Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

AirPorts, NETGEAR wireless routers, and encryption Network
I recently bought a NETGEAR MR314 wireless router to make my life easier. The wireless features and the four port switch made it ideal for me. Of course, I wish to protect my wireless LAN, so I set it to do 128bit WEP using a password and a generated key. The browser-based administration of the NETGEAR makes this possible quite easily even on my Mac (no, I do not work for them, just the truth).

Much to my surprise, the Airport card refused to login to the access point when I used my set password; instead I had to use the 128bit hex key from the page of the administration Tool on the Netgear router. In the Apple Airport dialog box, you do not select "Password" from the drop down, you select "128bit-hex" and after doing that, it works flawlessly.

Took me some time to find this one, but after finding it, I must say, that I am most pleased with the product; it is definitely worth the money, at least for me.
    •    
  • Currently 2.67 / 5
  You rated: 2 / 5 (3 votes cast)
 
[21,301 views]  

AirPorts, NETGEAR wireless routers, and encryption | 21 comments | Create New Account
Click here to return to the 'AirPorts, NETGEAR wireless routers, and encryption' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
What is the Hex Key?
Authored by: Lizard_King on Nov 21, '02 10:18:13AM

some questions:

1)Is the 128 bit hex key simply the password that you entered in hex format?
2)If no to question #1, can you change that key on the router?



[ Reply to This | # ]
What is the Hex Key?
Authored by: mule on Nov 21, '02 04:00:33PM

The password is used to generate the key. This can be done quite easily in the web based interface at least for the MR314



[ Reply to This | # ]
Only problem..
Authored by: tamenti on Nov 21, '02 10:47:10AM

Only problem is you cant change the port the webinterface is listening on. When Im at home I cant see the two domains Im hosting on one of the other computers behind my mr314. I get the webinterface everytime I try to reach them :(

Otherwise, very nice indeed :)



[ Reply to This | # ]
There is a solution to that
Authored by: chap on Nov 22, '02 01:28:44PM

I had the same problem with my netgear and there is a solution albeit a fairly involved one.
On my webserver, I set up bind configured to be the master for my domain. And to forward all other requests to my ISP. My dns services for the outside world are provided by a different server, so this has no effect on queries outside my network.

I then setup the "Home" location on my iBook to use this as the primary DNS server . Now when I'm at home I get a local network address for the hosts in my domain and everywhere else I get the public address.

This works well with one exception. Chimera appears to cache DNS lookups (independant of lookupd) and must be restarted when the location changes, otherwise it uses the incorrect address.

Chap



[ Reply to This | # ]
Using Hex Key in Password Dialog
Authored by: jptd on Nov 21, '02 11:36:40AM

I didn't see it mentioned, but with my Linksys Wireless Cable Router (V.2) if you use WEP (128bit) then you have to enter the hex key generated with a preceding $

That $ indicates that you are inputting hexadecimal.



[ Reply to This | # ]
Apple is changing Hex Key procedures
Authored by: mclbruce on Nov 21, '02 12:29:14PM

I have used Airport with a third party (Linksys) base station. At that time Airport in OS X required a dollar sign before entering the WEP password, and the password had to be entered in hex. I think Apple has changed this so that the dollar sign is no longer necessary. I don't know what version of OS X or what Airport update this was changed in.



[ Reply to This | # ]
Apple is changing Hex Key procedures
Authored by: macubergeek on Nov 23, '02 09:50:59PM

Apple changed it in 10.2.2 I believe because I don't have to use the $ with my linksys wap.



[ Reply to This | # ]
Using Hex Key in Password Dialog
Authored by: tediffer3rd on Sep 18, '03 12:28:01PM
I have been trying to get my airport enabled iMac connected to my WLAN for 3 days now and finally found this thread. I am thinking maybe APPLE should let us know about this DURING the setup of the airport card...

[ Reply to This | # ]
WEP encryption useless
Authored by: eaganj on Nov 21, '02 12:12:53PM

The standard warning about WEP encryption being broken should be inserted here. WEP, even with 128-bit keys, does not protect you against would-be eavesdroppers... the cryptography is sufficiently broken as to allow one to figure out the secret key with a fairly small amount of data. Since everything's going over the airwaves, snooping enough encrypted data to break the encryption is easy.

Don't rely on WEP to be secure. Does this mean that your nifty wireless LAN is useless? No. You just need to be aware that anything that you send over the network is being broadcast to anyone who cares to listen. If you want to make sure your transactions are secure (for example, when you send your password to your email account), make sure you're using an encrypted session on top of the network (for example, SSL). The key is to be conscious that EVERYTHING you do on your wireless LAN is broadcast and consequently public.

Additionally, WEP doesn't prevent unauthorized users from accessing your network. Since the key can so easily be obtained by an eavesdropper, anyone within range can use your bandwidth. There are solutions to this problem, but they are fairly involved, and for most people, probably not worth the effort, so long as you're aware that others could be using your network.



[ Reply to This | # ]
WEP encryption useless
Authored by: madoka on Nov 21, '02 12:30:28PM

Dang! you beat me to my post! Maybe it's time for me to improve my typing speed, and learn how to spell :-)



[ Reply to This | # ]
WEP encryption useless
Authored by: Lizard_King on Nov 22, '02 08:42:37AM

uhhh... this may not be the forum for debate, but WEP is *not* useless! You may be trying to say in a very extreme way that WEP is vulnerable, but readers shouldn't simply discount the technology altogether.

It is true that WEP encryption can easily be broken with the use of some freely available tools found on the Internet. If you think that data you put on the pipe on a WEP-enabled WAN is secure then you're dead wrong.

