Re: [WISPA] Crude dictionary attack via ssh
On Sat, 2009-05-02 at 17:51 -0400, Patrick Shoemaker wrote: > There's another linux program out there called BFD that does the same > thing: parses logs and creates IPTABLES rules, but it doesn't use > python. Google it and see if it will work for your application. Again, this is a good approach, but is (for my taste) a little to reactive. The approach that Eje was speaking of is more proactive. It is the same approach that I take when providing firewall applications to my own customers. It goes a little like this: Create a firewall for the router itself that will explicitly permit all of the traffic you wish to allow to connect via ftp or ssh. How you accomplish this is up to you. Watch for connections by ssh/ftp/other that are NOT valid. Grab the source address of those offending ssh attacks. In the firewall that protects your network, deny all traffic from those that were detected as attempting to connect to your firewall router. Watch for NEW ssh connections and set some reasonable limit for how often a specific IP may attempt a new ssh connection. You have to pick the right number here in order to prevent false positives. It's all about finding an appropriate rate of new connection attempts. If an IP "trips" the above set of rules, then deny them further traffic into the network. It's really not that complicated. It's not "easy" maybe, but not complicated. You simply have to have a router with some decent firewall capability (iptables based). > Also, this might go without saying, but I'd recommend against applying > any router-based rules to customer subnets. That approach is ripe for > unintended consequences, and can create a troubleshooting nightmare for > your customers. I disagree. Done right, you don't have "unintended consequences". And even if you do, it's rather easy to take care of those as they come up. -- * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/* Network Engineering * * http://www.wispa.org/ * WISPA Board Member * * http://blog.butchevans.com/ * Wired or Wireless Networks * WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Crude dictionary attack via ssh
There's another linux program out there called BFD that does the same thing: parses logs and creates IPTABLES rules, but it doesn't use python. Google it and see if it will work for your application. Also, this might go without saying, but I'd recommend against applying any router-based rules to customer subnets. That approach is ripe for unintended consequences, and can create a troubleshooting nightmare for your customers. -- Patrick Shoemaker President, Vector Data Systems LLC shoemak...@vectordatasystems.com office: (301) 358-1690 x36 http://www.vectordatasystems.com Tom Sharples wrote: > I'm writing a reactive bash script this weekend to take care of the problem. > Can't load python on these embedded servers, or I'd just use the denyhosts > script Josh and George suggested. > The idea of generating a common database of offending IPs to propagate to > all our servers is a good one too, that will be in Version 2 :-) > > Thanks, > > Tom S. > > - Original Message - > From: "Butch Evans" > To: "Tom Sharples" ; "WISPA General List" > > Sent: Saturday, May 02, 2009 12:18 PM > Subject: Re: [WISPA] Crude dictionary attack via ssh > > > >> On Fri, 2009-05-01 at 18:36 -0700, Tom Sharples wrote: >> >>> This works too :-) >>> >>> iptables -A INPUT -s 213.165.154.53/24 -j DROP >>> >> It does for sure. The only problem is that this one host is not the >> only one to be concerned about. If you have a router at the border of >> the network that has the capability of watching the network for this >> type of behaviour and responding to it, then I'd suggest adding that >> function there. >> >> The denyhosts script that Josh suggested works, but it is a reactive >> script. In other words, it watches the log file and does what you >> suggest automatically. At least that's what I saw the first time I >> looked at it. >> >> A better approach is the one that Eje suggested. His suggestion uses a >> router (probably Mikrotik in his case) that watches for this behaviour >> and drops all traffic from this host automatically. You can do this >> with Mikrotik, ImageStream or any other OS that includes iptables and >> the "recent module". It's not even that hard to do. >> >> -- >> >> * Butch Evans * Professional Network Consultation* >> * http://www.butchevans.com/* Network Engineering * >> * http://www.wispa.org/ * WISPA Board Member * >> * http://blog.butchevans.com/ * Wired or Wireless Networks * >> >> >> >> > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Crude dictionary attack via ssh
