Newbie Networking Troubleshooting.
Your-Amish-Daddy
The heart of Texas
I'm excited that the forums are actually seeing traffic, but from one person with questions, eh. Depressing
So! I'm gonna make a networking guide for people who don't know the difference from UDP and UPNP (They're clearly different.)
You just bought your first router! Yay! Woohoo! Read the manual right out of the box. I don't practice this myself because I have what I call Journeyman Nomenclature, which explained means that I can do things correctly without knowing exactly what I'm doing, but just working off of a general idea and my keen powers of observation.
After you've read the manual, Begin the physical aspect of the work by plugging things in, running your Cat5/6 or screwing in your antennas and installing wireless cards. For the sake of argument, I'm going to use my network settings (Save for my passwords) and my configuration.
After you've got all your jargle ready, turn the router on, but make sure every other computer has the network disabled, and you need to be on a computer that will ALWAYS be on the network. I call this the DMZ host, because that's exactly what I give it. The DMZ Ip. This first computer should not go down, or anything, but that's just me. It could be a laptop you take to work, I don't really give a damn. But! I'm rambling. You go into the router's config. I have the Linksys WRT54GX4 and I hate it so bad, but it works. Open up your browser of choice, and type in 192.168.1.1, then the default credentials to log in.
At the first page, 'Setup' is what you get. Basic functionality here, like your ISP config, Network structure setup and other gibble like that. If you're using a full cabled network without wireless, all you really need to do is block WAN ping, and you're done. But for the sake of the whole wireless trend, I'll go into better detail. The only wireless device I have is my PSP, so I'm gonna go over Mac Authority and securing the access point.
First off, go to the wireless tab (Remember, we're using the WRT54GX4 as a demonstration model.) and you'll see a few things. Labeled things. Maybe common sense lapses for you and you can't figure it out.
Network Mode - Sets the network structure for the wireless. I've got Disabled, MIXED, or G-Only. PSP's B, so I leave it on Mixed, which is the default setting.
Wireless Network Name / SSID - Service Set Identifier. That's the Wireless Access Point's physical name, the equivalent of the name of a computer.
Wireless Channel - Ok this is a bit of an advanced setting. Use it to prevent signal collision for other wireless devices in the area that might share the same SSID, or just the same frequency. I use channel 8 (2.447ghz) so I don't collide with the other dickheads in the area using 6.
Adaptive Channel Expansion - This little jammie increases the RF band to provide better bandwidth and strength. Basically like a turbo charger, just not for your lawn mower.
Wireless SSID Broadcast - Ok. If you disable this, only clients that are already connected, or already know it exists can connect. Real good move to stealth insecure points from roaving nerds with Dlink usb wireless devices from jacking you blind.
Right, with that crap out of the way, we move on to Wireless Security! This part's easy if you've got current devices. I use WEP because my Dlink AG520 hates WPA2. Never authenticates, lazy shit. Anyway, I'll go through some basic configuration ideas for you. But first, the terminology!
Security mode - You get a few choices here. WPA/Personal, WPA2/Enterprise WEP and NONE. Insecure access points are fine if you don't mind people searching for beastiality porn on your network since it's now PERFECTLY LEGAL TO CONNECT AND USE INSECURE ACCESS POINTS!
Association mode - No idea here. Not a clue. I think it has to do with the old GSK (Group Shared Key) from back in the day. Don't qoute me on that.
Default Transmit Key - This is the key you want to check FIRST, but you can use others. You get four choices. 1-4. Amazing.
WEP Encryption - 64-bit, or 128 bit. Higher encryption decreases speed slightly, but you really won't notice it.
Passphrase - Type letterz n' shit, yo.
Key1-4 - Where your hashed keys come out when you type your letterz n shit, yo
NOW You fill that out with data you're happy with. Mine is
Security mode - WEP
Association mode - Open
Default Transmit Key - 3
WEP Encryption - 128bit 26hexidecimal.
Passphrase Omitted.
Ok. If you're done there, it's time to do some advanced crap. Pay attention. This is what the big step is. MAC Authority. My friend and co-conspirator. I love it to death because no matter how much password or key you use, it's still vulnerable to Promiscuous mode. I'll break down how to use this in great detail.
Wireless MAC Filter - Enabled or Disabled. Disabled says any wireless device that has the right credentials can connect. Totally useless if it's not ENABLED!
MAC1-50 - Fifty mac addresses for devices to connect. Note that most wireless devices can only host 16 connections. Kinda dumb to provide 50.
