a "dictionary" attack is the onlly real method for breaking WPA. Use
an extremely long random key (you probably have support for Windows
Connect Now so you can use the Network Wizard to generate one for
you).

I've got the same setup here with the same hardware (more or less).



On Fri, 27 Apr 2007 11:47:32 +0300, Lorenzo Sandini
wrote:

>Hi,
>
>I just changed my old trusty D-Link DGL-4300 router for a DIR-655, that
>uses the 802.11n draft technology. Almost all my computers are wired,
>but I need that wireless link for a couple of them. I fitted those
>machines with D-Link 802.11n NICS (one PCI and one Cardbus), so WPA2
>will be used.
>
>Unfortunately, I have to keep a DWL-650G (108Mbps) in one machine,
>forcing me to use WPA too. The router negotiates WPA2 with machines that
>can, and falls back to WPA for the machine that cannot do WPA2.
>
>MAC address filtering is enabled, SSID hidden and changed on an
>irregular basis. Call me paranoid, but what is the possibility that
>someone intercepts packets in the air and cracks my key ? Finds a MAC
>address for one connected machine and uses it on his laptop to associate
>with the router ?
>
>Not that I have something to hide, or that any of my computers contains
>anything precious, but I know too much about WLAN insecurity to feel safe.
>
>Thanks
>
>Lorenzo
--

Barb Bowman
MS Windows-MVP
Expert Zone & Vista Community Columnist
http://www.microsoft.com/windowsxp/e...ts/bowman.mspx
http://blogs.digitalmediaphile.com/barb/

"Lorenzo Sandini" wrote in message
news:59drl6F2khsc8U1@mid.individual.net...
> Hi,
>
> I just changed my old trusty D-Link DGL-4300 router for a DIR-655, that
> uses the 802.11n draft technology. Almost all my computers are wired, but
> I need that wireless link for a couple of them. I fitted those machines
> with D-Link 802.11n NICS (one PCI and one Cardbus), so WPA2 will be used.
>
> Unfortunately, I have to keep a DWL-650G (108Mbps) in one machine, forcing
> me to use WPA too. The router negotiates WPA2 with machines that can, and
> falls back to WPA for the machine that cannot do WPA2.
>
> MAC address filtering is enabled, SSID hidden and changed on an irregular
> basis. Call me paranoid, but what is the possibility that someone
> intercepts packets in the air and cracks my key ? Finds a MAC address for
> one connected machine and uses it on his laptop to associate with the
> router ?
>
> Not that I have something to hide, or that any of my computers contains
> anything precious, but I know too much about WLAN insecurity to feel safe.
>
> Thanks
>
> Lorenzo

To add to Barb's comments both MAC Address authentication and cloaking your
SSID broadcast are not considered viable security measures. Cloaking the
SSID broadcast can also lead to connectivity issues for some clients. Both
are easily discovered. You may be interested in this article...

http://blogs.zdnet.com/Ou/?p=454

The key to real security is using strong encryption and a long random key.
Personally I use a 63-character random ASCII key. Here are two key
generators that you might be interested in.

http://www.kurtm.net/wpa-pskgen/
https://www.grc.com/passwords.htm

My WiFi security recommendations...

http://theillustratednetwork.mvps.or...sSecurity.html
--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

Hi
Whenever one uses his car no matter how carefull he is there is always the
probability to be involved in a car accident, however, it is Not a reason to
always stay home.
Jack (MVP-Networking).

"Lorenzo Sandini" wrote in message
news:59drl6F2khsc8U1@mid.individual.net...
> Hi,
>
> I just changed my old trusty D-Link DGL-4300 router for a DIR-655, that
> uses the 802.11n draft technology. Almost all my computers are wired, but
> I need that wireless link for a couple of them. I fitted those machines
> with D-Link 802.11n NICS (one PCI and one Cardbus), so WPA2 will be used.
>
> Unfortunately, I have to keep a DWL-650G (108Mbps) in one machine, forcing
> me to use WPA too. The router negotiates WPA2 with machines that can, and
> falls back to WPA for the machine that cannot do WPA2.
>
> MAC address filtering is enabled, SSID hidden and changed on an irregular
> basis. Call me paranoid, but what is the possibility that someone
> intercepts packets in the air and cracks my key ? Finds a MAC address for
> one connected machine and uses it on his laptop to associate with the
> router ?
>
> Not that I have something to hide, or that any of my computers contains
> anything precious, but I know too much about WLAN insecurity to feel safe.
>
> Thanks
>
> Lorenzo

I noticed that WPA2 must be enabled in order to get the maximum
throughput. When I chose WPA-TKIP, max speed is 54Mbps, while with
WPA2-AES I get 300Mbps. Is it by design ?

