What protocol is this ?

Our local ISP gives each user a gateway one point below the IP, ie if the customer's IP is 10.10.10.112 the gateway would be

10.10.10.111. Also the netmask is very limited, something like 255.255.255.253. These numbers matching, you get connected, can use any working DNS and the essid is valid. Otherwise, you get shunted on to the DHCP and get a non-working 192.168.x.x type IP, with an "unknown" essid. No encryption whatsoever. What kind of a protocol is that ? Using protocol in the sense of "configuration needed to connect" They have been in business for over 10 years.....
Reply to
Shadow
Loading thread data ...

Shadow wrote in news: snipped-for-privacy@4ax.com:

What you question is not a 'protocol', but rather, basic IP subnetting.

In your case, me thinks the subnet mask is typically 255.255.255.252 which yields two usable IP addresses.......

192.168.1.0 = Subnet ID 192.168.1.1 = Usable IP address 192.168.1.2 = Usable IP address 192.168.1.3 = Subnet broadcast IP address

IP 101.....in order for 2 devices to communicate via IP, they need to be on the same IP subnet. Otherwise, they will need to be routed through some gateway.

Ergo.....in order for an IP device to communicate with the gateway, the gateway must be on the same subnet.

So what you are seeing is an assigned IP address, and a default gateway of a very small subnet.

If you *really* care to know, then.....

formatting link

Reply to
DanS

Yep. Lookup subnet mask. It's probably 255.255.255.252 also known in CIDR talk as: /30. That give you two host IP's plus the gateway and broadcast address. You can see most of these with: ipconfig /all For a real muddle, try: netstat -r

Ummmm... hopefully, you cannot use any random SSID. However any DNS server should work. The ISP's DNS servers are usually the closest and fastest. Protocol requires that you ask the owner of the DNS server if you can beat it to death with queries.

Ummm... there's no connection between the IP address and the wireless SSID. I don't want to get into the tradition pissing match about the difference between SSID and ESSID. As far as this discussion is concerned, they're the same.

You might also want to dig through RFC1918, which defines the IP ranges of private (non-routeable) networks.

Sigh. Where is this network and when I can break in?

It's not a protocol. It's just plain olde IP subnet mask.

Well, you must be doing something right not to get diverted with technical details. Concentrating on what's important, such as seperating the customer from their money, is what kept you in biz for

10 years. However, it would be a good idea to surface ocassionally and see what improvements the industry has to offer.
Reply to
Jeff Liebermann

A remote town in the interior of Brazil. You are welcome. Just don't use MY ip. And you are right, it IS 255.255.255.25_2, I altered it a teensy bit to make it more difficult for the isp to filter this message. Didn't realize it would make a technical difference.

I'm a doctor, and a customer, bit worried about patient privacy. Not in the business at all. I will rely on ssl sites then. Our lawyers are not as primitive as the american counterparts YET. So there is little chance of a lawsuit unless something really hairy leaks.

If they have not changed in 10 years, I find that very unlikely. :( TY

Reply to
Shadow

Yep, I read it, thank you. Next netmask from 255.255.255.252 would be 255.255.255.254, which would give me exactly zero usable IP addresses, which is why they use the 252 mask. I just did not realize that a commercial wireless router could be configured to do this. I will take care with what I type, as they are probably wiresharking me right now. Newsguy (my newsgroup provider) is ssl, so I'm probably safe. []'s

Reply to
Shadow

Encryption is your main security method. I suggest you impliment WPA or WPA2 encryption. If this is a large system, consider installing a RADIUS server to avoid having everyone use the same shared encryption key. With a RADIUS server, each user gets their own unique one time encryption key.

Oh. I don't think I'll be appearing the immediate future. You're safe for now.

It does make a difference but is not really a security issue. There are various means of obscuring connection information, which is more of an obstacle course than a real form of security. Encryption and authentication are always the best.

I misread your comments. I thought you were operating the ISP. I don't think you have a complete picture of what the WISP is doing. Hard to tell from here.