I'm writing a reactive bash script this weekend to take care of the problem. Can't load python on these embedded servers, or I'd just use the denyhosts script Josh and George suggested. The idea of generating a common database of offending IPs to propagate to all our servers is a good one too, that will be in Version 2 :-) Thanks, Tom S. - Original Message - From: "Butch Evans" To: "Tom Sharples" ; "WISPA General List" Sent: Saturday, May 02, 2009 12:18 PM Subject: Re: [WISPA] Crude dictionary attack via ssh > On Fri, 2009-05-01 at 18:36 -0700, Tom Sharples wrote: >> This works too :-) >> >> iptables -A INPUT -s 213.165.154.53/24 -j DROP > > It does for sure. The only problem is that this one host is not the > only one to be concerned about. If you have a router at the border of > the network that has the capability of watching the network for this > type of behaviour and responding to it, then I'd suggest adding that > function there. > > The denyhosts script that Josh suggested works, but it is a reactive > script. In other words, it watches the log file and does what you > suggest automatically. At least that's what I saw the first time I > looked at it. > > A better approach is the one that Eje suggested. His suggestion uses a > router (probably Mikrotik in his case) that watches for this behaviour > and drops all traffic from this host automatically. You can do this > with Mikrotik, ImageStream or any other OS that includes iptables and > the "recent module". It's not even that hard to do. > > -- > > * Butch Evans * Professional Network Consultation* > * http://www.butchevans.com/* Network Engineering * > * http://www.wispa.org/ * WISPA Board Member * > * http://blog.butchevans.com/ * Wired or Wireless Networks * > > > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Crude dictionary attack via ssh
On Fri, 2009-05-01 at 18:36 -0700, Tom Sharples wrote: > This works too :-) > > iptables -A INPUT -s 213.165.154.53/24 -j DROP It does for sure. The only problem is that this one host is not the only one to be concerned about. If you have a router at the border of the network that has the capability of watching the network for this type of behaviour and responding to it, then I'd suggest adding that function there. The denyhosts script that Josh suggested works, but it is a reactive script. In other words, it watches the log file and does what you suggest automatically. At least that's what I saw the first time I looked at it. A better approach is the one that Eje suggested. His suggestion uses a router (probably Mikrotik in his case) that watches for this behaviour and drops all traffic from this host automatically. You can do this with Mikrotik, ImageStream or any other OS that includes iptables and the "recent module". It's not even that hard to do. -- * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/* Network Engineering * * http://www.wispa.org/ * WISPA Board Member * * http://blog.butchevans.com/ * Wired or Wireless Networks * WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Sector separation/isolation
If you can, use vertical as well as horizontal separation. Just a few feet can make a huge difference. Tom S. - Original Message - From: "Michael Baird" To: "WISPA General List" Sent: Saturday, May 02, 2009 3:53 AM Subject: [WISPA] Sector separation/isolation > We are still experimenting with aligning sector's on our towers. We are > attempting to use 3 120 degree/13db/6.5 vb/7 degree downtilt, antennas > to cover 360 degrees. I just inspected the towers myself, and noticed > they are setup at 30 degrees/150 degrees/290 degrees (so they aren't > right exactly). So the problem that caused me to inspect the tower was > the signal level I can see the other AP's at. > > AP 30 can see AP 150 at -39 and AP 290 at -42. > AP 150 can see AP 30 at -42 and AP 290 at -70. > AP 290 can see AP 30 at -39 and AP 150 at -65. > > So I'm guessing that the reason 150/290 are much higher is because of > the additional 20 degrees between them. These AP's are on channels > 1/6/11, I'm wondering if I should worry about seeing the other AP's with > such a hot signal, and if so what are some good ways to isolate them > better. > > Regards > Michael Baird > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Free Radius Servers
