Cheapest client AP / Bridge (?) with WPA?

Hi All,

I have been running a couple of Netgear ME102's for a while with good results, one as a straight AP and the other as a 'Wireless Client' (single PC hanging off 20m of Cat5 cable).

I would like now like to use WPA and to do that thought I would relocate the Belkin WiFi cable router to the site of the existing Netger AP (making the Belkin only AP) and replacing the remote ME102 with .... ???

So, it want's to be (in order) cheap, have an ethernet interface (no USB thanks) and operable in whatever mode (Wireless client or bridge?) would have the best effect for the least impact on other nets etc (and there are a few).

The ability to take an external (directional) aerial would be a bonus?

I have a friend who can get Edimax and Netgear equipment for me a 'trade' prices so do either do what I need please?

I think from my basic investigations a full blown WiFi cable router is the same price as many of these alternative products (seems a shame / overkill to set a router to 'Bridge mode') but if that's what I have to do at least it could be used as a router if circumstances change later? ;-(

All the best and thanks for your time ...

T i m (London)

I would suggest the Asus WL-300g, has lots of features and a thriving user community. Available on Ebay for monkey food.

Thanks for that ... though from what I can see only supports WEP?

All the best ..

T i m

Be sure to use a long (at least 20 characters) strong (not common words) key. Otherwise WPA can be even more of a security issue than WEP.

Thanks for that ... though from what I can see only supports WEP?

All the best ..

A customised WRT54G firmware provides WPA and QoS.

Ah, thanks ;-)

So it still looks like I'm going to have to get a router rather than a bridge / gaming unit ?

All the best ..

T i m

Hi John,

So has this 'flaw' in WPA only recently been discovered? I ask because nearly all the previous discussions I have read 'poo poo' WEP as being 'nearly useless and just a tad better than turning off DHCP or setting a mac filter' and now it is suggested it *can* be better than WPA in some cases?

So do I just keep my 128 bit WEP link?

All the best ..

T i m

horribly repetitive posts are bad enough without the repetitive headers as well.

No.

WEP is _still_ useless - and I'd argue it's never _more_ secure than WPA. And ensuring that WPA _is_ reasonably secure is fairly simple.

Ah, thanks ;-)

So it still looks like I'm going to have to get a router rather than a bridge / gaming unit ?

All the best ..

T i m

Just to make sure there's no misunderstanding -

There's a customised WRT54G firmware for the Asus WL 300G that provides WPA and QoS. The Asus device is sold (cheap as chips) as an AP, Bridge, Repeater and Router.

I did wonder if the tinypeap application could be ported across to it and then you'd have a Radius server as well. Network would be as solid as a very solid thing.

Thanks ;-)

Ah .. and I think *that* was the confusion (to me anyway) .. I couldn't see the link between some software for a Linksys Router and the Asus AP ;-)

That might not be much of a problem as I should have access to a Radius server ;-)

Solid! ;-)

So, I get my Asus thingy from eBay for 'monkey food' and then what .. get this extra firmware from somewhere and flash the Asus box with it? (sri to be slow here ..)

All the best again ..

T i m

It was discovered about 2 years ago.

Yep. Lots of baloney on the 'net.

Much better to use WPA *as recommended*, which is much more secure than WEP.

So I have since read .. thanks ;-)

True .. and there's (probably?) as much good stuff ;-)

So, 1000 (impossible to remember) random ascii chars should do it then! I suppose unlike 'wired' clients you can't find the password on a Post-it-not the pull out pencil draw or the bottom of the keyboard!

Joking aside .. would you know if *all* Asus WL 300G's would take a copy of this 'alternative' firmware (ie are there "Rev A's" that don't etc) to allow me to use one as a remote cllent access device against my Belkin G WiFi cable router (that supports WPA-Radius) please?

If not would I have to get two Asci ?? ;-)

I'm currently using a pair of Netgear ME102's (but only with 128b WEP) ?

All the best ..

T i m

Understood ;-)

T i m

See my thread "ALERT: WPA can be less secure than WEP", and in particular:

Weakness in Passphrase Choice in WPA Interface By Glenn Fleishman By Robert Moskowitz Senior Technical Director ICSA Labs, a division of TruSecure Corp ... The offline PSK dictionary attack ... Just about any 8-character string a user may select will be in the dictionary. As the standard states, passphrases longer than 20 characters are needed to start deterring attacks. This is considerably longer than most people will be willing to use.

THIS OFFLINE ATTACK SHOULD BE EASIER TO EXECUTE THAN THE WEP ATTACKS. ... Summary ... Pre-Shared Keying is provided in the standard to simplify deployments in small, low risk, networks. The risk of using PSKs against internal attacks is almost as bad as WEP. THE RISK OF USING PASSPHRASE BASED PSKS AGAINST EXTERNAL ATTACKS IS GREATER THAN USING WEP. Thus the only value PSK has is if only truly random keys are used, or for deploy testing of basic WPA or 802.11i functions. PSK should ONLY be used if this is fully understood by the deployers.

True.

Incorrect -- see my direct response.

Only that last part is true.