Friday, August 27, 2004
Tuesday, August 17, 2004
My experience getting shell prompt on Linksys WRT54G
This amazing little cheap wireless router can be customized with a new version of linux or extra user applications by making use of a PING backdoor. The PING backdoor allows you to send commands to the box through a PING diagnostic command running from its httpd service.
Step 1:
Get the box connected your computer by plugging the supplied ethernet cable into a free network port on your PC and one of the 4 network ports on the Linksys (Not the port which is called internet)
Step 2:
Make sure the port you are using on your PC has DHCP enabled. Your machine will be given an IP address in the range 192.168.1.x. The Linksys is always 192.168.1.1 by default. Try to ping the Linksys box
#ping 192.168.1.1
Step 3:
Open a web browser (make sure your proxy is turned off or set a proxy exception for 192.168.1.1). Open the Linksys web administration page opening the following URL
http://192.168.1.1
Browse around here and check some its cool features.
Step 4:
Now it's time to test out the PING backdoor:
Go to the Administration - Diagnostic screen and click on PING
In the box "IP Address or Domain Name:", type
'ls>tmp/ping.log"
Wow - who would have thought you can execute commands on the box using PING - this backdoor will be exploited later to access the box and upload programs to it.
Step 5:
Download and configure the batbox installation
Batbox site (seems to be problem with dns at the moment)
Local site (alternative location)
Unzip this with
# gunzip < wrt54g-0.51.tar.gz.tar | tar xvf -
Look at the README file
Edit the script wrt54g.sh and make the following changes
PASSWORD=admin
If you have java installed you can leave the script as is If you don't have java but you do have wget installed uncomment the lines
# PROGRAM="wget --quiet ....
# EXTRA="" ....
if you don't have wget or java installed make sure you install these If you are using cygwin: MAke sure ttcp is installed and copy the ttcp program from /usr/bin to the current wrt54g directory
Step 6:
Execute the script # ./wrt54g.sh After the script executes, you should be able to telnet to the box # telnet 192.168.1.1
The script also installs a new page on the web server, access it by going to the following URL
http://192.168.1.1:8000/
Step 7:
Get the cross compiler tools for MIPS from
Batbox site
and start compiling and testing your own applications ...
soon to follow - instructions and transferring your own application - will be based on the batbox script
Step 1:
Get the box connected your computer by plugging the supplied ethernet cable into a free network port on your PC and one of the 4 network ports on the Linksys (Not the port which is called internet)
Step 2:
Make sure the port you are using on your PC has DHCP enabled. Your machine will be given an IP address in the range 192.168.1.x. The Linksys is always 192.168.1.1 by default. Try to ping the Linksys box
#ping 192.168.1.1
Step 3:
Open a web browser (make sure your proxy is turned off or set a proxy exception for 192.168.1.1). Open the Linksys web administration page opening the following URL
http://192.168.1.1
Browse around here and check some its cool features.
Step 4:
Now it's time to test out the PING backdoor:
Go to the Administration - Diagnostic screen and click on PING
In the box "IP Address or Domain Name:", type
'ls>tmp/ping.log"
Wow - who would have thought you can execute commands on the box using PING - this backdoor will be exploited later to access the box and upload programs to it.
Step 5:
Download and configure the batbox installation
Batbox site (seems to be problem with dns at the moment)
Local site (alternative location)
Unzip this with
# gunzip < wrt54g-0.51.tar.gz.tar | tar xvf -
Look at the README file
Edit the script wrt54g.sh and make the following changes
PASSWORD=admin
If you have java installed you can leave the script as is If you don't have java but you do have wget installed uncomment the lines
# PROGRAM="wget --quiet ....
# EXTRA="" ....
if you don't have wget or java installed make sure you install these If you are using cygwin: MAke sure ttcp is installed and copy the ttcp program from /usr/bin to the current wrt54g directory
Step 6:
Execute the script # ./wrt54g.sh After the script executes, you should be able to telnet to the box # telnet 192.168.1.1
The script also installs a new page on the web server, access it by going to the following URL
http://192.168.1.1:8000/
Step 7:
Get the cross compiler tools for MIPS from
Batbox site
and start compiling and testing your own applications ...
soon to follow - instructions and transferring your own application - will be based on the batbox script
Friday, August 13, 2004
Ad hoc protocol list - Wikipedia, the free encyclopedia
Full list of all ad-hoc protocols - scary if we need to work through all of these
Ad hoc protocol list - Wikipedia, the free encyclopedia
Ad hoc protocol list - Wikipedia, the free encyclopedia
Tuesday, August 10, 2004
DAKnet a wireless store and forward solution in India
Interesting way of getting access to rural areas without the use of fixed access points. Information is stored and forwarded when the mobile access point vehicle drives past.
