T42 and WPA

Message

dodik · #1 Post by **dodik** » Sat Nov 06, 2004 11:48 am

Does anyone have ever configured wpa pre-shared key on his T42 with the intel pro wireless 2200 BG ?

I tried so, but I can authentificate my wlan on my router (a linksys wag54g). I use debian sid and wpa_supplicant. Here goes my config file :

Code: Select all

network={
        ssid="myssid"
        proto=WPA
        key_mgmt=WPA-PSK
        pairwise=CCMP TKIP
        group=CCMP TKIP WEP104 WEP40   psk=b6499198511b57cc32ea0feede563d308a5b9661ffd67262b7f62655a1bfa8be
        priority=2
}

#2 Post by **jdhurst** » Sat Nov 06, 2004 5:02 pm

I set up a T42 with an Intel 2200BG card in it for a client. I had trouble with WPA PSK and had to "open" my router for it to work (that is, turn on SSID broadcasting). As soon as I turned off broadcasting, the connection would drop. Newest drivers and all. It works fine for the client using WEP. I continue to dislike Intel Wireless Cards. Centrino = Hype.
... JDHurst

dodik · #3 Post by **dodik** » Sun Nov 07, 2004 5:18 am

But, basically, I do Not want to broadcast my ssid !!!

puco · #4 Post by **puco** » Sun Nov 07, 2004 8:08 am

I read that WPA is not supported on ipw2200 (v 0.12) but it's planned. Why do you want to turn broadcast ssid off. When someone is passive scanning he finds your network anyway. Or not?

#5 Post by **jdhurst** » Sun Nov 07, 2004 9:26 am

puco wrote:I read that WPA is not supported on ipw2200 (v 0.12) but it's planned. Why do you want to turn broadcast ssid off. When someone is passive scanning he finds your network anyway. Or not?

I keep my broadcast off. When someone is passive scanning, they can't see your network. I tried Netstumbler and a couple of other scanners and I could not see my network with my laptop with broadcasting turned off.

... JDHurst

level · #6 Post by **level** » Sun Nov 07, 2004 11:16 am

Kismet will identity a network with SSID turned off as a "cloaked" network. As soon as you associate with your wireless router, if Kismet is still passively monitoring, it will display your SSID.

lfeagan · #7 Post by **lfeagan** » Mon Nov 08, 2004 1:06 pm

True, Kismet can find it. Turning off SSID isn't really any security anyways if someone really is targeting you. Security through obscurity is no security at all. If you run WPA and restrict access by MAC I would think your security level should be high enough for most uses both home user and corporate unless you deal with extremely sensitive information (eg. you work for the CIA and have the name and locations of covert operatives).

Guest · #8 Post by **Guest** » Tue Nov 09, 2004 7:25 am

But, I don't think this comes from the broadcast of the ssid, just have a look to the log as follow :

Code: Select all

--- START OF LOG -----
Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group=0
eapol_version=1
Line: 5 - start of a new network block
SSID - hexdump_ascii(len=9):
     63 6c 61 72 61 2e 6c 61 6e                        clara.lan       
proto: 0x1
key_mgmt: 0x2
pairwise: 0x18
group: 0x1c
PSK (ASCII passphrase) - hexdump_ascii(len=12):
     74 68 69 73 69 73 74 68 65 6b 65 79               thisisthekey    
PSK (from passphrase) - hexdump(len=32): b6 49 91 98 51 1b 57 cc 32 ea 0f ee
de 56 3d 30 8a 5b 96 61 ff d6 72 62 b7 f6 26 55 a1 bf a8 be
Priority group 0
   id=0 ssid='clara.lan'
Setting scan request: 0 sec 100000 usec
Starting AP scan (broadcast SSID)
Scan timeout - try to get results
Received 609 bytes of scan results (2 BSSes)
Scan results: 2
Selecting BSS from priority group 0
0: 00:0f:66:58:ae:99 ssid='' wpa_ie_len=24 rsn_ie_len=0
   skip - SSID mismatch
1: 00:0f:66:58:ae:99 ssid='clara.lan' wpa_ie_len=24 rsn_ie_len=0
   selected
Trying to associate with 00:0f:66:58:ae:99 (SSID='clara.lan' freq=2462 MHz)
Cancelling scan request
WPA: using IEEE 802.11i/D3.0
WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00
00 50 f2 02 01 00 00 50 f2 02
Setting authentication timeout: 5 sec 0 usec
Authentication with 00:00:00:00:00:00 timed out.
---- END OF LOG ---

I can't managed to authentificate my wlan card on the router. I tried everything (changing psk value from ascci to hex and so so). Please help me.

avatar · #9 Post by **avatar** » Fri Feb 18, 2005 8:42 pm

If I remembered correctly, wpa_supplicant wouldn't work if the AP doesn't broadcast the SSID. The same rule applys on Linux and FreeBSD.

IMHO, since you're going to use WPA, nobody would be able to connect to your WLAN unless he/she knew the key.
Why bother turning off the SSID broadcasting? That wouldn't help on security since one can still retrieve your SSID]
by monitoring your probe request or association related frames.

marclee · #10 Post by **marclee** » Sat Feb 19, 2005 1:15 pm

I didn't see this mentioned (apologies if it was and I just overlooked it), but how are you calling wpa_supplicant ? From a /etc/init.d script?

I was having trouble with getting it to associate (using TKIP PSK) with my wireless router until I realized that I should be calling wpa_supplicant with a "-Dipw" switch.

I'm using gentoo and there is an extra config file (in addition to /etc/wpa_supplicant.conf) you need to customize at the following path... /etc/conf.d/wpa_supplicant

Hope this helps.

marc
PS - I'm using a T42 23739VA

T42 and WPA

T42 and WPA

Who is online