Right... OS agnostic (i.e. whatever will work the best, but I'd assume Linux since I'm looking for free) Daniel White 3-dB Networks http://www.3dbnetworks.com >-Original Message- >From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On >Behalf Of Rogelio >Sent: Saturday, May 02, 2009 11:05 AM >To: WISPA General List >Subject: Re: [WISPA] Free Radius Servers > >3-dB Networks wrote: >> Anyone have any recommendations for a free Radius server? >Specifically >> interested in credit card processing for a hotspot application. > >Which OS? > >Is this a pay for internet access thing? e.g. People are authenticated >after they pay for access? > > > > > >WISPA Wants You! Join today! >http://signup.wispa.org/ > > > >WISPA Wireless List: wireless@wispa.org > >Subscribe/Unsubscribe: >http://lists.wispa.org/mailman/listinfo/wireless > >Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Free Radius Servers
3-dB Networks wrote: > Anyone have any recommendations for a free Radius server? Specifically > interested in credit card processing for a hotspot application. Which OS? Is this a pay for internet access thing? e.g. People are authenticated after they pay for access? WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Sector separation/isolation
How do you make this determination? What about an R52, or R5H? What about integrated units like NS2, NS2L? Jayson On Sat, May 2, 2009 at 10:00 AM, wrote: > Keep in mind that this is not necessary true depending what chip set the > card is using. For example the SR2 cards will always listen to 20Mhz even if > they only transmit on 10MHz or even 5MHz. While for example a XR2 set in > 10MHz mode will only listen to 10MHz. > > /Eje > CTO > WISP-Router, Inc. > Sent via BlackBerry from T-Mobile > > -Original Message- > From: Scott Reed > > Date: Sat, 02 May 2009 11:40:31 > To: WISPA General List > Subject: Re: [WISPA] Sector separation/isolation > > > Right now channel 1 uses channel 1, 2 and 3. Channel 6 uses 4-8. When > you go to 10MHz channels 1 will use 1 and 2. 6 will use 5, 6 and 7. > Therefore, you are no longer on adjacent channels, there is a gap of > channels 3 and 4 between. > Also, you will cut down on the amount of other noise you hear because > you listen to only half as much spectrum. > And, you will have more effective power so noise may be less of a problem. > > I am sure there are some RF savvy folks out there that can explain it > better. > > Michael Baird wrote: > > I can try that, can you tell me why that would make a difference though > > with the AP's seeing each other at such signal levels? Will changing to > > 10mhz channel width's cause the AP's to see each other at a lower RSSI? > > > > Regards > > Michael Baird > > > >> Use 10mhz channels instead of 20mhz. > >> > >> Kurt Fankhauser > >> WAVELINC > >> P.O. Box 126 > >> Bucyrus, OH 44820 > >> 419-562-6405 > >> www.wavelinc.com > >> > >> > >> -Original Message- > >> From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On > >> Behalf Of Michael Baird > >> Sent: Saturday, May 02, 2009 6:54 AM > >> To: WISPA General List > >> Subject: [WISPA] Sector separation/isolation > >> > >> We are still experimenting with aligning sector's on our towers. We are > >> attempting to use 3 120 degree/13db/6.5 vb/7 degree downtilt, antennas > >> to cover 360 degrees. I just inspected the towers myself, and noticed > >> they are setup at 30 degrees/150 degrees/290 degrees (so they aren't > >> right exactly). So the problem that caused me to inspect the tower was > >> the signal level I can see the other AP's at. > >> > >> AP 30 can see AP 150 at -39 and AP 290 at -42. > >> AP 150 