RE: [fw-wiz] Radio Ethernet Modem Experiences

From: Kelly, Chris W. (ckelly_at_hsutx.edu)
Date: 07/21/04

  • Next message: Devdas Bhagat: "Re: [fw-wiz] iso 17799" 
    To: <firewall-wizards@honor.icsalabs.com>
Date: Tue, 20 Jul 2004 17:14:16 -0500

    What he said. Although, don't completely expect a pair of nice expensive
    parabolic high gain dishs to completely give you secure and reliable
    communications. We had a link of about 5000' for a year and a half. It
    worked well for about 12 months, then slowly went to hell. We never did
    specifically ID a cause and replaced the link with a deicated T1 circuit
    and routers. Web/email was always good, Microsoft network applications
    so-so.

    Some of the problem was that one dish was three stories up and the far
    end was about 15' off the ground. The high dish spread a signal over
    about a city block wide where it hit the ground and about 3000' long.
    It was a low rent neighborhood, so I never found any freeloaders in
    there. But you didn't need to be a very motivated attacker to ride our
    waves.

    The signal also passed over our football stadium, which created some
    really special echos and reflections. Did you know that a chain link
    fence will really kill the heck out of an 802.11b signal? Also, real
    netspeed of .b can be as low as 750K after all the overhead BS is delt
    with. Typically it's in the 2-6mbps range. But that's ideal.

    In the last 6 months the link was up, we continually had interference
    problems. To the point where they could not maintain an windows network
    share. Web/email still worked because it's asynchronous. The AP's
    stored packets and dumped when they got back together. Fine for http.
    Not worth a !@#$ when you're trying to access your home directory.

    Also some of it was likely the Aironet 340 AP's we had at the time (they
    suck - not even WEP). The 1200's I have access to now are the cat's
    meow, but I haven't tried one with a dish. But I DO have one of the
    dishes in my office...anyway.

    802.11g is just an extension of .b and subject to the same interference
    problems. And b/g equipment is starting to pop up everywhere. Get a
    laptop, a Dell TrueMobile 1150 card and download a copy of Netstumbler.
    Go for a drive around your town and marvel at all the free internet
    service available.

    Suggestions:

    Put the dishes waaaaay up and about even with each other if possible.
    Do NOT use 802.11b - use 802.11a if possible. There is almost nothing
    on that band that will interfere.
    Use lightning protection and weather seal all connections on the coax
    Keep the coax as short as possible. To the point of glueing the AP to
    the underside of the roof next to the hole.

    > -----Original Message-----
    > From: firewall-wizards-admin@honor.icsalabs.com
    > [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf
    > Of franco segna
    > Sent: Tuesday, July 20, 2004 2:25 AM
    > To: firewall-wizards@honor.icsalabs.com
    > Cc: Bruce Platt
    > Subject: Re: [fw-wiz] Radio Ethernet Modem Experiences
    >
    > For the RF implications and design basics you may take a look at
    > http://sandbox.bellanet.org/~onno/the-guide/wifi/
    > and for some practical considerations at
    > http://www.solwise.co.uk/los.htm
    > but for a solid design you will need an RF engineer
    > (endangered species).
    >
    > From the security point of view, consider the following:
    > 1. design only single point-to-point encrypted links (you
    > don't need dynamic authentication, and the buildings can
    > safely be defined as static) 2. use only highly-directive
    > antennas (as allowed from local
    > regulations) to greatly reduce the possibility of detection,
    > decoding, attacking or jamming (you will need anyway
    > high-gain antennas to reach consistently - 99.0% availability
    > - several thousand feet on 802.11b or 11g). High directivity
    > means very narrow radiation/receiving patterns; any motivated
    > attacker would be forced to use a similar antenna, from a
    > location comprised in the narrow radiation lobe, and pointed
    > with great precision toward one of the link ends.
    >
    > Regards
    > Franco
    >
    >
    > Bruce Platt wrote:
    > > This is slightly off-topic.
    > >
    > > I'm looking for some information on experiences which you
    > may have with
    > > Radio Ethernet repeaters. I need to connect several small
    > LANS in separate
    > > buildings which are several thousand feet apart and the
    > cost of installing
    > > fiber is too great.
    > >
    > > Data rates will be modest across the entire LAN, so I think
    > I can fit in the
    > > bandwidth limitations of some of the 908 Mhz Spread
    > Spectrum devices, or
    > > even the 2.4 Ghz 802.11b devices (wep!).
    > >
    > > Using these as bridges seems like a decent way of
    > accomplishing what I need.
    > >
    > > Have any of you used these before? I can think of some of
    > the gotchas,
    > > like:
    > >
    > > 1. Oops, another building is in the way, one more unit needed,
    > > 2. Signal degradation due to weather,
    > > 3. Co-ax length from external antenna to device,
    > > 4. Potential security concerns on WEP units, though the
    > data is not greatly
    > > sensitive,
    > > ...
    > >
    > > However, I can also see some war-driving type risks which I
    > am not competent
    > > to evaluate, though no dhcp servers will run, and all available LAN
    > > addresses will be already occupied.
    > >
    > > Since one doesn't know what one doesn't know, I am happy to
    > learn from what
    > > you have to offer.
    > >
    > > Thanks and regards,
    > >
    > > Bruce
    > > _______________________________________________
    > > firewall-wizards mailing list
    > > firewall-wizards@honor.icsalabs.com
    > > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    > >
    >
    > --
    >
    > Franco Segna - fsegna@web.de
    > Key fingerprint = 704C 3070 70A0 680A 760D 025E D849 02AB 2309 87A3
    >
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    >
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Devdas Bhagat: "Re: [fw-wiz] iso 17799"