS 831-336-2558
  19. Archived from groups: (More info?)

    I don't have experience with a repeater. I would though get each of my
    access points working first. Then, I would tackle the repeater. As for the
    repeater, is it possible to use another access point instead? To do that,
    you would need to have a wired connection available to the access point. Be
    sure to use non-overlapping channels for your access points. Channels 1, 6,
    or 11 are good choices. If you are only using two access points, you can
    use channels that are essentially 5 channels apart -- 1 and 6, 2 and 7, 3
    and 8, etc.

    Jeff


    "coconut" <nospambaby@despaminize.com> wrote in message
    news:10l6q06afl36faa@corp.supernews.com...
    > Found the IP address of both of them, but not sure how to handle the WEP.
    > Is there documentation somewhere online on the 1200 series on how to do
    > this? I'm sure I can muddle my way through, but it's helpful to have a
    > wireless network that actually works, so want to make sure. Also, we have
    > 3 AP's, two are directly connected to the router and one is a repeater.
    > Is there a certain order I should go in while setting these up, or does it
    > matter? Thanks!
    >
    > Walker wrote:
    >> It seems that you have to contact Cisco since the default settings had
    >> been changed, such as the default IP address and SSID. Or you have
    >> to find the people who sold AP to your school. It is easy to be done if
    >> you get the AP's IP address. But you have to inform the laptop/wireless
    >> users that your wireless network has been encrypted and the WEP key
    >> or PSK as well.
    >>
    >> "coconut" <nospambaby@despaminize.com> wrote in message
    >> news:10l41s9dushs57d@corp.supernews.com...
    >>
    >>>How is this set up? Via the router, or do I actually go to the IP of
    >>>the AP's much like a router? How about if I don't know the IP of the
    >>>AP's, is there a way to find this? These were set up before my time at
    >>>the school. Our school is in an extremely out of the way location, so
    >>>it really wouldn't benefit anyone to come up to our school just for free
    >>>wifi, but I would like it to run correctly. Thanks for your help!
    >>>
    >>>Alan White wrote:
    >>>
    >>>>If you have no security setup you will be pounded by anyone in the area.
    >>>>I suggest you set up a SSID, don't broadcast it, enable WPA if available
    >>
    >> on
    >>
    >>>>the routers (or at least WEP if no WPA).
    >>>>These steps won't protect you from dedicated hackers, but it will stop
    >>
    >> the
    >>
    >>>>innocent logging on by anyone in the area.
    >>>>
    >>>>"Blah" <blah@blah.com> wrote in message
    >>>>news:gvq3l051t87gv2pmnuj7tttgb2lcrdqc2e@4ax.com...
    >>>>
    >>>>
    >>>>>I have no clue what I'm doing with our school's wireless network but
    >>>>>since I have more knowledge than anyone else at our school as far as
    >>>>>computers are concerned, I got roped into being our "tech" guy. We
    >>>>>have no encryption set up, and have two Cisco Aironet 1200 series
    >>>>>AP's. Our school is located in an affluent neighborhood and there are
    >>>>>several wireless systems set up in people's homes. Yesterday all of a
    >>>>>sudden you could watch the AP's and it looked like Christmas cause the
    >>>>>green lights were just blinking like mad! I'm guessing that that
    >>>>>means that our system is getting pounded. This effected our lab
    >>>>>computers and they all lost their internet access and none of the
    >>>>>school's wireless laptops could access the internet, although all of
    >>>>>them showed in Win XP wireless monitors that they had excellent
    >>>>>connections. I don't know if this is too much info, or not nearly
    >>>>>enough, but if someone could ask me more questions, or give me an idea
    >>>>>of what to look at, I and my school would GREATLY appreciate it!
    >>>>>
    >>>>>Thanks!
    >>>>
    >>>>
    >>>>
    >>
  20. Archived from groups: (More info?)

