Re: [WISPA] Crude dictionary attack via ssh
It's a flavor of Slack Linux. Don't have Python on these boxes so am writing a bash script to do essentially the same thing as DenyHosts. Tom S. - Original Message - From: Rogelio scubac...@gmail.com To: Tom Sharples tsharp...@qorvus.com; WISPA General List wireless@wispa.org Sent: Friday, May 01, 2009 10:53 PM Subject: Re: [WISPA] Crude dictionary attack via ssh Tom Sharples wrote: Spotted this a few minutes ago on one of our back-end servers. Didn't work, but worth noting. Which OS are you running? WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] marine interference problem on 2.4 GHz
Jack Unger wrote: I respectfully suggest you hire an expert to address this problem. That's the most polite way I've been told that my idea for a solution sucks! I suppose that until I find an expert, Google is my friend. :) WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Crude dictionary attack via ssh
Tom Sharples wrote: It's a flavor of Slack Linux. Don't have Python on these boxes so am writing a bash script to do essentially the same thing as DenyHosts. You run iptables on this box? You might have some options there, as well. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Crude dictionary attack via ssh
Tom Sharples wrote: It's a flavor of Slack Linux. Don't have Python on these boxes so am writing a bash script to do essentially the same thing as DenyHosts. Here's an idea that might work too, assuming you have iptables on that box http://www.e18.physik.tu-muenchen.de/~tnagel/ipt_recent/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
[WISPA] Sector separation/isolation
We are still experimenting with aligning sector's on our towers. We are attempting to use 3 120 degree/13db/6.5 vb/7 degree downtilt, antennas to cover 360 degrees. I just inspected the towers myself, and noticed they are setup at 30 degrees/150 degrees/290 degrees (so they aren't right exactly). So the problem that caused me to inspect the tower was the signal level I can see the other AP's at. AP 30 can see AP 150 at -39 and AP 290 at -42. AP 150 can see AP 30 at -42 and AP 290 at -70. AP 290 can see AP 30 at -39 and AP 150 at -65. So I'm guessing that the reason 150/290 are much higher is because of the additional 20 degrees between them. These AP's are on channels 1/6/11, I'm wondering if I should worry about seeing the other AP's with such a hot signal, and if so what are some good ways to isolate them better. Regards Michael Baird WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] FTP Problems
On all routers, just the border, or something else? Mike Hammett wrote: I think I had to disable the helper to get it to work. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com -- From: Scott Reed scottr...@onlyinternet.net Sent: Friday, May 01, 2009 4:08 PM To: WISPA General List wireless@wispa.org Subject: Re: [WISPA] FTP Problems 1 NAT at our border. Yes, all routers have FTP Service Port enabled. Josh Luthman wrote: How many layers of nat? Do you have the service ports enabled in the firewalls? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 When you have eliminated the impossible, that which remains, however improbable, must be the truth. --- Sir Arthur Conan Doyle On Fri, May 1, 2009 at 3:28 PM, Scott Reed scottr...@onlyinternet.netwrote: I had a customer call this morning. He is trying to FTP a 30Meg file to an off-network site. It will do between 3 and 99% and then quit. He is using FileZilla His PC is directly connected to the CPE, an MT411. All routers between the CPE and the Internet are MT. What could be causing this? I know of another network having the same problem. -- Scott Reed Sr. Systems Engineer GAB Midwest 1-800-363-1544 x4000 Cell: 260-273-7239 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.287 / Virus Database: 270.12.12/2090 - Release Date: 05/01/09 06:17:00 -- Scott Reed Sr. Systems Engineer GAB Midwest 1-800-363-1544 x4000 Cell: 260-273-7239 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.287 / Virus Database: 270.12.12/2090 - Release Date: 05/01/09 06:17:00 -- Scott Reed Sr. Systems Engineer GAB Midwest 1-800-363-1544 x4000 Cell: 260-273-7239 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Sector separation/isolation
