Hello,
I have been volunteering time as the "computer/network guy" at a local political campaign office, in an area know for bare-fisted, dirty-tricks politics. About 2/3's of their computers use wifi to connect to their network, and I set them up with WPA-PSK because the had two Win2k systems. I changed the SSID from the default, but kept broadcasting the SSID because I had trouble with some systems not being able to connect, even after doing a manual configuration and typing in the correct SSID.
The network worked well for a couple months. Then suddenly, just yesterday, all wifi users reported that they could connect for a couple seconds, but then they'd loose their wifi connection and IP address. Their network connection might come up after a minute or two, but then it would go down again as soon they tried to use it (to connect to an important web portal they were using). The LAN-wired users had no problems at all. I troubleshooted the router (the Linksys WRT54G, forget the version number, but it is a newer one with the Cisco logo), including resetting it and recreating all of the settings, but we had the same problem. I ran to a store and bought a new Netgear router (I forget the model number), set it up the same way (same SSID and WPA-PSK key), and had the same exact problem. I changed the SSID and things worked OK for about about 20 minutes, and then the problems returned. After spending a couple hours on the problem, I finally got things to work again using 128-bit WEP and another SSID, which I made sure was never broadcast, even temporarily.
So, is it possible the someone is intentionally broadcasting a wifi signal that disrupts our network? Is there any way that I can prove that this is happening? Does this exploit somehow work on WPA-PSK and not WEP (or did the perp go home for the night about the time I made that change)? Thanks for any and all advice!
Christopher Chalfant MCSE: Security, MCDBA