    On Thu, 23 Sep 2004 11:09:22 -0500, "Bob Alston"
    <bobalston9NOSPAM@aol.com> wrote:


    >Very nice little utility!

    Rather over priced for a utility that only tells you someone is
    accessing your system and that is it.

    You can block access for the same cost.
  21. Archived from groups: (More info?)

    "Brian S. Jones" <brian-s-jonesatcomcast.net> wrote in message
    news:4f98l0h7u5dogqlf0iio64pd5o4qpjdigl@4ax.com...
    > On Thu, 23 Sep 2004 11:09:22 -0500, "Bob Alston"
    > <bobalston9NOSPAM@aol.com> wrote:
    >
    >
    > >Very nice little utility!
    >
    > Rather over priced for a utility that only tells you someone is
    > accessing your system and that is it.
    >
    > You can block access for the same cost.

    I downloaded the new one yesterday (Wireless Defender 1.0) and it will block
    access to a foe after you tell it that the intruder is indeed a foe. At
    least that's what it says it will do. I don't believe the previous iteration
    (Wireless Watch 2.0) had this function.
    >
  22. Archived from groups: (More info?)

    As viewed from alt.internet.wireless, Bob Schmidt wrote:

    >I downloaded the new one yesterday (Wireless Defender 1.0) and it
    >will block access to a foe after you tell it that the intruder is
    >indeed a foe. At least that's what it says it will do. I don't
    >believe the previous iteration (Wireless Watch 2.0) had this
    >function.

    I tried it yesterday and it didn't block access to a marked Foe at
    all. But maybe that feature is only available on the paid version
    and not on the 30-day trial version?

    --
    Jafo
  23. Archived from groups: (More info?)

    "Bob Schmidt" <Smitty@telecom.SPAMNET> wrote:
    >I downloaded the new one yesterday (Wireless Defender 1.0) and it will block
    >access to a foe after you tell it that the intruder is indeed a foe. At
    >least that's what it says it will do. I don't believe the previous iteration
    >(Wireless Watch 2.0) had this function.

    How does it do that? My impression was that it's a LAN scanner that
    just tells you who is there... [I've got it, but haven't installed it
    yet, and given the price point, I'm not sure I'll bother...]
  24. Archived from groups: (More info?)

    We have our router that the 2 ap's are hooked up to and then another
    cable runs to our server. Can Wireless Watch see any activity through
    the AP's even if it's running on the server? Or do the AP's need to be
    run through the server in order for it to watch activity?

    William P.N. Smith wrote:
    > "Bob Schmidt" <Smitty@telecom.SPAMNET> wrote:
    >
    >>I downloaded the new one yesterday (Wireless Defender 1.0) and it will block
    >>access to a foe after you tell it that the intruder is indeed a foe. At
    >>least that's what it says it will do. I don't believe the previous iteration
    >>(Wireless Watch 2.0) had this function.
    >
    >
    > How does it do that? My impression was that it's a LAN scanner that
    > just tells you who is there... [I've got it, but haven't installed it
    > yet, and given the price point, I'm not sure I'll bother...]
    >
  25. Archived from groups: (More info?)

    "Jafo" <a@nospam.invalid> wrote in message
    news:8gq8l05mjs9i1phf4h46d69obl7eis43hu@4ax.com...
    > As viewed from alt.internet.wireless, Bob Schmidt wrote:
    >
    > >I downloaded the new one yesterday (Wireless Defender 1.0) and it
    > >will block access to a foe after you tell it that the intruder is
    > >indeed a foe. At least that's what it says it will do. I don't
    > >believe the previous iteration (Wireless Watch 2.0) had this
    > >function.
    >
    > I tried it yesterday and it didn't block access to a marked Foe at
    > all. But maybe that feature is only available on the paid version
    > and not on the 30-day trial version?
    >
    > --
    > Jafo

    Jafo

    Make sure you have the settings right in the software. In the Security tab
    your router name and password has to be set so it can communicate and set up
    with the router, along with the "only allow friends on your network" checked
    off. I also had my sensitivity set to high. I played with it tonight and
    when I booted up my laptop and attempted router access (with no previous
    setting in WiFi Defender for its net name), I couldn't even get the laptop
    to associate with my AP. Nothing indicating a network intrusion showed up in
    WiFi Defender on my router-connected PC either.