Use 10mhz channels instead of 20mhz. Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Michael Baird Sent: Saturday, May 02, 2009 6:54 AM To: WISPA General List Subject: [WISPA] Sector separation/isolation We are still experimenting with aligning sector's on our towers. We are attempting to use 3 120 degree/13db/6.5 vb/7 degree downtilt, antennas to cover 360 degrees. I just inspected the towers myself, and noticed they are setup at 30 degrees/150 degrees/290 degrees (so they aren't right exactly). So the problem that caused me to inspect the tower was the signal level I can see the other AP's at. AP 30 can see AP 150 at -39 and AP 290 at -42. AP 150 can see AP 30 at -42 and AP 290 at -70. AP 290 can see AP 30 at -39 and AP 150 at -65. So I'm guessing that the reason 150/290 are much higher is because of the additional 20 degrees between them. These AP's are on channels 1/6/11, I'm wondering if I should worry about seeing the other AP's with such a hot signal, and if so what are some good ways to isolate them better. Regards Michael Baird WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] marine interference problem on 2.4 GHz
If the docks have AC power all along them, have you considered using BPL of some sort? I have many docks in my area asking about internet service, and many times 2.4 ghz across water is a fun experience. I know some companies such as Tendnet make a wireless 2.4 AP that derives it's Internet source through BPL. I have such a unit setting on my shelf for testing, but have not tried yet. Scott -- Original Message -- From: Rogelio scubac...@gmail.com Reply-To: scubac...@gmail.com, WISPA General List wireless@wispa.org Date: Fri, 01 May 2009 16:45:18 -0700 I've got an interesting interference problem in a marine area, and I was hoping to get some feedback on it. Every week or so, something evil on 2.4 GHz comes through and drastically raises the noise floor for about a day (an analysis showed me like -50 dBm), thus knocking off everyone in the boat dock area who is using that AP. I was thinking about the following type of solution and wanted to get some feedback: --on each dock (9 total), have two dual radios --mesh them on an available 5.8 GHz channel (this band is not currently a problem) --put in a 2.4 GHz panel antenna on each end (maybe a 19 dBi one that gives, say, a 30 degree X 30 degree beam coverage). 7 dBm + 19 dBi = 36 dBm EIRP for ISM band in U.S. --have panels on each radio pointing in towards the middle dock area (boats in the middle would have redundant coverage. Boats on the far edge would likely only be covered by the distant AP) --cover each dock with two channels, so if one channel is down, another one is an option (or possibly the same channel on a different polarization) --possibly use band filters (assuming I know which band is the problem child) Any help would be greatly appreciated. I'm quite new to figuring out RF problems like this. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ --- [This E-mail scanned for viruses by Declude Virus] Wireless High Speed Broadband service from Info-Ed, Inc. as low as $30.00/mth. Check out www.info-ed.com/wireless.html for information. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] FTP Problems
The NAT router. The helpers don't have any affect otherwise. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com -- From: Scott Reed scottr...@onlyinternet.net Sent: Saturday, May 02, 2009 6:22 AM To: WISPA General List wireless@wispa.org Subject: Re: [WISPA] FTP Problems On all routers, just the border, or something else? Mike Hammett wrote: I think I had to disable the helper to get it to work. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com -- From: Scott Reed scottr...@onlyinternet.net Sent: Friday, May 01, 2009 4:08 PM To: WISPA General List wireless@wispa.org Subject: Re: [WISPA] FTP Problems 1 NAT at our border. Yes, all routers have FTP Service Port enabled. Josh Luthman wrote: How many layers of nat? Do you have the service ports enabled in the firewalls? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 When you have eliminated the impossible, that which remains, however improbable, must be the truth. --- Sir Arthur Conan Doyle On Fri, May 1, 2009 at 3:28 PM, Scott Reed scottr...@onlyinternet.netwrote: I had a customer call this morning. He is trying to FTP a 30Meg file to an off-network site. It will do between 3 and 99% and then quit. He is using FileZilla His PC is directly connected to the CPE, an MT411. All routers between the CPE and the Internet are MT. What could be causing this? I know of another network having the same problem. -- Scott Reed Sr. Systems Engineer GAB Midwest 1-800-363-1544 x4000 Cell: 260-273-7239 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.287 / Virus Database: 270.12.12/2090 - Release Date: 05/01/09 06:17:00 -- Scott Reed Sr. Systems Engineer GAB Midwest 1-800-363-1544 x4000 Cell: 260-273-7239 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.287 / Virus Database: 270.12.12/2090 - Release Date: 05/01/09 06:17:00 -- Scott Reed Sr. Systems Engineer GAB Midwest 1-800-363-1544 x4000 Cell: 260-273-7239 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] FTP Problems
