Wireless WDS link protocol
22-06-2007, 22:16
|
#1
|
Inactive
Join Date: Oct 2006
Posts: 1,604
|
Wireless WDS link protocol
Does anyone know what form of encryption if any (!) goes to form a wireless WDS link (ie bridging wireless access points together).
I'm baffled at this one as I'm not sure as to how secure it is
|
|
|
22-06-2007, 22:37
|
#2
|
cf.mega poster
Join Date: Jun 2005
Location: Peterborough
Posts: 5,106
|
Re: Wireless WDS link protocol
A bridge isnt an access point, my understanding is that they just forward packets from one port on to another
|
|
|
22-06-2007, 22:44
|
#3
|
Inactive
Join Date: Oct 2006
Posts: 1,604
|
Re: Wireless WDS link protocol
Quote:
Originally Posted by Wicked_and_Crazy
A bridge isnt an access point, my understanding is that they just forward packets from one port on to another
|
Yes exactly ... but don't confuse this bridge with an ethernet bridge...
A WDS bridge is in itself a wireless connection separate to Access Point functions.
What I have done is bridged two access points together with WDS and turned off wireless access point capabilities on both APs so that all I have left is the wireless bridge.
SOOOOOOOO how is this wireless bridge encrypted if it is at all ?
|
|
|
22-06-2007, 22:57
|
#4
|
cf.mega poster
Join Date: Jun 2005
Location: Peterborough
Posts: 5,106
|
Re: Wireless WDS link protocol
My point is that once your on the network your on it and no further encryption is required. As your WDS is not providing any client association services then surely you dont need any further access protection then WEP or WPA
|
|
|
22-06-2007, 23:03
|
#5
|
Inactive
Join Date: Oct 2006
Posts: 1,604
|
Re: Wireless WDS link protocol
Quote:
Originally Posted by Wicked_and_Crazy
then surely you dont need any further access protection then WEP or WPA
|
Are you sure ?
LAN A ---- ACCESS POINT1/no wifi ----- WDS wireless link ---- ACCESS POINT2/no wifi ---- LAN B
So whats to stop someone hacking between Access point 1 and 2 ?
|
|
|
22-06-2007, 23:11
|
#6
|
cf.mega poster
Join Date: Jun 2005
Location: Peterborough
Posts: 5,106
|
Re: Wireless WDS link protocol
Im confused, you have two LANs, both with wifi? With WEP or WPA?
Two access points which are disable on the WDS. But a wireless link between the two disabled access points?
If thats the case whats the difference (in principle) between the wireless link between the two access points and a wireless link between a laptop and a router?
|
|
|
22-06-2007, 23:22
|
#7
|
Inactive
Join Date: Oct 2006
Posts: 1,604
|
Re: Wireless WDS link protocol
Quote:
Originally Posted by Wicked_and_Crazy
Im confused, you have two LANs, both with wifi? With WEP or WPA?
|
Not quite - I'm connected 2 wired networks via a single wireless link and want to try to do this as securely as possible.
Quote:
Originally Posted by Wicked_and_Crazy
If thats the case whats the difference (in principle) between the wireless link between the two access points and a wireless link between a laptop and a router?
|
A lot !
WDS is invisible it just connects the routers - no wireless device can connect to either of the access points nor know of their existence(maybe ? - I will have to test this out with stumbler).
With my l33t hax0r experience my query is that it must be possible to trick the identity of access point A or B and jump in - hence the reason as to my lack of understanding as to what protocol that WDS link uses.
|
|
|
22-06-2007, 23:25
|
#8
|
cf.mega poster
Join Date: Jun 2005
Location: Peterborough
Posts: 5,106
|
Re: Wireless WDS link protocol
I guess it depends how the access points are turned off. If they are not providing a client association service or the access points are just not active at all.
|
|
|
22-06-2007, 23:58
|
#9
|
Inactive
Join Date: Oct 2006
Posts: 1,604
|
Re: Wireless WDS link protocol
Quote:
Originally Posted by Wicked_and_Crazy
I guess it depends how the access points are turned off. If they are not providing a client association service or the access points are just not active at all.