    Next, I went into WiFi Defender on the router PC and did an Add Friend to
    Network. It saw the laptop and I went ahead, for test purposes, to ID it as
    foe and it showed it connected in red. On my laptop I had a connection to my
    router but it was only for a few seconds and I never was able to get
    internet access or WLAN access. By the next scan WiFi Defender showed the
    laptop as disconnected. It looks like, in this case, until I did the add
    friend to network scan, my laptop wouldn't even connect to the router and
    there was never any indication in WiFi Defender on the router PC that the
    laptop existed. Once I did the add friend scan and it found the laptop and I
    ID'd it as foe, like I said, it showed connected (and my laptop showed a
    brief connection even though I was unable to connect to anything) but by the
    next scan it showed as disconnected.

    As an aside to this (it gets more complicated), when that laptop booted up
    and its WiFi Defender notified me that two new PC's were on the network (my
    main router connected PC and another PCI wifi machine downstairs), I went
    ahead and classified both of them as foes. I WAS able to access the laptop
    briefly from one of those foe PC's. Not so hot. Eventually, on the laptop,
    after a couple scans, WiFi Defender killed my router access altogether and I
    lost not only the foe's access to my laptop (good) but also the laptop's
    router access (no internet or WLAN)-- not great but at least it cut off the
    attacker, eventually. And it showed both foe PC's as disconnected. Just a
    note if you have the Linksys group of router, PC and/or PCI card: After
    screwing around with everybody on the network, I re-ID'd all my guys as
    friends; but to get individual PC's reconnected to the router, I had to go
    into the WLAN monitor software on each machine, go into profile,edit and
    keep hitting next to reaffirm my settings. Once it did this, it reconnected
    to the AP(router).

    Bottom line: this isn't hardware-level WLAN defense software by any means
    but at 40 bucks I don't think it was meant to be. For the average user, it's
    probably worth the money from my limited experience with it.
  26. Archived from groups: (More info?)

    "Jeff Durham" <jdurham.outdoor.life@cinci.rr.com> wrote in message
    news:myD4d.1163$fZ.242@fe2.columbus.rr.com...
    > That is a sad attitude. I am thankful that people in my company and
    > teachers at my children's public school do not have that kind of attitude.
    >
    > Jeff
    >
    >

    It's not a sad attitude, it's reality. What happens in the schools--
    administratively-- is embarrassing. I still teach and am committed to doing
    so. My students learn and I enjoy myself. But if you're pretending that
    there is no slacking or brown-nosing going on in the schools, then-- as is
    the case with you-- you've never been in the schools.

    It just amuses me to no end how most times someone who has never taught
    before can suddenly be so smug and objectionable. If there's a problem, it
    needs addressed: it would be sad if it weren't addressed.

    Can you imagine what it's like in the Detroit Public Schools, or LA, or NYC?
    Here we have students who need help the most but they get it the least--
    always the dregs, the stuff about to be thrown out by the more affluent
    districts.

    So please, don't pretend as if you have any idea of what might be happening
    in some of the poorer districts across America. And don't pretend as if you
    really care, or label me as having a bad attitude.

    I teach and my students learn and I know the value of a sound education.
    But the odds some districts are up against, because of utter incompetence
    and borderline malfeasance, is something you'll probably never know or care
    about.

    Alanb
  27. Archived from groups: (More info?)