can see AP 30 at -42 and AP 290 at -70. > >> AP 290 can see AP 30 at -39 and AP 150 at -65. > >> > >> So I'm guessing that the reason 150/290 are much higher is because of > >> the additional 20 degrees between them. These AP's are on channels > >> 1/6/11, I'm wondering if I should worry about seeing the other AP's with > >> such a hot signal, and if so what are some good ways to isolate them > better. > >> > >> Regards > >> Michael Baird > >> > >> > >> > > >> > >> WISPA Wants You! Join today! > >> http://signup.wispa.org/ > >> > > >> > >> > >> WISPA Wireless List: wireless@wispa.org > >> > >> Subscribe/Unsubscribe: > >> http://lists.wispa.org/mailman/listinfo/wireless > >> > >> Archives: http://lists.wispa.org/pipermail/wireless/ > >> > >> > >> > >> > > >> WISPA Wants You! Join today! > >> http://signup.wispa.org/ > >> > > >> > >> WISPA Wireless List: wireless@wispa.org > >> > >> Subscribe/Unsubscribe: > >> http://lists.wispa.org/mailman/listinfo/wireless > >> > >> Archives: http://lists.wispa.org/pipermail/wireless/ > >> > >> > > > > > > > > > > > WISPA Wants You! Join today! > > http://signup.wispa.org/ > > > > > > > WISPA Wireless List: wireless@wispa.org > > > > Subscribe/Unsubscribe: > > http://lists.wispa.org/mailman/listinfo/wireless > > > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > > > > > No virus found in this incoming message. > > Checked by AVG - www.avg.com > > Version: 8.5.323 / Virus Database: 270.12.13/2091 - Release Date: > 05/01/09 17:52:00 > > > > > > -- > Scott Reed > Sr. Systems Engineer > GAB Midwest > 1-800-363-1544 x4000 > Cell: 260-273-7239 > > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wirele
Re: [WISPA] Sector separation/isolation
Keep in mind that this is not necessary true depending what chip set the card is using. For example the SR2 cards will always listen to 20Mhz even if they only transmit on 10MHz or even 5MHz. While for example a XR2 set in 10MHz mode will only listen to 10MHz. /Eje CTO WISP-Router, Inc. Sent via BlackBerry from T-Mobile -Original Message- From: Scott Reed Date: Sat, 02 May 2009 11:40:31 To: WISPA General List Subject: Re: [WISPA] Sector separation/isolation Right now channel 1 uses channel 1, 2 and 3. Channel 6 uses 4-8. When you go to 10MHz channels 1 will use 1 and 2. 6 will use 5, 6 and 7. Therefore, you are no longer on adjacent channels, there is a gap of channels 3 and 4 between. Also, you will cut down on the amount of other noise you hear because you listen to only half as much spectrum. And, you will have more effective power so noise may be less of a problem. I am sure there are some RF savvy folks out there that can explain it better. Michael Baird wrote: > I can try that, can you tell me why that would make a difference though > with the AP's seeing each other at such signal levels? Will changing to > 10mhz channel width's cause the AP's to see each other at a lower RSSI? > > Regards > Michael Baird > >> Use 10mhz channels instead of 20mhz. >> >> Kurt Fankhauser >> WAVELINC >> P.O. Box 126 >> Bucyrus, OH 44820 >> 419-562-6405 >> www.wavelinc.com >> >> >> -Original Message- >> From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On >> Behalf Of Michael Baird >> Sent: Saturday, May 02, 2009 6:54 AM >> To: WISPA General List >> Subject: [WISPA] Sector separation/isolation >> >> We are still experimenting with aligning sector's on our towers. We are >> attempting to use 3 120 degree/13db/6.5 vb/7 degree downtilt, antennas >> to cover 360 degrees. I just inspected the towers myself, and noticed >> they are setup at 30 degrees/150 degrees/290 degrees (so they aren't >> right exactly). So the problem that caused me to inspect the tower was >> the signal level I can see the other AP's at. >> >> AP 30 can see AP 150 at -39 and AP 290 at -42. >> AP 150 can see AP 30 at -42 and AP 290 at -70. >> AP 290 can see AP 30 at -39 and AP 150 at -65. >> >> So I'm guessing that the reason 150/290 are much higher is because of >> the additional 20 degrees between them. These AP's are on channels >> 1/6/11, I'm wondering if I should worry about seeing the other AP's with >> such a hot signal, and if so what are some good ways to isolate them better. >> >> Regards >> Michael Baird >> >> >> >> >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> >> >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > No virus found in this incoming message. > Checked by AVG - www.avg.com > Version: 8.5.323 / Virus Database: 270.12.13/2091 - Release Date: 05/01/09 > 17:52:00 > > -- Scott Reed Sr. Systems Engineer GAB Midwest 1-800-363-1544 x4000 Cell: 260-273-7239 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Sector separation/isolation