Lorenzo


Barb Bowman wrote:
> a "dictionary" attack is the onlly real method for breaking WPA. Use
> an extremely long random key (you probably have support for Windows
> Connect Now so you can use the Network Wizard to generate one for
> you).
>
> I've got the same setup here with the same hardware (more or less).
>
>
>
> On Fri, 27 Apr 2007 11:47:32 +0300, Lorenzo Sandini
> wrote:
>
>> Hi,
>>
>> I just changed my old trusty D-Link DGL-4300 router for a DIR-655, that
>> uses the 802.11n draft technology. Almost all my computers are wired,
>> but I need that wireless link for a couple of them. I fitted those
>> machines with D-Link 802.11n NICS (one PCI and one Cardbus), so WPA2
>> will be used.
>>
>> Unfortunately, I have to keep a DWL-650G (108Mbps) in one machine,
>> forcing me to use WPA too. The router negotiates WPA2 with machines that
>> can, and falls back to WPA for the machine that cannot do WPA2.
>>
>> MAC address filtering is enabled, SSID hidden and changed on an
>> irregular basis. Call me paranoid, but what is the possibility that
>> someone intercepts packets in the air and cracks my key ? Finds a MAC
>> address for one connected machine and uses it on his laptop to associate
>> with the router ?
>>
>> Not that I have something to hide, or that any of my computers contains
>> anything precious, but I know too much about WLAN insecurity to feel safe.
>>
>> Thanks
>>
>> Lorenzo
> --
>
> Barb Bowman
> MS Windows-MVP
> Expert Zone & Vista Community Columnist
> http://www.microsoft.com/windowsxp/e...ts/bowman.mspx
> http://blogs.digitalmediaphile.com/barb/

must be something in the driver and/or router firmware. I don't
think that the draft N spec mandates WPA2 to trigger anything. I've
been running with WPA2 since I received the DIR655 so I haven't
experienced this. What firmware is in the router?

On Sat, 28 Apr 2007 20:28:49 +0300, Lorenzo Sandini
wrote:

>I noticed that WPA2 must be enabled in order to get the maximum
>throughput. When I chose WPA-TKIP, max speed is 54Mbps, while with
>WPA2-AES I get 300Mbps. Is it by design ?
>
>Lorenzo
>
>
>Barb Bowman wrote:
>> a "dictionary" attack is the onlly real method for breaking WPA. Use
>> an extremely long random key (you probably have support for Windows
>> Connect Now so you can use the Network Wizard to generate one for
>> you).
>>
>> I've got the same setup here with the same hardware (more or less).
>>
>>
>>
>> On Fri, 27 Apr 2007 11:47:32 +0300, Lorenzo Sandini
>> wrote:
>>
>>> Hi,
>>>
>>> I just changed my old trusty D-Link DGL-4300 router for a DIR-655, that
>>> uses the 802.11n draft technology. Almost all my computers are wired,
>>> but I need that wireless link for a couple of them. I fitted those
>>> machines with D-Link 802.11n NICS (one PCI and one Cardbus), so WPA2
>>> will be used.
>>>
>>> Unfortunately, I have to keep a DWL-650G (108Mbps) in one machine,
>>> forcing me to use WPA too. The router negotiates WPA2 with machines that
>>> can, and falls back to WPA for the machine that cannot do WPA2.
>>>
>>> MAC address filtering is enabled, SSID hidden and changed on an
>>> irregular basis. Call me paranoid, but what is the possibility that
>>> someone intercepts packets in the air and cracks my key ? Finds a MAC
>>> address for one connected machine and uses it on his laptop to associate
>>> with the router ?
>>>
>>> Not that I have something to hide, or that any of my computers contains
>>> anything precious, but I know too much about WLAN insecurity to feel safe.
>>>
>>> Thanks
>>>
>>> Lorenzo
>> --
>>
>> Barb Bowman
>> MS Windows-MVP
>> Expert Zone & Vista Community Columnist
>> http://www.microsoft.com/windowsxp/e...ts/bowman.mspx
>> http://blogs.digitalmediaphile.com/barb/
--

Barb Bowman
MS Windows-MVP
Expert Zone & Vista Community Columnist
http://www.microsoft.com/windowsxp/e...ts/bowman.mspx
http://blogs.digitalmediaphile.com/barb/

1.02, and connection "speed" is set to "Automatic best".

Could you check with yours please, if it's not too much asking?

Thanks

Lorenzo


Barb Bowman wrote:
> must be something in the driver and/or router firmware. I don't
> think that the draft N spec mandates WPA2 to trigger anything. I've
> been running with WPA2 since I received the DIR655 so I haven't
> experienced this. What firmware is in the router?
>
> On Sat, 28 Apr 2007 20:28:49 +0300, Lorenzo Sandini
> wrote:
>
>> I noticed that WPA2 must be enabled in order to get the maximum
>> throughput. When I chose WPA-TKIP, max speed is 54Mbps, while with
>> WPA2-AES I get 300Mbps. Is it by design ?
>>
>> Lorenzo
>>
>>
>> Barb Bowman wrote:
>>> a "dictionary" attack is the onlly real method for breaking WPA. Use
>>> an extremely long random key (you probably have support for Windows
>>> Connect Now so you can use the Network Wizard to generate one for
>>> you).
>>>
>>> I've got the same setup here with the same hardware (more or less).
>>>
>>>
>>>
>>> On Fri, 27 Apr 2007 11:47:32 +0300, Lorenzo Sandini
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> I just changed my old trusty D-Link DGL-4300 router for a DIR-655, that
>>>> uses the 802.11n draft technology. Almost all my computers are wired,
>>>> but I need that wireless link for a couple of them. I fitted those
>>>> machines with D-Link 802.11n NICS (one PCI and one Cardbus), so WPA2
>>>> will be used.
>>>>
>>>> Unfortunately, I have to keep a DWL-650G (108Mbps) in one machine,
>>>> forcing me to use WPA too. The router negotiates WPA2 with machines that
>>>> can, and falls back to WPA for the machine that cannot do WPA2.
>>>>
>>>> MAC address filtering is enabled, SSID hidden and changed on an
>>>> irregular basis. Call me paranoid, but what is the possibility that
>>>> someone intercepts packets in the air and cracks my key ? Finds a MAC
>>>> address for one connected machine and uses it on his laptop to associate
>>>> with the router ?
>>>>
>>>> Not that I have something to hide, or that any of my computers contains
>>>> anything precious, but I know too much about WLAN insecurity to feel safe.
>>>>
>>>> Thanks
>>>>
>>>> Lorenzo
>>> --
>>>
>>> Barb Bowman
>>> MS Windows-MVP
>>> Expert Zone & Vista Community Columnist
>>> http://www.microsoft.com/windowsxp/e...ts/bowman.mspx
>>> http://blogs.digitalmediaphile.com/barb/
> --
>
> Barb Bowman
> MS Windows-MVP
> Expert Zone & Vista Community Columnist
> http://www.microsoft.com/windowsxp/e...ts/bowman.mspx
> http://blogs.digitalmediaphile.com/barb/