    That's fine, and somewhat true, but I think what he's saying is your
    lack of volunteering and helping out in ways that you can, and share
    your knowledge can better situations. I'm not naive, and I have been in
    many different school districts, many financial situations for the
    parents. I've seen parents and kids that live in a trailer house in the
    middle of a desert without anything over their head but a blue tarp
    tattered with holes. Screw administration, you can volunteer in some
    way and better your school instead of carrying a chip on your shoulder
    every where you go. My volunteering with this wireless network has
    nothing to do with brown nosing, working my way up the ladder, or any
    other alterior motive, just simply helping my school out because I love
    it and know that I can share my limited knowledge to help things run a
    bit smoother.
    Alan Bernardo wrote:
    > "Jeff Durham" <jdurham.outdoor.life@cinci.rr.com> wrote in message
    > news:myD4d.1163$fZ.242@fe2.columbus.rr.com...
    >
    >>That is a sad attitude. I am thankful that people in my company and
    >>teachers at my children's public school do not have that kind of attitude.
    >>
    >>Jeff
    >>
    >>
    >
    >
    > It's not a sad attitude, it's reality. What happens in the schools--
    > administratively-- is embarrassing. I still teach and am committed to doing
    > so. My students learn and I enjoy myself. But if you're pretending that
    > there is no slacking or brown-nosing going on in the schools, then-- as is
    > the case with you-- you've never been in the schools.
    >
    > It just amuses me to no end how most times someone who has never taught
    > before can suddenly be so smug and objectionable. If there's a problem, it
    > needs addressed: it would be sad if it weren't addressed.
    >
    > Can you imagine what it's like in the Detroit Public Schools, or LA, or NYC?
    > Here we have students who need help the most but they get it the least--
    > always the dregs, the stuff about to be thrown out by the more affluent
    > districts.
    >
    > So please, don't pretend as if you have any idea of what might be happening
    > in some of the poorer districts across America. And don't pretend as if you
    > really care, or label me as having a bad attitude.
    >
    > I teach and my students learn and I know the value of a sound education.
    > But the odds some districts are up against, because of utter incompetence
    > and borderline malfeasance, is something you'll probably never know or care
    > about.
    >
    > Alanb
    >
    >
    >
  28. Archived from groups: (More info?)

    'Blah',

    Just as a reassurance: happily blinking lights on the APs do *not* mean your
    network computers are infected with a virus, it simply shows that the
    network is being used.

    To check if this is being done by unauthorised machines, monitor the traffic
    using a 'sniffer' (Ethereal is a good one). Ideally you would have a list
    with the MAC addresses of all your equipment to compare against, but
    switching everything off (perhaps including other APs!) may also work for
    you

    > Now, back to the original problem. The light show on the wireless
    > side may be due to a worm or virus on your network or on a wireless
    > device (laptop). These tend to spray large quantities of broadcasts
    > looking for other machines to infect. Lots of ways to identify and
    > isolate the culprit, but the quickest is to uplug the ethernet cables
    > from each port on the central switch the light show magically stops.
    > It also might be one of the neighbors using the school system for
    > their personal broadband ISP. (Why subscribe to ADSL or cable modem
    > when you can just use the schools system for free?)
    >
    > Incidentally, since you volunteered for this, get used to looking at
    > the lights so that you know how "normal" should appear. The lights
    > offer quite a bit of diagnostic information that is easily visible
    > without diagnostic software. For example, if ALL the lights on a
    > switch flash in unison, that's a broadcast packet doing that. If one
    > light is continuously flashing, there's quite a bit of traffic going
    > to/from that port. Two lights flashing somewhat in unison means that
    > there's quite a bit of traffic going between those two ports. An
    > abnormal light pattern will be your first indication of a problem.
  29. Archived from groups: (More info?)

    On Sun, 26 Sep 2004 22:22:50 +0200, "Jeroen van Bemmel"
    <someone@somewhere.com> wrote:

    >'Blah',

    Really?

    >Just as a reassurance: happily blinking lights on the APs do *not* mean your
    >network computers are infected with a virus, it simply shows that the
    >network is being used.