|
Completely turned off via DD-WRT
---------- Post added at 23:29 ---------- Previous post was at 23:27 ----------
Here's the link : http://www.dd-wrt.com/wiki/index.php...Point_Function
---------- Post added at 23:44 ---------- Previous post was at 23:29 ----------
Come on mate don't bail on me now :/
Reps for your effort
---------- Post added at 23:58 ---------- Previous post was at 23:44 ----------
Looks like I'm fearing this :
--- snip
I was considering getting an AirPort Basestation Extreme and Express together to extend the wireless network. But then I came across this note in the review:
One note: when using the AirPort Express as a WDS, you are limited to either using 128-bit WEP or turning off security altogether. This was not mentioned on the AirPort Express pages on apple.com, although it is addressed in the manual. WPA is generally not supported over bridged connections on WiFi products due to the fact that WPA encrypts the MAC addresses which WDS relies on for communication. Keep this limitation in mind when using the Express as a bridge.
|
|
|
23-06-2007, 09:50
|
#10
|
Inactive
Join Date: Nov 2003
Location: Reading
Posts: 256
|
Re: Wireless WDS link protocol
Quote:
Originally Posted by CrC-3rr0r
Does anyone know what form of encryption if any (!) goes to form a wireless WDS link (ie bridging wireless access points together).
I'm baffled at this one as I'm not sure as to how secure it is
|
From http://en.wikipedia.org/wiki/Wireles...ibution_System
Quote:
Dynamically assigned and rotated encryption keys are usually not supported in a WDS connection. This means that dynamic Wi-Fi Protected Access (WPA) and other dynamic key assignment technology in most cases can not be used, though WPA using pre-shared keys is possible. This is due to the lack of regulation in this field, which will hopefully be resolved with the upcoming 802.11s standard. As a result only static WEP or WPA keys may be used in a WDS connection, including any STAs that associate to a WDS repeating AP.
|
|
|
|
23-06-2007, 12:04
|
#11
|
Inactive
Join Date: Oct 2006
Posts: 1,604
|
Re: Wireless WDS link protocol
Quote:
Originally Posted by GeoffW
|
I've read that *several* times :/ and really the article is vague over the subject :
Points too
Quote:
Dynamically assigned and rotated encryption keys are usually not supported in a WDS connection.
|
and
Quote:
Most third party firmwares for the WRT54G(S)/GL support AES encryption using WPA2-PSK Mixed Mode security, and TKIP encryption using WPA-PSK, while operating in WDS mode. However, this mode may not be compatible with other units running stock or alternate firmwares.
|
|
|
|
23-06-2007, 13:31
|
#12
|
Inactive
Join Date: Nov 2003
Location: Reading
Posts: 256
|
Re: Wireless WDS link protocol
The way I read it was that there was no standard way for them to talk using WDS to negotiate dynamic keys, that is until 802.11s arrives. I think the usually comment refers to variations in different manufacturers proprietary implementations.
So to answer your original question, it's as secure as the kit lets you make it but as a minimum you can use encryption with static keys if there is no custom extensions. I wasn't aware there was any 3rd party firmware for the WRT54G, but personally I'd rather stick with standard firmware and a static (but complex) key as WPA-PSK with TKIP is pretty secure. That Airport comment is a bit of a problem though.
|
|
|
23-06-2007, 16:37
|
#13
|
Inactive
Join Date: Oct 2006
Posts: 1,604
|
Re: Wireless WDS link protocol
Thanks Geoff that is exactly how I read it.
I think I am going to sack the idea of the WDS altogether and do a client bridge with WPA2 (might even do enterprise) and get a cron job running on one of the routers to update each others keys every 24 hours, does that sound secure or what ?
|
|
|
23-06-2007, 17:31
|
#14
|
Inactive
Join Date: Nov 2003
Location: Reading
Posts: 256
|
Re: Wireless WDS link protocol
Quote:
Originally Posted by CrC-3rr0r
does that sound secure or what ?
|
That sounds like a man with way too much time on his hands
|
|
|
23-06-2007, 17:37
|
#15
|
Inactive
Join Date: Oct 2006
Posts: 1,604
|
Re: Wireless WDS link protocol
Quote:
Originally Posted by GeoffW
That sounds like a man with way too much time on his hands
|
Should be easy.
DD-WRT is essentially a linux distro for Linksys wireless routers.
So all I need to do is create a simple script to
* Create new key
* ssh-rsync the key to the routers
* rexec reboot
Job done - or simpler still
* Create new key and dump it to the network share that both routers read the key from.
* rexec reboot
- I'm not wasting any more time on this - spent 6 hours on Friday when I could have been doing something better.
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +1. The time now is 14:39.
|