Right now channel 1 uses channel 1, 2 and 3. Channel 6 uses 4-8. When you go to 10MHz channels 1 will use 1 and 2. 6 will use 5, 6 and 7. Therefore, you are no longer on adjacent channels, there is a gap of channels 3 and 4 between. Also, you will cut down on the amount of other noise you hear because you listen to only half as much spectrum. And, you will have more effective power so noise may be less of a problem. I am sure there are some RF savvy folks out there that can explain it better. Michael Baird wrote: > I can try that, can you tell me why that would make a difference though > with the AP's seeing each other at such signal levels? Will changing to > 10mhz channel width's cause the AP's to see each other at a lower RSSI? > > Regards > Michael Baird > >> Use 10mhz channels instead of 20mhz. >> >> Kurt Fankhauser >> WAVELINC >> P.O. Box 126 >> Bucyrus, OH 44820 >> 419-562-6405 >> www.wavelinc.com >> >> >> -Original Message- >> From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On >> Behalf Of Michael Baird >> Sent: Saturday, May 02, 2009 6:54 AM >> To: WISPA General List >> Subject: [WISPA] Sector separation/isolation >> >> We are still experimenting with aligning sector's on our towers. We are >> attempting to use 3 120 degree/13db/6.5 vb/7 degree downtilt, antennas >> to cover 360 degrees. I just inspected the towers myself, and noticed >> they are setup at 30 degrees/150 degrees/290 degrees (so they aren't >> right exactly). So the problem that caused me to inspect the tower was >> the signal level I can see the other AP's at. >> >> AP 30 can see AP 150 at -39 and AP 290 at -42. >> AP 150 can see AP 30 at -42 and AP 290 at -70. >> AP 290 can see AP 30 at -39 and AP 150 at -65. >> >> So I'm guessing that the reason 150/290 are much higher is because of >> the additional 20 degrees between them. These AP's are on channels >> 1/6/11, I'm wondering if I should worry about seeing the other AP's with >> such a hot signal, and if so what are some good ways to isolate them better. >> >> Regards >> Michael Baird >> >> >> >> >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> >> >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > No virus found in this incoming message. > Checked by AVG - www.avg.com > Version: 8.5.323 / Virus Database: 270.12.13/2091 - Release Date: 05/01/09 > 17:52:00 > > -- Scott Reed Sr. Systems Engineer GAB Midwest 1-800-363-1544 x4000 Cell: 260-273-7239 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Sector separation/isolation
I can try that, can you tell me why that would make a difference though with the AP's seeing each other at such signal levels? Will changing to 10mhz channel width's cause the AP's to see each other at a lower RSSI? Regards Michael Baird > Use 10mhz channels instead of 20mhz. > > Kurt Fankhauser > WAVELINC > P.O. Box 126 > Bucyrus, OH 44820 > 419-562-6405 > www.wavelinc.com > > > -Original Message- > From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On > Behalf Of Michael Baird > Sent: Saturday, May 02, 2009 6:54 AM > To: WISPA General List > Subject: [WISPA] Sector separation/isolation > > We are still experimenting with aligning sector's on our towers. We are > attempting to use 3 120 degree/13db/6.5 vb/7 degree downtilt, antennas > to cover 360 degrees. I just inspected the towers myself, and noticed > they are setup at 30 degrees/150 degrees/290 degrees (so they aren't > right exactly). So the problem that caused me to inspect the tower was > the signal level I can see the other AP's at. > > AP 30 can see AP 150 at -39 and AP 290 at -42. > AP 150 can see AP 30 at -42 and AP 290 at -70. > AP 290 can see AP 30 at -39 and AP 150 at -65. > > So I'm guessing that the reason 150/290 are much higher is because of > the additional 20 degrees between them. These AP's are on channels > 1/6/11, I'm wondering if I should worry about seeing the other AP's with > such a hot signal, and if so what are some good ways to isolate them better. > > Regards > Michael Baird > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] FTP Problems