    True. However, continuously blinking lights, that never stop, and
    "abnormal" activity levels, are a good indication that something is
    wrong. Unfortunately, intermittent abnormal activity can be
    deceiving. Whenever MS issues a band-aid or automagic update, I get
    calls from my customers wondering what's wrong with their LAN. They
    set their PC's to download updates and casually inform the user that
    an update is waiting to get installed. Unfortunately, when 50
    machines get turned on in the morning, and all wanna update at exactly
    the same time, abnormal activity would be a good description. Anyway,
    paranoia is the way of life for the system administrator. I consider
    it a good thing.

    >To check if this is being done by unauthorised machines, monitor the traffic
    >using a 'sniffer' (Ethereal is a good one). Ideally you would have a list
    >with the MAC addresses of all your equipment to compare against, but
    >switching everything off (perhaps including other APs!) may also work for
    >you

    Bleh(tm).

    Sniffers are good for identifying the culprit and nature of the
    problem. They're almost useless for detecting the problem. For that,
    I use an SNMP based traffic monitor such as MRTG or RRDTool.
    http://www.mrtg.org
    http://www.rrdtool.org
    These will give a history of what constitutes normal traffic patterns.
    If something suddenly changes, it will be obvious on the aggregate
    traffic graphs. After something is determined to be screwed up, then
    you can use a sniffer to determine the nature of the beast. However,
    I only have one customer qualified to interpret the results of a
    capture session and prefer something that can be orchestrated over the
    phone. I have them pull the ethernet plugs on the central switch
    until the excessive traffic (i.e. excessively flashing lights) goes
    away. The culprit can usually be found at the other end of the cable.

    The Cisco 1200 supports SNMP and can therefore be monitored with these
    tools. Lots of examples on the web:
    http://openfire.coloradocollege.edu/mrtg/how.html
    The catch is that the skool will need to dedicate a machine to data
    collection and network management. This is not impossible, but at the
    level of activity, is probably not cost justifiable.


    --
    Jeff Liebermann jeffl@comix.santa-cruz.ca.us
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 AE6KS 831-336-2558
  30. Archived from groups: (More info?)

    Chris,

    From what you're saying here and before I gather that someone was heavily
    using the WLAN, causing the other users of the DSL line (including the fixed
    stations) to loose their Internet connection (perhaps not totally lost but
    terribly slow?)

    Since you have such a small set of laptops, I would suggets to use MAC
    address filtering on the APs. It is not fool proof, but it will keep out
    casual unauthorised users. See the Cisco manual on how to set it up, you
    simply need to enter the MAC addresses of valid school laptops into each AP.
    This can be combined with WEP

    Depending on the capabilities of the router you're using towards the DSL
    line, perhaps you can somehow limit the bandwidth being used by all wireless
    users together? This would avoid the situation where all the stations loose
    their connection because some wireless person is stealing all resources.

    Some questions:
    - Could it be that one of the teachers installed a bandwidth-intensive
    application on his/her laptop? (e.g. p2p file sharing client...)
    - Do you use private IP addressing to protect the school's computers from
    being addressed from the Internet?