which NIC do you see this on? I use only N clients on the 655 and
have an AP for G only clients.

On Sat, 28 Apr 2007 22:23:08 +0300, Lorenzo Sandini
wrote:

>1.02, and connection "speed" is set to "Automatic best".
>
>Could you check with yours please, if it's not too much asking?
>
>Thanks
>
>Lorenzo
>
>
>Barb Bowman wrote:
>> must be something in the driver and/or router firmware. I don't
>> think that the draft N spec mandates WPA2 to trigger anything. I've
>> been running with WPA2 since I received the DIR655 so I haven't
>> experienced this. What firmware is in the router?
>>
>> On Sat, 28 Apr 2007 20:28:49 +0300, Lorenzo Sandini
>> wrote:
>>
>>> I noticed that WPA2 must be enabled in order to get the maximum
>>> throughput. When I chose WPA-TKIP, max speed is 54Mbps, while with
>>> WPA2-AES I get 300Mbps. Is it by design ?
>>>
>>> Lorenzo
>>>
>>>
>>> Barb Bowman wrote:
>>>> a "dictionary" attack is the onlly real method for breaking WPA. Use
>>>> an extremely long random key (you probably have support for Windows
>>>> Connect Now so you can use the Network Wizard to generate one for
>>>> you).
>>>>
>>>> I've got the same setup here with the same hardware (more or less).
>>>>
>>>>
>>>>
>>>> On Fri, 27 Apr 2007 11:47:32 +0300, Lorenzo Sandini
>>>> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I just changed my old trusty D-Link DGL-4300 router for a DIR-655, that
>>>>> uses the 802.11n draft technology. Almost all my computers are wired,
>>>>> but I need that wireless link for a couple of them. I fitted those
>>>>> machines with D-Link 802.11n NICS (one PCI and one Cardbus), so WPA2
>>>>> will be used.
>>>>>
>>>>> Unfortunately, I have to keep a DWL-650G (108Mbps) in one machine,
>>>>> forcing me to use WPA too. The router negotiates WPA2 with machines that
>>>>> can, and falls back to WPA for the machine that cannot do WPA2.
>>>>>
>>>>> MAC address filtering is enabled, SSID hidden and changed on an
>>>>> irregular basis. Call me paranoid, but what is the possibility that
>>>>> someone intercepts packets in the air and cracks my key ? Finds a MAC
>>>>> address for one connected machine and uses it on his laptop to associate
>>>>> with the router ?
>>>>>
>>>>> Not that I have something to hide, or that any of my computers contains
>>>>> anything precious, but I know too much about WLAN insecurity to feel safe.
>>>>>
>>>>> Thanks
>>>>>
>>>>> Lorenzo
>>>> --
>>>>
>>>> Barb Bowman
>>>> MS Windows-MVP
>>>> Expert Zone & Vista Community Columnist
>>>> http://www.microsoft.com/windowsxp/e...ts/bowman.mspx
>>>> http://blogs.digitalmediaphile.com/barb/
>> --
>>
>> Barb Bowman
>> MS Windows-MVP
>> Expert Zone & Vista Community Columnist
>> http://www.microsoft.com/windowsxp/e...ts/bowman.mspx
>> http://blogs.digitalmediaphile.com/barb/
--

Barb Bowman
MS Windows-MVP
Expert Zone & Vista Community Columnist
http://www.microsoft.com/windowsxp/e...ts/bowman.mspx
http://blogs.digitalmediaphile.com/barb/

It's the DWA-645, http://www.dlink.com/products/?sec=0&pid=489. Nothing
specific in the user's guide I am afraid.

Apparently in Finland we don't have the DWA-652. I don't know exactly
what is the difference though. A hint maybe ?

