Community discussions

MikroTik App
 
crbender
just joined
Topic Author
Posts: 4
Joined: Sun Jan 30, 2005 7:21 am

Routerboard 230 with Demarc 300mw Card

Wed May 25, 2005 5:33 am

Hey guys,
I am currently using the above setup as a back-up ap because of the virtual ap capabilities. However we just started using Deliberant radios as a cpe and cannot get them to recognize Wep encryption on the mikrotik. The can see each other but will not associate. I have checked this with 5 different dbl1300's with the same result. Without Wep they talk just fine. Is there some work around that you guys know about. The deliberants use a zenwell(?) card.
Thanks in advance
Chuck
 
User avatar
Giepie
Member
Member
Posts: 432
Joined: Mon Sep 13, 2004 12:33 pm
Location: Western Cape, South Africa
Contact:

Mon May 30, 2005 2:22 am

Why are you using WEP and not MAC filtering? I tried WEP, but it does slow down the connection and sometimes causes problems. MAC filtering is nice, but you have to manuelly type in the MAC before setting up a client, unless you have a global profile which allows any MAC, but I never got it to work. MAC filtering is more than enough!

G
 
hitek146
Member Candidate
Member Candidate
Posts: 161
Joined: Sat Apr 02, 2005 11:41 am

Tue May 31, 2005 5:06 am

MAC filtering is more than enough!

G
Just so you know, it takes about 3 seconds to find out the MAC address of a given wireless device, and then another 10 seconds to use that MAC address to log into an AP that only has MAC filtering enabled. IF the AP only allows one login per MAC address, then add another two or three minutes to perform a DoS attack on the client device that you want to take the place of....

Hitek

BTW, I could never get the Deliberant 1300 CPEs to work with the RB532/CM9 combination when using WEP, either, but I only tried it for a few hours, as WEP is a lost cause anyhow..... Anyone want to buy 10 unused Delberant 1300s cheap? :)
 
User avatar
Giepie
Member
Member
Posts: 432
Joined: Mon Sep 13, 2004 12:33 pm
Location: Western Cape, South Africa
Contact:

Tue May 31, 2005 2:44 pm

Hey man! Thanks for the interesting info about MAC! I only use MAC on my backbone links, and because they are allways online, I never have any timeouts etc, and it is point to point links. Noone ever managed to get threw my MT's, I must congratulate MT on their secure software!

How much would you like to sell those AP's for? Please give in US$ if poss. What strenght are they? 250mw?

Giepie
 
iredden
newbie
Posts: 39
Joined: Thu Jan 27, 2005 8:42 am
Location: Campbellford, Ontario CANADA

Tue May 31, 2005 9:01 pm

I modified an ssh/cron that looks for duplicates. Right now it just reports as its only an IDS, but was looking at authenticating our wireless into a real radius database (not just using the access-list) and only allowing one login at a time.

There are times when I have left our access-list off for maintenance, and have never seen (in the 4+ years of running a wireless ap) unknown MAC addresses.

There was one case a few years ago where a few Amateur Radio (HAM) guys were forced to locate a non licensed HAM transmitting over the airwaves. They did eventually locate him by tracking his radio purchase at Radio Shack.
 
hitek146
Member Candidate
Member Candidate
Posts: 161
Joined: Sat Apr 02, 2005 11:41 am

Tue May 31, 2005 10:13 pm

It is rare that a person tries to break into a backhaul link, when compared to a standard local access point, but it should still be a concern, never the less. It only takes one intruder to compromise and take down your network. Once an intruder has gotten in, they know all of your network topology, and instantly become even more dangerous and unstoppable.....
How much would you like to sell those AP's for? Please give in US$ if poss. What strenght are they? 250mw?

Giepie
My mistake, these are DLB1500s that I have, with WDS and built-in NAT routing... So we are not Off Topic, please email me at clint*xtsonline.net....
 
mip
Member Candidate
Member Candidate
Posts: 122
Joined: Fri Jun 04, 2004 8:19 pm
Location: Ráckeve
Contact:

Wed Jun 01, 2005 1:23 am

MAC filtering is more than enough!

G
Just so you know, it takes about 3 seconds to find out the MAC address of a given wireless device, and then another 10 seconds to use that MAC address to log into an AP that only has MAC filtering enabled. IF the AP only allows one login per MAC address, then add another two or three minutes to perform a DoS attack on the client device that you want to take the place of....

Hitek
...:)
And it takes not so long time to brake wep. I think wep is not a good solution for an ISP system. Use mac filter and static dhcp if you do not care much aout security, or use mac filter, and pppoe if you want to do it hard. Wep is a quality and speed dropper way of security - IMHO.
https://www.youtube.com/watch?v=j7q0Y_JZMrg - the country you must visit

Who is online

Users browsing this forum: cedie, sindy and 73 guests