If you know what iptables is realize that /ip firewall = iptables Masquerade rules, filters, chains, etc is all the work of a beautiful OSS, iptables. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 "When you have eliminated the impossible, that which remains, however improbable, must be the truth." --- Sir Arthur Conan Doyle On Sat, May 2, 2009 at 10:29 AM, Mike Hammett wrote: > The NAT router. The helpers don't have any affect otherwise. > > > - > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > > > -- > From: "Scott Reed" > Sent: Saturday, May 02, 2009 6:22 AM > To: "WISPA General List" > Subject: Re: [WISPA] FTP Problems > > > On all routers, just the border, or something else? > > > > Mike Hammett wrote: > >> I think I had to disable the helper to get it to work. > >> > >> > >> - > >> Mike Hammett > >> Intelligent Computing Solutions > >> http://www.ics-il.com > >> > >> > >> > >> -- > >> From: "Scott Reed" > >> Sent: Friday, May 01, 2009 4:08 PM > >> To: "WISPA General List" > >> Subject: Re: [WISPA] FTP Problems > >> > >> > >>> 1 NAT at our border. > >>> Yes, all routers have FTP Service Port enabled. > >>> > >>> Josh Luthman wrote: > >>> > How many layers of nat? > > Do you have the service ports enabled in the firewalls? > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > "When you have eliminated the impossible, that which remains, however > improbable, must be the truth." > --- Sir Arthur Conan Doyle > > > On Fri, May 1, 2009 at 3:28 PM, Scott Reed > wrote: > > > > > I had a customer call this morning. He is trying to FTP a 30Meg file > > to > > an off-network site. It will do between 3 and 99% and then quit. > > He is using FileZilla > > His PC is directly connected to the CPE, an MT411. > > All routers between the CPE and the Internet are MT. > > What could be causing this? > > > > I know of another network having the same problem. > > > > -- > > Scott Reed > > Sr. Systems Engineer > > GAB Midwest > > 1-800-363-1544 x4000 > > Cell: 260-273-7239 > > > > > > > > > > > > > WISPA Wants You! Join today! > > http://signup.wispa.org/ > > > > > > > > > WISPA Wireless List: wireless@wispa.org > > > > Subscribe/Unsubscribe: > > http://lists.wispa.org/mailman/listinfo/wireless > > > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > No virus found in this incoming message. > Checked by AVG - www.avg.com > Version: 8.5.287 / Virus Database: 270.12.12/2090 - Release Date: > 05/01/09 06:17:00 > > > > >>> -- > >>> Scott Reed > >>> Sr. Systems Engineer > >>> GAB Midwest > >>> 1-800-363-1544 x4000 > >>> Cell: 260-273-7239 > >>> > >>> > >>> > >>> > > >>> WISPA Wants You! Join today! > >>> http://signup.wispa.org/ > >>> > > >>> > >>> WISPA Wireless List: wireless@wispa.org > >>> > >>> Subscribe/Unsubscribe: > >>> http://lists.wispa.org/mailman/listinfo/wireless > >>> > >>> Archives: http://lists.wispa.org/pipermail/wireless/ > >>> > >>> > >> > >> > >> > > >> WISPA Wants You! Join today! > >> http://signup.wispa.org/ > >> > > >> > >> WISPA Wireless List: wireless@wispa.org > >> > >> Subscribe/Unsubscribe: > >> http://lists.wispa.org/mailman/listinfo/wireless > >> > >> Archives: http://lists.wispa.org/pipermail/wireless/ > >> > >> > >> > >> > >> No virus found in this incoming message. > >> Checked by AVG - www.avg.com > >> Version: 8.5.287 / Virus Database: 270.12.12/2090 -
Re: [WISPA] FTP Problems