Lorenzo



Barb Bowman wrote:
> which NIC do you see this on? I use only N clients on the 655 and
> have an AP for G only clients.
>
> On Sat, 28 Apr 2007 22:23:08 +0300, Lorenzo Sandini
> wrote:
>
>> 1.02, and connection "speed" is set to "Automatic best".
>>
>> Could you check with yours please, if it's not too much asking?
>>
>> Thanks
>>
>> Lorenzo
>>
>>
>> Barb Bowman wrote:
>>> must be something in the driver and/or router firmware. I don't
>>> think that the draft N spec mandates WPA2 to trigger anything. I've
>>> been running with WPA2 since I received the DIR655 so I haven't
>>> experienced this. What firmware is in the router?
>>>
>>> On Sat, 28 Apr 2007 20:28:49 +0300, Lorenzo Sandini
>>> wrote:
>>>
>>>> I noticed that WPA2 must be enabled in order to get the maximum
>>>> throughput. When I chose WPA-TKIP, max speed is 54Mbps, while with
>>>> WPA2-AES I get 300Mbps. Is it by design ?
>>>>
>>>> Lorenzo
>>>>
>>>>
>>>> Barb Bowman wrote:
>>>>> a "dictionary" attack is the onlly real method for breaking WPA. Use
>>>>> an extremely long random key (you probably have support for Windows
>>>>> Connect Now so you can use the Network Wizard to generate one for
>>>>> you).
>>>>>
>>>>> I've got the same setup here with the same hardware (more or less).
>>>>>
>>>>>
>>>>>
>>>>> On Fri, 27 Apr 2007 11:47:32 +0300, Lorenzo Sandini
>>>>> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I just changed my old trusty D-Link DGL-4300 router for a DIR-655, that
>>>>>> uses the 802.11n draft technology. Almost all my computers are wired,
>>>>>> but I need that wireless link for a couple of them. I fitted those
>>>>>> machines with D-Link 802.11n NICS (one PCI and one Cardbus), so WPA2
>>>>>> will be used.
>>>>>>
>>>>>> Unfortunately, I have to keep a DWL-650G (108Mbps) in one machine,
>>>>>> forcing me to use WPA too. The router negotiates WPA2 with machines that
>>>>>> can, and falls back to WPA for the machine that cannot do WPA2.
>>>>>>
>>>>>> MAC address filtering is enabled, SSID hidden and changed on an
>>>>>> irregular basis. Call me paranoid, but what is the possibility that
>>>>>> someone intercepts packets in the air and cracks my key ? Finds a MAC
>>>>>> address for one connected machine and uses it on his laptop to associate
>>>>>> with the router ?
>>>>>>
>>>>>> Not that I have something to hide, or that any of my computers contains
>>>>>> anything precious, but I know too much about WLAN insecurity to feel safe.
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>> Lorenzo
>>>>> --
>>>>>
>>>>> Barb Bowman
>>>>> MS Windows-MVP
>>>>> Expert Zone & Vista Community Columnist
>>>>> http://www.microsoft.com/windowsxp/e...ts/bowman.mspx
>>>>> http://blogs.digitalmediaphile.com/barb/
>>> --
>>>
>>> Barb Bowman
>>> MS Windows-MVP
>>> Expert Zone & Vista Community Columnist
>>> http://www.microsoft.com/windowsxp/e...ts/bowman.mspx
>>> http://blogs.digitalmediaphile.com/barb/
> --
>
> Barb Bowman
> MS Windows-MVP
> Expert Zone & Vista Community Columnist
> http://www.microsoft.com/windowsxp/e...ts/bowman.mspx
> http://blogs.digitalmediaphile.com/barb/

the 645 is older. could be a firmware thing. i have a 652 and the
expresscard one. i don't know if the firmware for the router is
different in Europe either.

On Sun, 29 Apr 2007 17:52:33 +0300, Lorenzo Sandini
wrote:

>It's the DWA-645, http://www.dlink.com/products/?sec=0&pid=489. Nothing
>specific in the user's guide I am afraid.
>
>Apparently in Finland we don't have the DWA-652. I don't know exactly
>what is the difference though. A hint maybe ?
>
>Lorenzo
>
>
>
>Barb Bowman wrote:
>> which NIC do you see this on? I use only N clients on the 655 and
>> have an AP for G only clients.
>>
>> On Sat, 28 Apr 2007 22:23:08 +0300, Lorenzo Sandini
>> wrote:
>>
>>> 1.02, and connection "speed" is set to "Automatic best".
>>>
>>> Could you check with yours please, if it's not too much asking?
>>>
>>> Thanks
>>>
>>> Lorenzo
>>>
>>>
>>> Barb Bowman wrote:
>>>> must be something in the driver and/or router firmware. I don't
>>>> think that the draft N spec mandates WPA2 to trigger anything. I've
>>>> been running with WPA2 since I received the DIR655 so I haven't
>>>> experienced this. What firmware is in the router?
>>>>
>>>> On Sat, 28 Apr 2007 20:28:49 +0300, Lorenzo Sandini
>>>> wrote:
>>>>
>>>>> I noticed that WPA2 must be enabled in order to get the maximum
>>>>> throughput. When I chose WPA-TKIP, max speed is 54Mbps, while with
>>>>> WPA2-AES I get 300Mbps. Is it by design ?
>>>>>
>>>>> Lorenzo
>>>>>
>>>>>
>>>>> Barb Bowman wrote:
>>>>>> a "dictionary" attack is the onlly real method for breaking WPA. Use
>>>>>> an extremely long random key (you probably have support for Windows
>>>>>> Connect Now so you can use the Network Wizard to generate one for
>>>>>> you).
>>>>>>
>>>>>> I've got the same setup here with the same hardware (more or less).
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, 27 Apr 2007 11:47:32 +0300, Lorenzo Sandini
>>>>>> wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I just changed my old trusty D-Link DGL-4300 router for a DIR-655, that
>>>>>>> uses the 802.11n draft technology. Almost all my computers are wired,
>>>>>>> but I need that wireless link for a couple of them. I fitted those
>>>>>>> machines with D-Link 802.11n NICS (one PCI and one Cardbus), so WPA2
>>>>>>> will be used.
>>>>>>>
>>>>>>> Unfortunately, I have to keep a DWL-650G (108Mbps) in one machine,
>>>>>>> forcing me to use WPA too. The router negotiates WPA2 with machines that
>>>>>>> can, and falls back to WPA for the machine that cannot do WPA2.
>>>>>>>
>>>>>>> MAC address filtering is enabled, SSID hidden and changed on an
>>>>>>> irregular basis. Call me paranoid, but what is the possibility that
>>>>>>> someone intercepts packets in the air and cracks my key ? Finds a MAC
>>>>>>> address for one connected machine and uses it on his laptop to associate
>>>>>>> with the router ?
>>>>>>>
>>>>>>> Not that I have something to hide, or that any of my computers contains
>>>>>>> anything precious, but I know too much about WLAN insecurity to feel safe.
>>>>>>>
>>>>>>> Thanks
>>>>>>>
>>>>>>> Lorenzo
>>>>>> --
>>>>>>
>>>>>> Barb Bowman
>>>>>> MS Windows-MVP
>>>>>> Expert Zone & Vista Community Columnist
>>>>>> http://www.microsoft.com/windowsxp/e...ts/bowman.mspx
>>>>>> http://blogs.digitalmediaphile.com/barb/
>>>> --
>>>>
>>>> Barb Bowman
>>>> MS Windows-MVP
>>>> Expert Zone & Vista Community Columnist
>>>> http://www.microsoft.com/windowsxp/e...ts/bowman.mspx
>>>> http://blogs.digitalmediaphile.com/barb/
>> --
>>
>> Barb Bowman
>> MS Windows-MVP
>> Expert Zone & Vista Community Columnist
>> http://www.microsoft.com/windowsxp/e...ts/bowman.mspx
>> http://blogs.digitalmediaphile.com/barb/
--

Barb Bowman
MS Windows-MVP
Expert Zone & Vista Community Columnist
http://www.microsoft.com/windowsxp/e...ts/bowman.mspx
http://blogs.digitalmediaphile.com/barb/

I'll ask D-link Finland and report back, in case this would serve
someone else too. I hope the DWA-652 will be available here too soon.

Lorenzo

Barb Bowman wrote:
> the 645 is older. could be a firmware thing. i have a 652 and the
> expresscard one. i don't know if the firmware for the router is
> different in Europe either.
>
> On Sun, 29 Apr 2007 17:52:33 +0300, Lorenzo Sandini
> wrote:
>
>> It's the DWA-645, http://www.dlink.com/products/?sec=0&pid=489. Nothing
>> specific in the user's guide I am afraid.
>>
>> Apparently in Finland we don't have the DWA-652. I don't know exactly
>> what is the difference though. A hint maybe ?
>>
>> Lorenzo
>>
>>
>>
>> Barb Bowman wrote:
>>> which NIC do you see this on? I use only N clients on the 655 and
>>> have an AP for G only clients.
>>>
>>> On Sat, 28 Apr 2007 22:23:08 +0300, Lorenzo Sandini
>>> wrote:
>>>
>>>> 1.02, and connection "speed" is set to "Automatic best".
>>>>
>>>> Could you check with yours please, if it's not too much asking?
>>>>
>>>> Thanks
>>>>
>>>> Lorenzo
>>>>
>>>>
>>>> Barb Bowman wrote:
>>>>> must be something in the driver and/or router firmware. I don't
>>>>> think that the draft N spec mandates WPA2 to trigger anything. I've
>>>>> been running with WPA2 since I received the DIR655 so I haven't
>>>>> experienced this. What firmware is in the router?
>>>>>
>>>>> On Sat, 28 Apr 2007 20:28:49 +0300, Lorenzo Sandini
>>>>> wrote:
>>>>>
>>>>>> I noticed that WPA2 must be enabled in order to get the maximum
>>>>>> throughput. When I chose WPA-TKIP, max speed is 54Mbps, while with
>>>>>> WPA2-AES I get 300Mbps. Is it by design ?
>>>>>>
>>>>>> Lorenzo
>>>>>>
>>>>>>
>>>>>> Barb Bowman wrote:
>>>>>>> a "dictionary" attack is the onlly real method for breaking WPA. Use
>>>>>>> an extremely long random key (you probably have support for Windows
>>>>>>> Connect Now so you can use the Network Wizard to generate one for
>>>>>>> you).
>>>>>>>
>>>>>>> I've got the same setup here with the same hardware (more or less).
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Fri, 27 Apr 2007 11:47:32 +0300, Lorenzo Sandini
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I just changed my old trusty D-Link DGL-4300 router for a DIR-655, that
>>>>>>>> uses the 802.11n draft technology. Almost all my computers are wired,
>>>>>>>> but I need that wireless link for a couple of them. I fitted those
>>>>>>>> machines with D-Link 802.11n NICS (one PCI and one Cardbus), so WPA2
>>>>>>>> will be used.
>>>>>>>>
>>>>>>>> Unfortunately, I have to keep a DWL-650G (108Mbps) in one machine,
>>>>>>>> forcing me to use WPA too. The router negotiates WPA2 with machines that
>>>>>>>> can, and falls back to WPA for the machine that cannot do WPA2.
>>>>>>>>
>>>>>>>> MAC address filtering is enabled, SSID hidden and changed on an
>>>>>>>> irregular basis. Call me paranoid, but what is the possibility that
>>>>>>>> someone intercepts packets in the air and cracks my key ? Finds a MAC
>>>>>>>> address for one connected machine and uses it on his laptop to associate
>>>>>>>> with the router ?
>>>>>>>>
>>>>>>>> Not that I have something to hide, or that any of my computers contains
>>>>>>>> anything precious, but I know too much about WLAN insecurity to feel safe.
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>>
>>>>>>>> Lorenzo