If you know what iptables is realize that /ip firewall = iptables Masquerade rules, filters, chains, etc is all the work of a beautiful OSS, iptables. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 When you have eliminated the impossible, that which remains, however improbable, must be the truth. --- Sir Arthur Conan Doyle On Sat, May 2, 2009 at 10:29 AM, Mike Hammett wispawirel...@ics-il.netwrote: The NAT router. The helpers don't have any affect otherwise. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com -- From: Scott Reed scottr...@onlyinternet.net Sent: Saturday, May 02, 2009 6:22 AM To: WISPA General List wireless@wispa.org Subject: Re: [WISPA] FTP Problems On all routers, just the border, or something else? Mike Hammett wrote: I think I had to disable the helper to get it to work. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com -- From: Scott Reed scottr...@onlyinternet.net Sent: Friday, May 01, 2009 4:08 PM To: WISPA General List wireless@wispa.org Subject: Re: [WISPA] FTP Problems 1 NAT at our border. Yes, all routers have FTP Service Port enabled. Josh Luthman wrote: How many layers of nat? Do you have the service ports enabled in the firewalls? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 When you have eliminated the impossible, that which remains, however improbable, must be the truth. --- Sir Arthur Conan Doyle On Fri, May 1, 2009 at 3:28 PM, Scott Reed scottr...@onlyinternet.netwrote: I had a customer call this morning. He is trying to FTP a 30Meg file to an off-network site. It will do between 3 and 99% and then quit. He is using FileZilla His PC is directly connected to the CPE, an MT411. All routers between the CPE and the Internet are MT. What could be causing this? I know of another network having the same problem. -- Scott Reed Sr. Systems Engineer GAB Midwest 1-800-363-1544 x4000 Cell: 260-273-7239 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.287 / Virus Database: 270.12.12/2090 - Release Date: 05/01/09 06:17:00 -- Scott Reed Sr. Systems Engineer GAB Midwest 1-800-363-1544 x4000 Cell: 260-273-7239 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.287 / Virus Database: 270.12.12/2090 - Release Date: 05/01/09 06:17:00 -- Scott Reed Sr. Systems Engineer GAB Midwest 1-800-363-1544 x4000 Cell: 260-273-7239 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives:
Re: [WISPA] Sector separation/isolation
I can try that, can you tell me why that would make a difference though with the AP's seeing each other at such signal levels? Will changing to 10mhz channel width's cause the AP's to see each other at a lower RSSI? Regards Michael Baird Use 10mhz channels instead of 20mhz. Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Michael Baird Sent: Saturday, May 02, 2009 6:54 AM To: WISPA General List Subject: [WISPA] Sector separation/isolation We are still experimenting with aligning sector's on our towers. We are attempting to use 3 120 degree/13db/6.5 vb/7 degree downtilt, antennas to cover 360 degrees. I just inspected the towers myself, and noticed they are setup at 30 degrees/150 degrees/290 degrees (so they aren't right exactly). So the problem that caused me to inspect the tower was the signal level I can see the other AP's at. AP 30 can see AP 150 at -39 and AP 290 at -42. AP 150 can see AP 30 at -42 and AP 290 at -70. AP 290 can see AP 30 at -39 and AP 150 at -65. So I'm guessing that the reason 150/290 are much higher is because of the additional 20 degrees between them. These AP's are on channels 1/6/11, I'm wondering if I should worry about seeing the other AP's with such a hot signal, and if so what are some good ways to isolate them better. Regards Michael Baird WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Sector separation/isolation
Right now channel 1 uses channel 1, 2 and 3. Channel 6 uses 4-8. When you go to 10MHz channels 1 will use 1 and 2. 6 will use 5, 6 and 7. Therefore, you are no longer on adjacent channels, there is a gap of channels 3 and 4 between. Also, you will cut down on the amount of other noise you hear because you listen to only half as much spectrum. And, you will have more effective power so noise may be less of a problem. I am sure there are some RF savvy folks out there that can explain it better. Michael Baird wrote: I can try that, can you tell me why that would make a difference though with the AP's seeing each other at such signal levels? Will changing to 10mhz channel width's cause the AP's to see each other at a lower RSSI? Regards Michael Baird Use 10mhz channels instead of 20mhz. Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Michael Baird Sent: Saturday, May 02, 2009 6:54 AM To: WISPA General List Subject: [WISPA] Sector separation/isolation We are still experimenting with aligning sector's on our towers. We are attempting to use 3 120 degree/13db/6.5 vb/7 degree downtilt, antennas to cover 360 degrees. I just inspected the towers myself, and noticed they are setup at 30 degrees/150 degrees/290 degrees (so they aren't right exactly). So the problem that caused me to inspect the tower was the signal level I can see the other AP's at. AP 30 can see AP 150 at -39 and AP 290 at -42. AP 150 can see AP 30 at -42 and AP 290 at -70. AP 290 can see AP 30 at -39 and AP 150 at -65. So I'm guessing that the reason 150/290 are much higher is because of the additional 20 degrees between them. These AP's are on channels 1/6/11, I'm wondering if I should worry about seeing the other AP's with such a hot signal, and if so what are some good ways to isolate them better. Regards Michael Baird WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.323 / Virus Database: 270.12.13/2091 - Release Date: 05/01/09 17:52:00 -- Scott Reed Sr. Systems Engineer GAB Midwest 1-800-363-1544 x4000 Cell: 260-273-7239 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Sector separation/isolation
Keep in mind that this is not necessary true depending what chip set the card is using. For example the SR2 cards will always listen to 20Mhz even if they only transmit on 10MHz or even 5MHz. While for example a XR2 set in 10MHz mode will only listen to 10MHz. /Eje CTO WISP-Router, Inc. Sent via BlackBerry from T-Mobile -Original Message- From: Scott Reed scottr...@onlyinternet.net Date: Sat, 02 May 2009 11:40:31 To: WISPA General Listwireless@wispa.org Subject: Re: [WISPA] Sector separation/isolation Right now channel 1 uses channel 1, 2 and 3. Channel 6 uses 4-8. When you go to 10MHz channels 1 will use 1 and 2. 6 will use 5, 6 and 7. Therefore, you are no longer on adjacent channels, there is a gap of channels 3 and 4 between. Also, you will cut down on the amount of other noise you hear because you listen to only half as much spectrum. And, you will have more effective power so noise may be less of a problem. I am sure there are some RF savvy folks out there that can explain it better. Michael Baird wrote: I can try that, can you tell me why that would make a difference though with the AP's seeing each other at such signal levels? Will changing to 10mhz channel width's cause the AP's to see each other at a lower RSSI? Regards Michael Baird Use 10mhz channels instead of 20mhz. Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Michael Baird Sent: Saturday, May 02, 2009 6:54 AM To: WISPA General List Subject: [WISPA] Sector separation/isolation We are still experimenting with aligning sector's on our towers. We are attempting to use 3 120 degree/13db/6.5 vb/7 degree downtilt, antennas to cover 360 degrees. I just inspected the towers myself, and noticed they are setup at 30 degrees/150 degrees/290 degrees (so they aren't right exactly). So the problem that caused me to inspect the tower was the signal level I can see the other AP's at. AP 30 can see AP 150 at -39 and AP 290 at -42. AP 150 can see AP 30 at -42 and AP 290 at -70. AP 290 can see AP 30 at -39 and AP 150 at -65. So I'm guessing that the reason 150/290 are much higher is because of the additional 20 degrees between them. These AP's are on channels 1/6/11, I'm wondering if I should worry about seeing the other AP's with such a hot signal, and if so what are some good ways to isolate them better. Regards Michael Baird WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.323 / Virus Database: 270.12.13/2091 - Release Date: 05/01/09 17:52:00 -- Scott Reed Sr. Systems Engineer GAB Midwest 1-800-363-1544 x4000 Cell: 260-273-7239 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Sector separation/isolation
How do you make this determination? What about an R52, or R5H? What about integrated units like NS2, NS2L? Jayson On Sat, May 2, 2009 at 10:00 AM, e...@wisp-router.com wrote: Keep in mind that this is not necessary true depending what chip set the card is using. For example the SR2 cards will always listen to 20Mhz even if they only transmit on 10MHz or even 5MHz. While for example a XR2 set in 10MHz mode will only listen to 10MHz. /Eje CTO WISP-Router, Inc. Sent via BlackBerry from T-Mobile -Original Message- From: Scott Reed scottr...@onlyinternet.net Date: Sat, 02 May 2009 11:40:31 To: WISPA General Listwireless@wispa.org Subject: Re: [WISPA] Sector separation/isolation Right now channel 1 uses channel 1, 2 and 3. Channel 6 uses 4-8. When you go to 10MHz channels 1 will use 1 and 2. 6 will use 5, 6 and 7. Therefore, you are no longer on adjacent channels, there is a gap of channels 3 and 4 between. Also, you will cut down on the amount of other noise you hear because you listen to only half as much spectrum. And, you will have more effective power so noise may be less of a problem. I am sure there are some RF savvy folks out there that can explain it better. Michael Baird wrote: I can try that, can you tell me why that would make a difference though with the AP's seeing each other at such signal levels? Will changing to 10mhz channel width's cause the AP's to see each other at a lower RSSI? Regards Michael Baird Use 10mhz channels instead of 20mhz. Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Michael Baird Sent: Saturday, May 02, 2009 6:54 AM To: WISPA General List Subject: [WISPA] Sector separation/isolation We are still experimenting with aligning sector's on our towers. We are attempting to use 3 120 degree/13db/6.5 vb/7 degree downtilt, antennas to cover 360 degrees. I just inspected the towers myself, and noticed they are setup at 30 degrees/150 degrees/290 degrees (so they aren't right exactly). So the problem that caused me to inspect the tower was the signal level I can see the other AP's at. AP 30 can see AP 150 at -39 and AP 290 at -42. AP 150 can see AP 30 at -42 and AP 290 at -70. AP 290 can see AP 30 at -39 and AP 150 at -65. So I'm guessing that the reason 150/290 are much higher is because of the additional 20 degrees between them. These AP's are on channels 1/6/11, I'm wondering if I should worry about seeing the other AP's with such a hot signal, and if so what are some good ways to isolate them better. Regards Michael Baird WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.323 / Virus Database: 270.12.13/2091 - Release Date: 05/01/09 17:52:00 -- Scott Reed Sr. Systems Engineer GAB Midwest 1-800-363-1544 x4000 Cell: 260-273-7239 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List:
Re: [WISPA] Free Radius Servers
3-dB Networks wrote: Anyone have any recommendations for a free Radius server? Specifically interested in credit card processing for a hotspot application. Which OS? Is this a pay for internet access thing? e.g. People are authenticated after they pay for access? WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Free Radius Servers
Right... OS agnostic (i.e. whatever will work the best, but I'd assume Linux since I'm looking for free) Daniel White 3-dB Networks http://www.3dbnetworks.com -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Rogelio Sent: Saturday, May 02, 2009 11:05 AM To: WISPA General List Subject: Re: [WISPA] Free Radius Servers 3-dB Networks wrote: Anyone have any recommendations for a free Radius server? Specifically interested in credit card processing for a hotspot application. Which OS? Is this a pay for internet access thing? e.g. People are authenticated after they pay for access? WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Sector separation/isolation
If you can, use vertical as well as horizontal separation. Just a few feet can make a huge difference. Tom S. - Original Message - From: Michael Baird m...@tc3net.com To: WISPA General List wireless@wispa.org Sent: Saturday, May 02, 2009 3:53 AM Subject: [WISPA] Sector separation/isolation We are still experimenting with aligning sector's on our towers. We are attempting to use 3 120 degree/13db/6.5 vb/7 degree downtilt, antennas to cover 360 degrees. I just inspected the towers myself, and noticed they are setup at 30 degrees/150 degrees/290 degrees (so they aren't right exactly). So the problem that caused me to inspect the tower was the signal level I can see the other AP's at. AP 30 can see AP 150 at -39 and AP 290 at -42. AP 150 can see AP 30 at -42 and AP 290 at -70. AP 290 can see AP 30 at -39 and AP 150 at -65. So I'm guessing that the reason 150/290 are much higher is because of the additional 20 degrees between them. These AP's are on channels 1/6/11, I'm wondering if I should worry about seeing the other AP's with such a hot signal, and if so what are some good ways to isolate them better. Regards Michael Baird WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Crude dictionary attack via ssh
On Fri, 2009-05-01 at 18:36 -0700, Tom Sharples wrote: This works too :-) iptables -A INPUT -s 213.165.154.53/24 -j DROP It does for sure. The only problem is that this one host is not the only one to be concerned about. If you have a router at the border of the network that has the capability of watching the network for this type of behaviour and responding to it, then I'd suggest adding that function there. The denyhosts script that Josh suggested works, but it is a reactive script. In other words, it watches the log file and does what you suggest automatically. At least that's what I saw the first time I looked at it. A better approach is the one that Eje suggested. His suggestion uses a router (probably Mikrotik in his case) that watches for this behaviour and drops all traffic from this host automatically. You can do this with Mikrotik, ImageStream or any other OS that includes iptables and the recent module. It's not even that hard to do. -- * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/* Network Engineering * * http://www.wispa.org/ * WISPA Board Member * * http://blog.butchevans.com/ * Wired or Wireless Networks * WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Crude dictionary attack via ssh