The NAT router. The helpers don't have any affect otherwise. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com -- From: "Scott Reed" Sent: Saturday, May 02, 2009 6:22 AM To: "WISPA General List" Subject: Re: [WISPA] FTP Problems > On all routers, just the border, or something else? > > Mike Hammett wrote: >> I think I had to disable the helper to get it to work. >> >> >> - >> Mike Hammett >> Intelligent Computing Solutions >> http://www.ics-il.com >> >> >> >> -- >> From: "Scott Reed" >> Sent: Friday, May 01, 2009 4:08 PM >> To: "WISPA General List" >> Subject: Re: [WISPA] FTP Problems >> >> >>> 1 NAT at our border. >>> Yes, all routers have FTP Service Port enabled. >>> >>> Josh Luthman wrote: >>> How many layers of nat? Do you have the service ports enabled in the firewalls? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 "When you have eliminated the impossible, that which remains, however improbable, must be the truth." --- Sir Arthur Conan Doyle On Fri, May 1, 2009 at 3:28 PM, Scott Reed wrote: > I had a customer call this morning. He is trying to FTP a 30Meg file > to > an off-network site. It will do between 3 and 99% and then quit. > He is using FileZilla > His PC is directly connected to the CPE, an MT411. > All routers between the CPE and the Internet are MT. > What could be causing this? > > I know of another network having the same problem. > > -- > Scott Reed > Sr. Systems Engineer > GAB Midwest > 1-800-363-1544 x4000 > Cell: 260-273-7239 > > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.287 / Virus Database: 270.12.12/2090 - Release Date: 05/01/09 06:17:00 >>> -- >>> Scott Reed >>> Sr. Systems Engineer >>> GAB Midwest >>> 1-800-363-1544 x4000 >>> Cell: 260-273-7239 >>> >>> >>> >>> >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> >>> >>> WISPA Wireless List: wireless@wispa.org >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >>> >>> >> >> >> >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> >> >> No virus found in this incoming message. >> Checked by AVG - www.avg.com >> Version: 8.5.287 / Virus Database: 270.12.12/2090 - Release Date: >> 05/01/09 06:17:00 >> >> > > -- > Scott Reed > Sr. Systems Engineer > GAB Midwest > 1-800-363-1544 x4000 > Cell: 260-273-7239 > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ -
Re: [WISPA] marine interference problem on 2.4 GHz
If the docks have AC power all along them, have you considered using BPL of some sort? I have many docks in my area asking about internet service, and many times 2.4 ghz across water is a fun experience. I know some companies such as Tendnet make a wireless 2.4 AP that derives it's Internet source through BPL. I have such a unit setting on my shelf for testing, but have not tried yet. Scott -- Original Message -- From: Rogelio Reply-To: scubac...@gmail.com, WISPA General List Date: Fri, 01 May 2009 16:45:18 -0700 >I've got an interesting interference problem in a marine area, and I was >hoping to get some feedback on it. > >Every week or so, something evil on 2.4 GHz comes through and >drastically raises the noise floor for about a day (an analysis showed >me like -50 dBm), thus knocking off everyone in the boat dock area who >is using that AP. > >I was thinking about the following type of solution and wanted to get >some feedback: > >--on each dock (9 total), have two dual radios >--mesh them on an available 5.8 GHz channel (this band is not currently >a problem) >--put in a 2.4 GHz panel antenna on each end (maybe a 19 dBi one that >gives, say, a 30 degree X 30 degree beam coverage). 7 dBm + 19 dBi = 36 >dBm EIRP for ISM band in U.S. >--have panels on each radio pointing in towards the middle dock area >(boats in the middle would have redundant coverage. Boats on the far >edge would likely only be covered by the distant AP) >--cover each dock with two channels, so if one channel is down, another >one is an option (or possibly the same channel on a different polarization) >--possibly use band filters (assuming I know which band is the problem >child) > >Any help would be greatly appreciated. I'm quite new to figuring out RF >problems like this. > > > >WISPA Wants You! Join today! >http://signup.wispa.org/ > > >WISPA Wireless List: wireless@wispa.org > >Subscribe/Unsubscribe: >http://lists.wispa.org/mailman/listinfo/wireless > >Archives: http://lists.wispa.org/pipermail/wireless/ >--- >[This E-mail scanned for viruses by Declude Virus] > > Wireless High Speed Broadband service from Info-Ed, Inc. as low as $30.00/mth. Check out www.info-ed.com/wireless.html for information. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Sector separation/isolation