D-link's answer was useless I am afraid. It was in finnish, but in a
nutshell, it was like this:

"Your setup should work, load the latest firmware for the router and use
the latest drivers for the NICs."

Should work... what is that supposed to mean ?

Oh well...

Lorenzo



Lorenzo Sandini wrote:
> I'll ask D-link Finland and report back, in case this would serve
> someone else too. I hope the DWA-652 will be available here too soon.
>
> Lorenzo
>
> Barb Bowman wrote:
>> the 645 is older. could be a firmware thing. i have a 652 and the
>> expresscard one. i don't know if the firmware for the router is
>> different in Europe either.
>> On Sun, 29 Apr 2007 17:52:33 +0300, Lorenzo Sandini
>> wrote:
>>
>>> It's the DWA-645, http://www.dlink.com/products/?sec=0&pid=489.
>>> Nothing specific in the user's guide I am afraid.
>>>
>>> Apparently in Finland we don't have the DWA-652. I don't know exactly
>>> what is the difference though. A hint maybe ?
>>>
>>> Lorenzo
>>>
>>>
>>>
>>> Barb Bowman wrote:
>>>> which NIC do you see this on? I use only N clients on the 655 and
>>>> have an AP for G only clients.
>>>> On Sat, 28 Apr 2007 22:23:08 +0300, Lorenzo Sandini
>>>> wrote:
>>>>
>>>>> 1.02, and connection "speed" is set to "Automatic best".
>>>>>
>>>>> Could you check with yours please, if it's not too much asking?
>>>>>
>>>>> Thanks
>>>>>
>>>>> Lorenzo
>>>>>
>>>>>
>>>>> Barb Bowman wrote:
>>>>>> must be something in the driver and/or router firmware. I don't
>>>>>> think that the draft N spec mandates WPA2 to trigger anything. I've
>>>>>> been running with WPA2 since I received the DIR655 so I haven't
>>>>>> experienced this. What firmware is in the router?
>>>>>>
>>>>>> On Sat, 28 Apr 2007 20:28:49 +0300, Lorenzo Sandini
>>>>>> wrote:
>>>>>>
>>>>>>> I noticed that WPA2 must be enabled in order to get the maximum
>>>>>>> throughput. When I chose WPA-TKIP, max speed is 54Mbps, while
>>>>>>> with WPA2-AES I get 300Mbps. Is it by design ?
>>>>>>>
>>>>>>> Lorenzo
>>>>>>>
>>>>>>>
>>>>>>> Barb Bowman wrote:
>>>>>>>> a "dictionary" attack is the onlly real method for breaking WPA.
>>>>>>>> Use
>>>>>>>> an extremely long random key (you probably have support for Windows
>>>>>>>> Connect Now so you can use the Network Wizard to generate one for
>>>>>>>> you).
>>>>>>>> I've got the same setup here with the same hardware (more or less).
>>>>>>>>
>>>>>>>>
>>>>>>>> On Fri, 27 Apr 2007 11:47:32 +0300, Lorenzo Sandini
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> I just changed my old trusty D-Link DGL-4300 router for a
>>>>>>>>> DIR-655, that uses the 802.11n draft technology. Almost all my
>>>>>>>>> computers are wired, but I need that wireless link for a couple
>>>>>>>>> of them. I fitted those machines with D-Link 802.11n NICS (one
>>>>>>>>> PCI and one Cardbus), so WPA2 will be used.
>>>>>>>>>
>>>>>>>>> Unfortunately, I have to keep a DWL-650G (108Mbps) in one
>>>>>>>>> machine, forcing me to use WPA too. The router negotiates WPA2
>>>>>>>>> with machines that can, and falls back to WPA for the machine
>>>>>>>>> that cannot do WPA2.
>>>>>>>>>
>>>>>>>>> MAC address filtering is enabled, SSID hidden and changed on an
>>>>>>>>> irregular basis. Call me paranoid, but what is the possibility
>>>>>>>>> that someone intercepts packets in the air and cracks my key ?
>>>>>>>>> Finds a MAC address for one connected machine and uses it on
>>>>>>>>> his laptop to associate with the router ?
>>>>>>>>>
>>>>>>>>> Not that I have something to hide, or that any of my computers
>>>>>>>>> contains anything precious, but I know too much about WLAN
>>>>>>>>> insecurity to feel safe.
>>>>>>>>>
>>>>>>>>> Thanks
>>>>>>>>>
>>>>>>>>> Lorenzo

I run WPA2 on everything here and have good speed and distance.
Numbers aside, different operating systems can report "speed"
differently. Depending on hardware/drivers etc.