    "coconut" <nospambaby@despaminize.com> wrote in message
    news:10l6qi4ri397u00@corp.supernews.com...
    > Noticing the lights was my first clue to the situation. Thanks for all
    > your help. I've gathered enough info that I think I can take care of it.
    > We are a small charter school in Idaho and the only people that will have
    > access to the encryption key are the teachers. There are about 20 of us
    > in all. Does the key need to be entered in each and every day, or just
    > altered if I alter it on the AP? We're running Win XP on all the laptops.
    > The only machines that the students are using are the lab computers that
    > are hardwired to the DSL line. We have a few students that live in the
    > area that are tech geeks and I wouldn't be surprised if they're doing the
    > damage. As far as I can tell, with our situation it seems that a WEP key
    > would be the way to go. Now it's just a matter of figuring out how to set
    > it up on each of the AP's. Thanks for all your help!
    > Chris
    >
    >
    > Jeff Liebermann wrote:
    >
    >> On Wed, 22 Sep 2004 15:22:42 -0600, Blah <blah@blah.com> wrote:
    >>
    >>
    >>>We have no encryption set up, and have two Cisco Aironet 1200 series
    >>>AP's.
    >>
    >>
    >> Various people have suggested enabling encryption (WEP/WPA). This is
    >> a good idea but largely useless on a skool wireless system that is
    >> accessed by students. The problem is that the WEP key or WPA pass
    >> phrase has to be known by every user of the system. Pass that out to
    >> all the students and fairly soon the whole world will know the
    >> password. In short, encryption is useless for public access WLAN's.
    >>
    >> What you need is some kind of authorization and authentication system
    >> for the network. Kerberos is one example. Such systems are resident
    >> on a network server and control access to the network, not the
    >> wireless access points. Random wireless users can associate with the
    >> access points, but can't see anything on the network until they login
    >> and authenticate.
    >>
    >> I'm not terribly familiar with such systems as I don't often get into
    >> this part of the puzzle. I suggest you speak with other skools that
    >> have similar systems and ask them what they are using to control
    >> access. Methinks you'll need to look at your network security as a
    >> whole, and not just the wireless part. Perhaps some readers here have
    >> experience and suggestions. Now, back to the original problem. The light
    >> show on the wireless
    >> side may be due to a worm or virus on your network or on a wireless
    >> device (laptop). These tend to spray large quantities of broadcasts
    >> looking for other machines to infect. Lots of ways to identify and
    >> isolate the culprit, but the quickest is to uplug the ethernet cables
    >> from each port on the central switch the light show magically stops.
    >> It also might be one of the neighbors using the school system for
    >> their personal broadband ISP. (Why subscribe to ADSL or cable modem
    >> when you can just use the schools system for free?)
    >>
    >> Incidentally, since you volunteered for this, get used to looking at
    >> the lights so that you know how "normal" should appear. The lights
    >> offer quite a bit of diagnostic information that is easily visible
    >> without diagnostic software. For example, if ALL the lights on a
    >> switch flash in unison, that's a broadcast packet doing that. If one
    >> light is continuously flashing, there's quite a bit of traffic going
    >> to/from that port. Two lights flashing somewhat in unison means that
    >> there's quite a bit of traffic going between those two ports. An
    >> abnormal light pattern will be your first indication of a problem.
    >>
  31. Archived from groups: (More info?)

    The WEP seemed to do the trick on Friday. Everyone had access, and our
    statewide testing that requires internet access wasn't hurt. I think
    I'm going to add in the MAC filtering as well, just for extra measures.
    The only thing that I can think of that may be causing it is we have
    many teachers out of the 25 that are employed there that have no clue
    what the hell they're doing with the machines. I'm going thru and
    running ad aware and spybot on all just to make sure they haven't gotten
    something installed that they don't want. I'm going to configure
    wireless watch tomorrow to see whose IP is causing the hassle.
    Hopefully that will work as well. Thanks for everyone's help!

    Jeroen van Bemmel wrote:

    > Chris,
    >
    > From what you're saying here and before I gather that someone was heavily
    > using the WLAN, causing the other users of the DSL line (including the fixed
    > stations) to loose their Internet connection (perhaps not totally lost but
    > terribly slow?)
    >
    > Since you have such a small set of laptops, I would suggets to use MAC
    > address filtering on the APs. It is not fool proof, but it will keep out
    > casual unauthorised users. See the Cisco manual on how to set it up, you
    > simply need to enter the MAC addresses of valid school laptops into each AP.
    > This can be combined with WEP
    >
    > Depending on the capabilities of the router you're using towards the DSL
    > line, perhaps you can somehow limit the bandwidth being used by all wireless
    > users together? This would avoid the situation where all the stations loose
    > their connection because some wireless person is stealing all resources.
    >
    > Some questions:
    > - Could it be that one of the teachers installed a bandwidth-intensive
    > application on his/her laptop? (e.g. p2p file sharing client...)
    > - Do you use private IP addressing to protect the school's computers from
    > being addressed from the Internet?
    >
    > "coconut" <nospambaby@despaminize.com> wrote in message
    > news:10l6qi4ri397u00@corp.supernews.com...
    >
    >>Noticing the lights was my first clue to the situation. Thanks for all
    >>your help. I've gathered enough info that I think I can take care of it.
    >>We are a small charter school in Idaho and the only people that will have
    >>access to the encryption key are the teachers. There are about 20 of us
    >>in all. Does the key need to be entered in each and every day, or just
    >>altered if I alter it on the AP? We're running Win XP on all the laptops.
    >>The only machines that the students are using are the lab computers that
    >>are hardwired to the DSL line. We have a few students that live in the
    >>area that are tech geeks and I wouldn't be surprised if they're doing the
    >>damage. As far as I can tell, with our situation it seems that a WEP key
    >>would be the way to go. Now it's just a matter of figuring out how to set
    >>it up on each of the AP's. Thanks for all your help!
    >>Chris
    >>
    >>
    >>Jeff Liebermann wrote:
    >>
    >>
    >>>On Wed, 22 Sep 2004 15:22:42 -0600, Blah <blah@blah.com> wrote:
    >>>
    >>>
    >>>
    >>>>We have no encryption set up, and have two Cisco Aironet 1200 series
    >>>>AP's.
    >>>
    >>>
    >>>Various people have suggested enabling encryption (WEP/WPA). This is
    >>>a good idea but largely useless on a skool wireless system that is
    >>>accessed by students. The problem is that the WEP key or WPA pass
    >>>phrase has to be known by every user of the system. Pass that out to
    >>>all the students and fairly soon the whole world will know the
    >>>password. In short, encryption is useless for public access WLAN's.
    >>>
    >>>What you need is some kind of authorization and authentication system
    >>>for the network. Kerberos is one example. Such systems are resident
    >>>on a network server and control access to the network, not the
    >>>wireless access points. Random wireless users can associate with the
    >>>access points, but can't see anything on the network until they login
    >>>and authenticate.
    >>>
    >>>I'm not terribly familiar with such systems as I don't often get into
    >>>this part of the puzzle. I suggest you speak with other skools that
    >>>have similar systems and ask them what they are using to control
    >>>access. Methinks you'll need to look at your network security as a
    >>>whole, and not just the wireless part. Perhaps some readers here have
    >>>experience and suggestions. Now, back to the original problem. The light
    >>>show on the wireless
    >>>side may be due to a worm or virus on your network or on a wireless
    >>>device (laptop). These tend to spray large quantities of broadcasts
    >>>looking for other machines to infect. Lots of ways to identify and
    >>>isolate the culprit, but the quickest is to uplug the ethernet cables
    >>>from each port on the central switch the light show magically stops.
    >>>It also might be one of the neighbors using the school system for
    >>>their personal broadband ISP. (Why subscribe to ADSL or cable modem
    >>>when you can just use the schools system for free?)
    >>>
    >>>Incidentally, since you volunteered for this, get used to looking at
    >>>the lights so that you know how "normal" should appear. The lights
    >>>offer quite a bit of diagnostic information that is easily visible
    >>>without diagnostic software. For example, if ALL the lights on a
    >>>switch flash in unison, that's a broadcast packet doing that. If one
    >>>light is continuously flashing, there's quite a bit of traffic going
    >>>to/from that port. Two lights flashing somewhat in unison means that
    >>>there's quite a bit of traffic going between those two ports. An
    >>>abnormal light pattern will be your first indication of a problem.
    >>>
    >
    >
Ask a new question

Read More

Configuration Wireless Wireless Network Wireless Networking Product