To get the mac address from your wireless clients, the driver usually comes with a bit of software and the details or help tab or button will usually tell you what the MAC address is, but if you're using VISTA (Morons.) You don't get that! You have to do it the hard way. Rightclick the wireless device in Network Connections (Or whatever the hell it's called) and go to the Status thing. Usually tells you right there. If it doesn't, RUN ipconfig and look at the MAC address, often called the Physical Address. This must be typed in AS YOU SEE IT! Looks like this. 00:01:4a:57:04:b4 (My PSP's mac address). Type it in, and hit apply. Guess what.
You're done. You just made your network as secure as it gets these days. You might see an Advanced Wireless Settings tab. Don't screw with that.
Next, DMZ Client, and Static IPs.
Go to each computer that is going to be on the network. Every one and give them an IP. If you do not know how to set a static IP, drink some bleach. I'm kidding, but if you don't know I hate you, and I hope you die. Okay, I hate you, but I don't care if you die. To set an IP, go to the network connections, rightclick the device, and go to properties. You get a window filled with things that look alien. Protocols and Application services. Look for TCP/IP 4. Six isn't supported yet by ISP's but alot of devices have IP6 support. Anyway, When you highlight TCP/IP4 select Properties. You get a new box that says Obtain IP automatically. That's wrong. Select Specify an IP. If your router's IP is 192.168.1.1, your available IP's start at 192.168.1.2 BUT! If you change your router's ACCESS IP, sometimes the IP range changes to the set you provided. I change mine to 10.10.220.1 so I can use the 10 range for internal corporate networks. Harder to guess than normal 192 ranges. Technically, if you use Static IP's, you can use anything that has four sets seperated by periods. You could use 1.1.1.1 if you wanted. I recommend the 10 line, or the 192 line. Never know what's out there that might want to point in at you because you have an infringing IP.
After you've set each device up to use a specified IP, go to the router's config, and look for a setting called DHCP Server. DHCP is Dynamic Host Configuration Protocol. Assigns IP automatically. Useless to security as a cup full of mole turds is to a bird. Disable it, and let it do it's thing. If everything's right and you've got the right range specified, everything will STILL WORK when the router reboots. If it doesn't, you need to check your settings again, and make sure you're in the right range. If it does work, your network is now bulletproof. If you use a locked range, and specific IP's assigned to each mac address, They can't get in unless they know EVERYTHING and packetsniffing only tells then 80% of the data. You win.
Alright. That's done. Gimme a beer.
So! I'm gonna make a networking guide for people who don't know the difference from UDP and UPNP (They're clearly different.)
You just bought your first router! Yay! Woohoo! Read the manual right out of the box. I don't practice this myself because I have what I call Journeyman Nomenclature, which explained means that I can do things correctly without knowing exactly what I'm doing, but just working off of a general idea and my keen powers of observation.
After you've read the manual, Begin the physical aspect of the work by plugging things in, running your Cat5/6 or screwing in your antennas and installing wireless cards. For the sake of argument, I'm going to use my network settings (Save for my passwords) and my configuration.
After you've got all your jargle ready, turn the router on, but make sure every other computer has the network disabled, and you need to be on a computer that will ALWAYS be on the network. I call this the DMZ host, because that's exactly what I give it. The DMZ Ip. This first computer should not go down, or anything, but that's just me. It could be a laptop you take to work, I don't really give a damn. But! I'm rambling. You go into the router's config. I have the Linksys WRT54GX4 and I hate it so bad, but it works. Open up your browser of choice, and type in 192.168.1.1, then the default credentials to log in.
At the first page, 'Setup' is what you get. Basic functionality here, like your ISP config, Network structure setup and other gibble like that. If you're using a full cabled network without wireless, all you really need to do is block WAN ping, and you're done. But for the sake of the whole wireless trend, I'll go into better detail. The only wireless device I have is my PSP, so I'm gonna go over Mac Authority and securing the access point.
First off, go to the wireless tab (Remember, we're using the WRT54GX4 as a demonstration model.) and you'll see a few things. Labeled things. Maybe common sense lapses for you and you can't figure it out.
Network Mode - Sets the network structure for the wireless. I've got Disabled, MIXED, or G-Only. PSP's B, so I leave it on Mixed, which is the default setting.
Wireless Network Name / SSID - Service Set Identifier. That's the Wireless Access Point's physical name, the equivalent of the name of a computer.
Wireless Channel - Ok this is a bit of an advanced setting. Use it to prevent signal collision for other wireless devices in the area that might share the same SSID, or just the same frequency. I use channel 8 (2.447ghz) so I don't collide with the other dickheads in the area using 6.
Adaptive Channel Expansion - This little jammie increases the RF band to provide better bandwidth and strength. Basically like a turbo charger, just not for your lawn mower.