There's another linux program out there called BFD that does the same thing: parses logs and creates IPTABLES rules, but it doesn't use python. Google it and see if it will work for your application. Also, this might go without saying, but I'd recommend against applying any router-based rules to customer subnets. That approach is ripe for unintended consequences, and can create a troubleshooting nightmare for your customers. -- Patrick Shoemaker President, Vector Data Systems LLC shoemak...@vectordatasystems.com office: (301) 358-1690 x36 http://www.vectordatasystems.com Tom Sharples wrote: I'm writing a reactive bash script this weekend to take care of the problem. Can't load python on these embedded servers, or I'd just use the denyhosts script Josh and George suggested. The idea of generating a common database of offending IPs to propagate to all our servers is a good one too, that will be in Version 2 :-) Thanks, Tom S. - Original Message - From: Butch Evans but...@butchevans.com To: Tom Sharples tsharp...@qorvus.com; WISPA General List wireless@wispa.org Sent: Saturday, May 02, 2009 12:18 PM Subject: Re: [WISPA] Crude dictionary attack via ssh On Fri, 2009-05-01 at 18:36 -0700, Tom Sharples wrote: This works too :-) iptables -A INPUT -s 213.165.154.53/24 -j DROP It does for sure. The only problem is that this one host is not the only one to be concerned about. If you have a router at the border of the network that has the capability of watching the network for this type of behaviour and responding to it, then I'd suggest adding that function there. The denyhosts script that Josh suggested works, but it is a reactive script. In other words, it watches the log file and does what you suggest automatically. At least that's what I saw the first time I looked at it. A better approach is the one that Eje suggested. His suggestion uses a router (probably Mikrotik in his case) that watches for this behaviour and drops all traffic from this host automatically. You can do this with Mikrotik, ImageStream or any other OS that includes iptables and the recent module. It's not even that hard to do. -- * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/* Network Engineering * * http://www.wispa.org/ * WISPA Board Member * * http://blog.butchevans.com/ * Wired or Wireless Networks * WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Crude dictionary attack via ssh
On Sat, 2009-05-02 at 17:51 -0400, Patrick Shoemaker wrote: There's another linux program out there called BFD that does the same thing: parses logs and creates IPTABLES rules, but it doesn't use python. Google it and see if it will work for your application. Again, this is a good approach, but is (for my taste) a little to reactive. The approach that Eje was speaking of is more proactive. It is the same approach that I take when providing firewall applications to my own customers. It goes a little like this: Create a firewall for the router itself that will explicitly permit all of the traffic you wish to allow to connect via ftp or ssh. How you accomplish this is up to you. Watch for connections by ssh/ftp/other that are NOT valid. Grab the source address of those offending ssh attacks. In the firewall that protects your network, deny all traffic from those that were detected as attempting to connect to your firewall router. Watch for NEW ssh connections and set some reasonable limit for how often a specific IP may attempt a new ssh connection. You have to pick the right number here in order to prevent false positives. It's all about finding an appropriate rate of new connection attempts. If an IP trips the above set of rules, then deny them further traffic into the network. It's really not that complicated. It's not easy maybe, but not complicated. You simply have to have a router with some decent firewall capability (iptables based). Also, this might go without saying, but I'd recommend against applying any router-based rules to customer subnets. That approach is ripe for unintended consequences, and can create a troubleshooting nightmare for your customers. I disagree. Done right, you don't have unintended consequences. And even if you do, it's rather easy to take care of those as they come up. -- * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/* Network Engineering * * http://www.wispa.org/ * WISPA Board Member * * http://blog.butchevans.com/ * Wired or Wireless Networks * WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/