Use 10mhz channels instead of 20mhz. Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Michael Baird Sent: Saturday, May 02, 2009 6:54 AM To: WISPA General List Subject: [WISPA] Sector separation/isolation We are still experimenting with aligning sector's on our towers. We are attempting to use 3 120 degree/13db/6.5 vb/7 degree downtilt, antennas to cover 360 degrees. I just inspected the towers myself, and noticed they are setup at 30 degrees/150 degrees/290 degrees (so they aren't right exactly). So the problem that caused me to inspect the tower was the signal level I can see the other AP's at. AP 30 can see AP 150 at -39 and AP 290 at -42. AP 150 can see AP 30 at -42 and AP 290 at -70. AP 290 can see AP 30 at -39 and AP 150 at -65. So I'm guessing that the reason 150/290 are much higher is because of the additional 20 degrees between them. These AP's are on channels 1/6/11, I'm wondering if I should worry about seeing the other AP's with such a hot signal, and if so what are some good ways to isolate them better. Regards Michael Baird WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] FTP Problems
On all routers, just the border, or something else? Mike Hammett wrote: > I think I had to disable the helper to get it to work. > > > - > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > > > -- > From: "Scott Reed" > Sent: Friday, May 01, 2009 4:08 PM > To: "WISPA General List" > Subject: Re: [WISPA] FTP Problems > > >> 1 NAT at our border. >> Yes, all routers have FTP Service Port enabled. >> >> Josh Luthman wrote: >> >>> How many layers of nat? >>> >>> Do you have the service ports enabled in the firewalls? >>> >>> Josh Luthman >>> Office: 937-552-2340 >>> Direct: 937-552-2343 >>> 1100 Wayne St >>> Suite 1337 >>> Troy, OH 45373 >>> >>> "When you have eliminated the impossible, that which remains, however >>> improbable, must be the truth." >>> --- Sir Arthur Conan Doyle >>> >>> >>> On Fri, May 1, 2009 at 3:28 PM, Scott Reed >>> wrote: >>> >>> >>> I had a customer call this morning. He is trying to FTP a 30Meg file to an off-network site. It will do between 3 and 99% and then quit. He is using FileZilla His PC is directly connected to the CPE, an MT411. All routers between the CPE and the Internet are MT. What could be causing this? I know of another network having the same problem. -- Scott Reed Sr. Systems Engineer GAB Midwest 1-800-363-1544 x4000 Cell: 260-273-7239 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ >>> >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> >>> >>> WISPA Wireless List: wireless@wispa.org >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >>> >>> >>> >>> >>> No virus found in this incoming message. >>> Checked by AVG - www.avg.com >>> Version: 8.5.287 / Virus Database: 270.12.12/2090 - Release Date: >>> 05/01/09 06:17:00 >>> >>> >>> >> -- >> Scott Reed >> Sr. Systems Engineer >> GAB Midwest >> 1-800-363-1544 x4000 >> Cell: 260-273-7239 >> >> >> >> >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > No virus found in this incoming message. > Checked by AVG - www.avg.com > Version: 8.5.287 / Virus Database: 270.12.12/2090 - Release Date: 05/01/09 > 06:17:00 > > -- Scott Reed Sr. Systems Engineer GAB Midwest 1-800-363-1544 x4000 Cell: 260-273-7239 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
[WISPA] Sector separation/isolation
We are still experimenting with aligning sector's on our towers. We are attempting to use 3 120 degree/13db/6.5 vb/7 degree downtilt, antennas to cover 360 degrees. I just inspected the towers myself, and noticed they are setup at 30 degrees/150 degrees/290 degrees (so they aren't right exactly). So the problem that caused me to inspect the tower was the signal level I can see the other AP's at. AP 30 can see AP 150 at -39 and AP 290 at -42. AP 150 can see AP 30 at -42 and AP 290 at -70. AP 290 can see AP 30 at -39 and AP 150 at -65. So I'm guessing that the reason 150/290 are much higher is because of the additional 20 degrees between them. These AP's are on channels 1/6/11, I'm wondering if I should worry about seeing the other AP's with such a hot signal, and if so what are some good ways to isolate them better. Regards Michael Baird WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/