WRT54GS, Mac filtering and my T43?

[alpuzz]

I recently enabled Mac filtering on my Linksys WRT54GS. Several times since then, I've noticed that my T43 2668-75U has been unable to establish a connection with my router, and Access Connections wanders off and attaches to my neighbor's network instead. Trying to connect to my profile manually doesn't work either. The only way I can reconnect to my own network is if I briefly unplug and then plug the router back into AC power. Normally, this sort of behavior would lead me to conclude that the problem lies with the router itself; However, the weird thing is that I have other wireless clients that are able to connect just fine while my T43 is unable to do so. When the T43 gets into this state, I've tried rebooting, toggling off the wireless radio, selecting the desired profile by hand. All to no avail. The only thing I haven't done is disable Access Connections altogether. I never noticed this until I enabled Mac filtering, so I'm wondering if that has something to do with it?

any ideas would be appreciated,

Thanks,

--Al

[jdhurst]

The only thing I can suggest base on (mildly negative) experiences with that router belonging to clients of mine is to make sure that firmware is up-to-date. That has fixed problems for me. Access Connections and your ThinkPad don't know about MAC filtering, so they should not be the culprit. I am assuming you didn't muck about with spoofing your own MAC on the ThinkPad. In terms of wireless security (as you see you can connect to your neighbour), you should be using WPA security. WEP has been crackable for some time now. ... JD Hurst

[kaiser]

Hidden SSID and MAC-Filtering is useless.
With every Packet transmitted over the Air is tagged with the SSID and MAC of the target WLAN-Card. So it can be captured with a WLAN-Sniffer.

Result:
Disable Hidden SSID and MAC-Filter. Your Problems are gone and there is no loss of real security.

[jdhurst]

Most people who would use someone else's wireless lan are not likely equipped with WLAN sniffers - they are just looking for free signals. So while you point is correct, it is useful to keep these things turned off and apluzz should continue to see if they can get the router working. As you noted, I already suggested WPA for reasons of security, but keeping out neighbours (who are by and large unware of sniffing methods) is also usefull. ... JD Hurst

[kaiser]

so if the WLAN is encrypted with WPA, there is no point to hide SSID or do MAC-Filtering since its useless _and_ problematic for the user. OK, everyone else can see your Network, but he can't establish a connection until he guesses or cracks the WPA-Passphrase. But for me this would not be to consider as a problem since they can't make anything than looking at the Network name. (presupposed you haven't configured your WPA with a weak Key/Password)

My meaning was, if i had such problems, i would try turning of this unneeded things and see if it works again. These two "Features" are often mentionened in consense with WLAN-Problems (not only for the Cards IBM uses).

Only my oppinion.

[jdhurst]

Kaiser, you are exactly correct. I have never depended on SSID hiding or MAC filtering as my only defense. I started directly with WPA on my Netopia router and like that.

But if a person is just starting and is leery of, unwilling to, unable to jump into WEP / WPA security, then I think it is worthwhile to hide the SSID and filter MAC's. I know all about the (very small number of) persons with WAN sniffers, but truly, around this great metroplis of mine, the problem with wireless is totally unsecured wireless, and people with no particular skills including small time criminals and (worse) pedophiles who find these unsecured networks and use them for bad purposes.

Hiding SSID and filtering MAC is only a starting point. It is just like locking your car in a parking lot. Anybody can quickly steal a car if that is what they want to do. Locking it prevents the next level down of casual joyriding.

But EVERYONE with wireless NEEDS to get to WPA. NOW, IMMEDIATELY if not sooner.

... JD Hurst

[alpuzz]

The main reason WPA isn't an option for me right now is because I have an older tivo running the Airnet hack, which basically gives you the ability to control the tivo and use Tivoweb, which is a pretty cool application; However, If there is a way to get the Tivo to support WPA with its old Orinoco gold classic card, I'm not aware of it. I understand that Mac filtering isn't exactly the most secure solution out there, but discussing the merits of Mac filtering over other security measures really wasn't the point of this thread. If anyone has had similar experiences to mine when employing Mac filtering, I would be interested in hearing about them. If it matters, I'm running the last build of the Sveasoft Alchemy firmware on the router.

--Al

[Ground Loop]

As a counter-example, I tried SSID hiding and MAC filtering on a WRT54G running the Talisman firmware, and it works fine here. Maybe there's more to it than that.

Also, my Access Connections doesn't accidentally wander onto the neighbors (three!) wide-open networks, so see if you can find out why it's doing that. If my router can't be reached under my @Home profile, then it stays disconnected as it should.

I wouldn't actually use rediculous SSID hiding or MAC filtering, for exactly the reasons Kaiser explained -- it's an extra hassle for me, and a big fat ZERO in added security.

I know JDHurst disagrees, and I'm certainly not trying to reconfigure his network. I just wish more people knew that it doesn't actually stop any nefarious users at all.

If you're bored, try hiding your SSID, and then run Intel's "FIND WLAN" button on the WiFi control. Neat, huh? Now.. was that an advanced "hacker" scanning tool?

Another option for you and your Tivo might be something similar to mine -- run your WiFi as an untrusted "outside" network. Give it no outgoing access to the Internet via DSL or Cable, and no access to your inside (trusted) network, of course. Bridge the two only by VPN of IPSec or stronger. Now you can run without WEP or WPA, SSID unhidden, with any MAC. Depending on how sensitive your Tivo is, that might be acceptable.

Access to your internal network and outside net connection would be through VPN only.

[GomJabbar]

Also, my Access Connections doesn't accidentally wander onto the neighbors (three!) wide-open networks, so see if you can find out why it's doing that. If my router can't be reached under my @Home profile, then it stays disconnected as it should.

Open IBM Access Connections. On the top menu bar you will see a menu choice: 'Location Switching'. Click on that, choose 'Switch Ethernet and Wireless Location Profiles Automatically...', uncheck box to 'Switch Wireless Location Profiles Automatically'. This should prevent Access Connections from wandering to a neighbor's network.

EDIT: To clarify, this is for alpuzz. I know Ground Loop is not experiencing this problem.