If patient security and privacy is an issue, and the ISP does not provide any over the air encryption, SSL or a VPN will provide you with sufficient security to keep things private.

Easily solved. Want us to send our attorneys to Brazil? I'm sure you can think of something useful that can be done with them. (Hint: No country ever sued its way to greatness).

Reply to
Jeff Liebermann

I will use ssl mail servers, like Google on ports 465 and 995. The local terra and telefonica mail services are all port 25 and 110 and unencrypted . Although when the patient reads my mail he will get it plain-text, and easily sniffable, I suppose. As to VPN I have nowhere to VPN to...

We are testing new brake linings based on pure olive oil for our vehicles , and need some realistic obstacles. How much would a ton of lawyers be ? And would I have to pay the freight, or could they talk their way here ? :) []'s

Reply to
Shadow

Shadow wrote in news: snipped-for-privacy@4ax.com:

formatting link
>7f5.shtml

Well...technically, and according to whatever RFC spec's, that's correct. Although, one company I worked for made equipment that was able to use a

255.255.255.255 SNM with a single IP address, as it was part of some NAT implementation.

A commercial router like a Netgear/Linksys/DLink ?

The aformentioned company equipment worked as a router, not a bridge, like your standard commodity 802.11 gear does. It's clients were usually assigned an IP with an SNM of 255.255.255.252, so not atypical.

Reply to
DanS

I was kinda wondering why the ISP would assign a netmask of

255.255.255.252 to handle two routeable IP addresses. Then, my statin clouded brain remembered that I used to be in the WISP business and we did the same thing. It's because we needed one IP for the router and one IP to manage the wireless bridge.

A netmask of 255.255.255.255 is not that unusual. Several ISP that I deal with use it because it saves IP addresses. It specifies exactly one IP address where everything, including broadcasts and the default route, go through a single IP address.

Incidentally, if the ISP delivers a netmask of 255.255.255.252 and doesn't have any encryption, my guess(tm) is that if you set your netmaks manually to 255.255.255.0, you'll see all your neighboring machines. With a little luck, you might even see some open shares and directories. Try it (and welcome to the dark side).

Reply to
Jeff Liebermann

Is everyone having the same master key really a problem here?

With WPA-PSK (TKIP), encryption of data packets uses a session key and key mixing. See Gast, 802.11 Wireless Networks p 150 - 151.

The second editition :-)

The (other) clients, that also have the WPA master key will be able to join the wireless network, but will the also be able to decrypt client-AP traffic?

Reply to
Axel Hammerschmidt

Where is here? Brazil, USA, or elsewhere?

It's not a problem if the client does NOT know or cannot recover the WPA key (and therefore not pass it on to others). It's also not a problem if the ISP has a means of changing the WPA key remotely. My experience with WISP operation is that it's almost impossible to prevent the shared WPA key from leaking and somewhat difficult to change it remotely. I managed to prefect it with a small (10 user) system, using a 2nd central access point.

Thanks for reminding me. I need to buy the 2nd edition. $45 new. I would normally buy a used copy off Amazon, but the edition numbers are not specified.

The over the air recovery of the WPA key is NOT the problem. It's the client radio owners passing the WPA key to others. Best case is that Cain&Able or other password recovery tool extracts the hash code, instead of the actual WPA key, which can also be used. If it were easier to remote admin the CPE radios, constantly changing the key would probably be workable, but since changing the WPA key also temporarily disconnects the wireless link, such bootstrapping is notoriously unreliable.

Oh yes. Once I have the WPA key, all your bases are belong to us.

Getting the WPA key is often easier than actually capturing OTA traffic. One usually needs to capture traffic in both directions. That's not easy. Even with MAC address filtering, monitoring the traffic near the central access point also adds some data pollution. Sorting through the retransmissions is also a problem. Note that the MAC addresses in the mgmt packets are sent in the clear, while only the payloads are encrypted. I've done such outdoor OTA captures a few times, with rather disappointing results. However, it does work quite well inside a coffee shop, where I'm assured that I can hear both sides (assuming packets are not clobbered by reflections).

Reply to
Jeff Liebermann

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.