On Wed, 02 May 2007 09:08:43 +0300, Lorenzo Sandini
wrote:

>D-link's answer was useless I am afraid. It was in finnish, but in a
>nutshell, it was like this:
>
>"Your setup should work, load the latest firmware for the router and use
>the latest drivers for the NICs."
>
>Should work... what is that supposed to mean ?
>
>Oh well...
>
>Lorenzo
>
>
>
>Lorenzo Sandini wrote:
>> I'll ask D-link Finland and report back, in case this would serve
>> someone else too. I hope the DWA-652 will be available here too soon.
>>
>> Lorenzo
>>
>> Barb Bowman wrote:
>>> the 645 is older. could be a firmware thing. i have a 652 and the
>>> expresscard one. i don't know if the firmware for the router is
>>> different in Europe either.
>>> On Sun, 29 Apr 2007 17:52:33 +0300, Lorenzo Sandini
>>> wrote:
>>>
>>>> It's the DWA-645, http://www.dlink.com/products/?sec=0&pid=489.
>>>> Nothing specific in the user's guide I am afraid.
>>>>
>>>> Apparently in Finland we don't have the DWA-652. I don't know exactly
>>>> what is the difference though. A hint maybe ?
>>>>
>>>> Lorenzo
>>>>
>>>>
>>>>
>>>> Barb Bowman wrote:
>>>>> which NIC do you see this on? I use only N clients on the 655 and
>>>>> have an AP for G only clients.
>>>>> On Sat, 28 Apr 2007 22:23:08 +0300, Lorenzo Sandini
>>>>> wrote:
>>>>>
>>>>>> 1.02, and connection "speed" is set to "Automatic best".
>>>>>>
>>>>>> Could you check with yours please, if it's not too much asking?
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>> Lorenzo
>>>>>>
>>>>>>
>>>>>> Barb Bowman wrote:
>>>>>>> must be something in the driver and/or router firmware. I don't
>>>>>>> think that the draft N spec mandates WPA2 to trigger anything. I've
>>>>>>> been running with WPA2 since I received the DIR655 so I haven't
>>>>>>> experienced this. What firmware is in the router?
>>>>>>>
>>>>>>> On Sat, 28 Apr 2007 20:28:49 +0300, Lorenzo Sandini
>>>>>>> wrote:
>>>>>>>
>>>>>>>> I noticed that WPA2 must be enabled in order to get the maximum
>>>>>>>> throughput. When I chose WPA-TKIP, max speed is 54Mbps, while
>>>>>>>> with WPA2-AES I get 300Mbps. Is it by design ?
>>>>>>>>
>>>>>>>> Lorenzo
>>>>>>>>
>>>>>>>>
>>>>>>>> Barb Bowman wrote:
>>>>>>>>> a "dictionary" attack is the onlly real method for breaking WPA.
>>>>>>>>> Use
>>>>>>>>> an extremely long random key (you probably have support for Windows
>>>>>>>>> Connect Now so you can use the Network Wizard to generate one for
>>>>>>>>> you).
>>>>>>>>> I've got the same setup here with the same hardware (more or less).
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Fri, 27 Apr 2007 11:47:32 +0300, Lorenzo Sandini
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> I just changed my old trusty D-Link DGL-4300 router for a
>>>>>>>>>> DIR-655, that uses the 802.11n draft technology. Almost all my
>>>>>>>>>> computers are wired, but I need that wireless link for a couple
>>>>>>>>>> of them. I fitted those machines with D-Link 802.11n NICS (one
>>>>>>>>>> PCI and one Cardbus), so WPA2 will be used.
>>>>>>>>>>
>>>>>>>>>> Unfortunately, I have to keep a DWL-650G (108Mbps) in one
>>>>>>>>>> machine, forcing me to use WPA too. The router negotiates WPA2
>>>>>>>>>> with machines that can, and falls back to WPA for the machine
>>>>>>>>>> that cannot do WPA2.
>>>>>>>>>>
>>>>>>>>>> MAC address filtering is enabled, SSID hidden and changed on an
>>>>>>>>>> irregular basis. Call me paranoid, but what is the possibility
>>>>>>>>>> that someone intercepts packets in the air and cracks my key ?
>>>>>>>>>> Finds a MAC address for one connected machine and uses it on
>>>>>>>>>> his laptop to associate with the router ?
>>>>>>>>>>
>>>>>>>>>> Not that I have something to hide, or that any of my computers
>>>>>>>>>> contains anything precious, but I know too much about WLAN
>>>>>>>>>> insecurity to feel safe.
>>>>>>>>>>
>>>>>>>>>> Thanks
>>>>>>>>>>
>>>>>>>>>> Lorenzo
--

Barb Bowman
MS Windows-MVP
Expert Zone & Vista Community Columnist
http://www.microsoft.com/windowsxp/e...ts/bowman.mspx
http://blogs.digitalmediaphile.com/barb/

I removed the latest driver for the DWA-645 card, and re-installed from
the CD, along with the D-link wireless utility.

I disabled the windows wireless zero configuration, and configured the
encryption to WPA2-PSK (AES), with now a perfectly working setup and no
more warning bubbles. And 300Mbps is availbale even with WPA-PSK (TKIP)
now, while it sed to fall back to 54 Mbps with the "latest driver" from
D-link Finland.

Thanks to all for your input.