Wireless SSID Broadcast - Ok. If you disable this, only clients that are already connected, or already know it exists can connect. Real good move to stealth insecure points from roaving nerds with Dlink usb wireless devices from jacking you blind.
Right, with that crap out of the way, we move on to Wireless Security! This part's easy if you've got current devices. I use WEP because my Dlink AG520 hates WPA2. Never authenticates, lazy shit. Anyway, I'll go through some basic configuration ideas for you. But first, the terminology!
Security mode - You get a few choices here. WPA/Personal, WPA2/Enterprise WEP and NONE. Insecure access points are fine if you don't mind people searching for beastiality porn on your network since it's now PERFECTLY LEGAL TO CONNECT AND USE INSECURE ACCESS POINTS!
Association mode - No idea here. Not a clue. I think it has to do with the old GSK (Group Shared Key) from back in the day. Don't qoute me on that.
Default Transmit Key - This is the key you want to check FIRST, but you can use others. You get four choices. 1-4. Amazing.
WEP Encryption - 64-bit, or 128 bit. Higher encryption decreases speed slightly, but you really won't notice it.
Passphrase - Type letterz n' shit, yo.
Key1-4 - Where your hashed keys come out when you type your letterz n shit, yo
NOW You fill that out with data you're happy with. Mine is
Security mode - WEP
Association mode - Open
Default Transmit Key - 3
WEP Encryption - 128bit 26hexidecimal.
Passphrase Omitted.
Ok. If you're done there, it's time to do some advanced crap. Pay attention. This is what the big step is. MAC Authority. My friend and co-conspirator. I love it to death because no matter how much password or key you use, it's still vulnerable to Promiscuous mode. I'll break down how to use this in great detail.
Wireless MAC Filter - Enabled or Disabled. Disabled says any wireless device that has the right credentials can connect. Totally useless if it's not ENABLED!
MAC1-50 - Fifty mac addresses for devices to connect. Note that most wireless devices can only host 16 connections. Kinda dumb to provide 50.
To get the mac address from your wireless clients, the driver usually comes with a bit of software and the details or help tab or button will usually tell you what the MAC address is, but if you're using VISTA (Morons.) You don't get that! You have to do it the hard way. Rightclick the wireless device in Network Connections (Or whatever the hell it's called) and go to the Status thing. Usually tells you right there. If it doesn't, RUN ipconfig and look at the MAC address, often called the Physical Address. This must be typed in AS YOU SEE IT! Looks like this. 00:01:4a:57:04:b4 (My PSP's mac address). Type it in, and hit apply. Guess what.
You're done. You just made your network as secure as it gets these days. You might see an Advanced Wireless Settings tab. Don't screw with that.
Next, DMZ Client, and Static IPs.
Go to each computer that is going to be on the network. Every one and give them an IP. If you do not know how to set a static IP, drink some bleach. I'm kidding, but if you don't know I hate you, and I hope you die. Okay, I hate you, but I don't care if you die. To set an IP, go to the network connections, rightclick the device, and go to properties. You get a window filled with things that look alien. Protocols and Application services. Look for TCP/IP 4. Six isn't supported yet by ISP's but alot of devices have IP6 support. Anyway, When you highlight TCP/IP4 select Properties. You get a new box that says Obtain IP automatically. That's wrong. Select Specify an IP. If your router's IP is 192.168.1.1, your available IP's start at 192.168.1.2 BUT! If you change your router's ACCESS IP, sometimes the IP range changes to the set you provided. I change mine to 10.10.220.1 so I can use the 10 range for internal corporate networks. Harder to guess than normal 192 ranges. Technically, if you use Static IP's, you can use anything that has four sets seperated by periods. You could use 1.1.1.1 if you wanted. I recommend the 10 line, or the 192 line. Never know what's out there that might want to point in at you because you have an infringing IP.
After you've set each device up to use a specified IP, go to the router's config, and look for a setting called DHCP Server. DHCP is Dynamic Host Configuration Protocol. Assigns IP automatically. Useless to security as a cup full of mole turds is to a bird. Disable it, and let it do it's thing. If everything's right and you've got the right range specified, everything will STILL WORK when the router reboots. If it doesn't, you need to check your settings again, and make sure you're in the right range. If it does work, your network is now bulletproof. If you use a locked range, and specific IP's assigned to each mac address, They can't get in unless they know EVERYTHING and packetsniffing only tells then 80% of the data. You win.
Alright. That's done. Gimme a beer.
0
Comments
One pretty major point you forgot is that step one should be going into the administration part of your router and change the default password, which for linksys routers is admin and I believe dlink is admin for a username with no password if I'm not rusty on dlink routers.