An advantage of using WEP is that it discourages the majority war-drivers, piggy-backs, script kiddies and other types of people that could leach your wireless bandwidth for personal use or fun. If you live in an apartment building and you are running a WEP-enabled WAN and your neighbor is running a completely open WAN, someone who wants a quick free ride will more often than not pass over your WAN for an easier target (because there are *sooo* many easy targets out there).

A disadvantage of using WEP (besides the obvious) is that it will slow your connection down (slightly) because of the added overhead of the encryption. Personally, I use MAC address filtering on my home network. I know that this can be broken as well (with MAC spoofing) but I'm ok with that risk for now.



[ Reply to This | # ]
WEP encryption useless
Authored by: kon21 on May 09, '03 11:29:45PM

Do you guys know of a utility I can use to krack WEP enabled
access-points?



[ Reply to This | # ]
WEP encryption useless
Authored by: pentiumburner on May 11, '03 12:05:53PM

On the MR314 the best thing to use for a secure wireles network is to use MAC filtering, this makes it impossible for the average hacker to get into your network and has been the preferred security measure for most.

---
The box said: "works with a Pentium 4 or better", so I got a Mac.



[ Reply to This | # ]
WEP encryption useless - other alternatives?
Authored by: circc on Aug 02, '03 12:43:46PM

I understand that WEP is not optimal for securing a wireless network. I just installed a wifi network, using the Belkin F5D7230-4 router. I use 128-bit WEP encryption and MAC address filertering. I use ssh for almost everything, but not all users on my network do so. What else could I do to protect their traffic?



[ Reply to This | # ]
3rd Party Access Points
Authored by: smv on Nov 21, '02 12:16:51PM

I had a similar problem connecting to a Cisco AP using WEP at my school. The solution at the time was to put the password in quotes. (i.e. "password") I am not sure that it is necessary in 10.2, but the kbase article [#106250] is still up. I would test it, but I am at work right now.



[ Reply to This | # ]
WEP offers very little protection
Authored by: madoka on Nov 21, '02 12:27:28PM

Maybe you already know this, but I'll say it anyway in case others who read this hint don't know. DO NOT RELY ON WEP FOR ANY KIND OF SECURITY!!!

By security, I mean two things: protecting contents of packets from 3rd parties, and client authentication (allowing/disallowing person X from using your wireless network). Unfortunately, WEP fails to provide either. Furthermore, enabling WEP incurs a performance penalty.

My suggestion would be to leave WEP turned off, and use other methods, such as SSH tunneling for data encryption, and MAC address for client authentication.

Note that although MAC address based client authentication is in principal less secure than WEP, due to the nature of 802.11b both methods fail anyway. There's really no way to do this without using much more sophisticated methods (such as Kerberos). Therefore you may as well not use WEP to avoid the performance penalty.



[ Reply to This | # ]
Degrees of Wireless Security
Authored by: mclbruce on Nov 21, '02 01:03:00PM

If you leave your front door unlocked, your house is less secure than if you lock it. Even if you have a crummy lock, using it will give you more security than not using it.

I know someone who moved to an apartment in San Francisco, fired up her Powerbook and was on the Internet via Airport. She just turned on Airport and there it was. She still doesn't know which of her neighbors is giving her free Internet access. Any kind of security would keep her out of the network.

When I set up a wireless system I change the name of the network, enable 40 bit WEP and disable broadcasting the network name. This at least keeps the honest people honest with little performance penalty for the user.

To break into a wireless network takes a certain level of hardware, software, expertise, and time. The required amounts vary depending on how you set up your wireless network.

Most of the Internet Routers out there run on UNIX or LINUX. I hope that better security will be added via firmware updates.



[ Reply to This | # ]
Degrees of Wireless Security
Authored by: mule on Nov 21, '02 04:05:25PM

When I wrote, that I wanted to protect my network, I was reffering to the casual WarDriver. I simply dislike others using my bandwidth and in the house I live, that would be fairly easy. The MR314 also supports MAC based filtering and I do use that as well. As for the performance penalty. I do no transfer large files via 802.11b. It would be pretty sarcastic to do, since my Powerbook come with a gigbait capable ethernet interface and the router is at least capable of doing 100Mbit. The performace penalty is therefore a non issue for me.



[ Reply to This | # ]
Forwarding UDP
Authored by: thyrr on Dec 03, '02 04:24:41PM

The Netgear 314 works great for me, easy to configure.
But the port forwardning is only for TCP, you can't forward UDP ports, which many games and webcam software use. Maybe you can configure this through the telnet interface. Have anyone had any success on this?



[ Reply to This | # ]
AirPorts, NETGEAR wireless routers, and encryption
Authored by: theimbalance on Jul 11, '03 05:44:07PM

Hey I know my question probably entails a very obvious answer, but I bought the Netgear MR814 with plans on buying just the AirPort card for my iBook thinking that since they both worked on 2.4 gigahertz I would be fine. Do I need a base station as well? Thanks



[ Reply to This | # ]
AirPorts, NETGEAR wireless routers, and encryption
Authored by: gkt on Jul 13, '03 05:04:16AM

nope... the Netgear MR814 is the equivalent of a base station. I just bought a TiBook with airport built in and it connected to my Netgear MR814 like a charm... once I changed the WEP key mode from "Shared" to "automatic"... I believe that's slightly "lower security" but it works for now.

Anyone got any ideas why my powerbook couldn't see the Netgear until I made the key non-shared"?



[ Reply to This | # ]