Lorenzo

Barb Bowman wrote:
> I run WPA2 on everything here and have good speed and distance.
> Numbers aside, different operating systems can report "speed"
> differently. Depending on hardware/drivers etc.
>
> On Wed, 02 May 2007 09:08:43 +0300, Lorenzo Sandini
> wrote:
>
>> D-link's answer was useless I am afraid. It was in finnish, but in a
>> nutshell, it was like this:
>>
>> "Your setup should work, load the latest firmware for the router and use
>> the latest drivers for the NICs."
>>
>> Should work... what is that supposed to mean ?
>>
>> Oh well...
>>
>> Lorenzo
>>
>>
>>
>> Lorenzo Sandini wrote:
>>> I'll ask D-link Finland and report back, in case this would serve
>>> someone else too. I hope the DWA-652 will be available here too soon.
>>>
>>> Lorenzo
>>>
>>> Barb Bowman wrote:
>>>> the 645 is older. could be a firmware thing. i have a 652 and the
>>>> expresscard one. i don't know if the firmware for the router is
>>>> different in Europe either.
>>>> On Sun, 29 Apr 2007 17:52:33 +0300, Lorenzo Sandini
>>>> wrote:
>>>>
>>>>> It's the DWA-645, http://www.dlink.com/products/?sec=0&pid=489.
>>>>> Nothing specific in the user's guide I am afraid.
>>>>>
>>>>> Apparently in Finland we don't have the DWA-652. I don't know exactly
>>>>> what is the difference though. A hint maybe ?
>>>>>
>>>>> Lorenzo
>>>>>
>>>>>
>>>>>
>>>>> Barb Bowman wrote:
>>>>>> which NIC do you see this on? I use only N clients on the 655 and
>>>>>> have an AP for G only clients.
>>>>>> On Sat, 28 Apr 2007 22:23:08 +0300, Lorenzo Sandini
>>>>>> wrote:
>>>>>>
>>>>>>> 1.02, and connection "speed" is set to "Automatic best".
>>>>>>>
>>>>>>> Could you check with yours please, if it's not too much asking?
>>>>>>>
>>>>>>> Thanks
>>>>>>>
>>>>>>> Lorenzo
>>>>>>>
>>>>>>>
>>>>>>> Barb Bowman wrote:
>>>>>>>> must be something in the driver and/or router firmware. I don't
>>>>>>>> think that the draft N spec mandates WPA2 to trigger anything. I've
>>>>>>>> been running with WPA2 since I received the DIR655 so I haven't
>>>>>>>> experienced this. What firmware is in the router?
>>>>>>>>
>>>>>>>> On Sat, 28 Apr 2007 20:28:49 +0300, Lorenzo Sandini
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> I noticed that WPA2 must be enabled in order to get the maximum
>>>>>>>>> throughput. When I chose WPA-TKIP, max speed is 54Mbps, while
>>>>>>>>> with WPA2-AES I get 300Mbps. Is it by design ?
>>>>>>>>>
>>>>>>>>> Lorenzo
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Barb Bowman wrote:
>>>>>>>>>> a "dictionary" attack is the onlly real method for breaking WPA.
>>>>>>>>>> Use
>>>>>>>>>> an extremely long random key (you probably have support for Windows
>>>>>>>>>> Connect Now so you can use the Network Wizard to generate one for
>>>>>>>>>> you).
>>>>>>>>>> I've got the same setup here with the same hardware (more or less).
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Fri, 27 Apr 2007 11:47:32 +0300, Lorenzo Sandini
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi,
>>>>>>>>>>>
>>>>>>>>>>> I just changed my old trusty D-Link DGL-4300 router for a
>>>>>>>>>>> DIR-655, that uses the 802.11n draft technology. Almost all my
>>>>>>>>>>> computers are wired, but I need that wireless link for a couple
>>>>>>>>>>> of them. I fitted those machines with D-Link 802.11n NICS (one
>>>>>>>>>>> PCI and one Cardbus), so WPA2 will be used.
>>>>>>>>>>>
>>>>>>>>>>> Unfortunately, I have to keep a DWL-650G (108Mbps) in one
>>>>>>>>>>> machine, forcing me to use WPA too. The router negotiates WPA2
>>>>>>>>>>> with machines that can, and falls back to WPA for the machine
>>>>>>>>>>> that cannot do WPA2.
>>>>>>>>>>>
>>>>>>>>>>> MAC address filtering is enabled, SSID hidden and changed on an
>>>>>>>>>>> irregular basis. Call me paranoid, but what is the possibility
>>>>>>>>>>> that someone intercepts packets in the air and cracks my key ?
>>>>>>>>>>> Finds a MAC address for one connected machine and uses it on
>>>>>>>>>>> his laptop to associate with the router ?
>>>>>>>>>>>
>>>>>>>>>>> Not that I have something to hide, or that any of my computers
>>>>>>>>>>> contains anything precious, but I know too much about WLAN
>>>>>>>>>>> insecurity to feel safe.
>>>>>>>>>>>
>>>>>>>>>>> Thanks
>>>>>>>>>>>
>>>>>>>>>>> Lorenzo
> --
>
> Barb Bowman
> MS Windows-MVP
> Expert Zone & Vista Community Columnist
> http://www.microsoft.com/windowsxp/e...ts/bowman.mspx
> http://blogs.digitalmediaphile.com/barb/