Media Lab Asia -- Research
Media Lab Asia -- Research
Monday, August 09, 2004
Mesh, IP allocation and IP Routing
One of the ourstganding issues amongst the mesh gurus is the issue of IP allocation. The general approach is to assign each person in the mesh a staic Ip in the 10.x.x.x or 192.168.x.x range. The ideal is to give everyone a generic box - they install it, turn it on, and it automatically gets assigned an IP, updates it's routing table based on the mesh routing algorithm being used, gets a gateway and a dns (basically like DHCP)
Here is a discussion about handing out IP's between networked PC's with multiple hops
[BAWUG] Mesh, IP allocation and IP Routing
Here is a discussion about handing out IP's between networked PC's with multiple hops
[BAWUG] Mesh, IP allocation and IP Routing
Wireless community network - definition
Good definitition with complete list of wireless community network activities in North Ameria, Europe and Australia
Wireless community network - Wikipedia, the free encyclopedia
Wireless community network - Wikipedia, the free encyclopedia
MIT mesh networking home pages
This describes their grid project
The Grid Ad�Hoc Networking Project
This describes their outdoor rooftop network
MIT Rooftop
Let's download their software and test it
MIT software
The Grid Ad�Hoc Networking Project
This describes their outdoor rooftop network
MIT Rooftop
Let's download their software and test it
MIT software
Setting up a Linux machine to become an access point
1. Make sure you install dhcpd off the Mandrake disks
2. Put the Wireless card into access point mode with the following example script /etc/sysconfig/network-scripts/ifcfg-wifi0
DEVICE=wifi0
BOOTPROTO=static
IPADDR=192.168.0.1
ONBOOT=yes
NETMASK=255.255.255.0
NETWORK=192.168.0.0
BROADCAST=192.168.0.255
DHCP_TIMEOUT=5
WIRELESS_MODE=Master
WIRELESS_ESSID=mesh
WIRELESS_CHANNEL=10
3. run ifup wifi0
4. copy /etc/dhcpd.conf.sample (this file only exisits the first time you install dhcpd) to dhcpd.conf ... Change the IP address allocations in this file to suite your needs
5. start dhcpd with /etc/rc.d/init.d/dhcpd
6. Check the /var/lib/dhcpd/dhcpd.leases to check which IP addresses are being assigned
2. Put the Wireless card into access point mode with the following example script /etc/sysconfig/network-scripts/ifcfg-wifi0
DEVICE=wifi0
BOOTPROTO=static
IPADDR=192.168.0.1
ONBOOT=yes
NETMASK=255.255.255.0
NETWORK=192.168.0.0
BROADCAST=192.168.0.255
DHCP_TIMEOUT=5
WIRELESS_MODE=Master
WIRELESS_ESSID=mesh
WIRELESS_CHANNEL=10
3. run ifup wifi0
4. copy /etc/dhcpd.conf.sample (this file only exisits the first time you install dhcpd) to dhcpd.conf ... Change the IP address allocations in this file to suite your needs
5. start dhcpd with /etc/rc.d/init.d/dhcpd
6. Check the /var/lib/dhcpd/dhcpd.leases to check which IP addresses are being assigned
Sunday, August 08, 2004
Setting up the SANOA card in linux
1. Download the hostap driver from ftp://edna.icomtek.csir.co.za/pub/drivers ... This driver ensures that the SANOA card can run in Access point mode as well as Ad-Hoc and Infrastructure
2. Unzip using gunzip < hostap-driver-0.2.4.tar.gz | tar xvf -
3. Change Makefile to include KERNEL_PATH ... KERNEL_PATH=/usr/src/linux
4. Run 'make'
5. run 'make install'
6. Restart card manager using /etc/rc.d/init.d/pcmcia restart
If you are using the PCI to PCMCIA bridge card with the RLSC475 chipset follow these steps
1. Edit the file /etc/sysconfig/pcmcia to include these lines
PCMCIA=yes
PCIC=RLSC475
2. Run /etc/rc.d/init.d/pcmcia restart
2. Unzip using gunzip < hostap-driver-0.2.4.tar.gz | tar xvf -
3. Change Makefile to include KERNEL_PATH ... KERNEL_PATH=/usr/src/linux
4. Run 'make'
5. run 'make install'
6. Restart card manager using /etc/rc.d/init.d/pcmcia restart
If you are using the PCI to PCMCIA bridge card with the RLSC475 chipset follow these steps
1. Edit the file /etc/sysconfig/pcmcia to include these lines
PCMCIA=yes
PCIC=RLSC475
2. Run /etc/rc.d/init.d/pcmcia restart
Linux network configurations tips
Linux network configuration
1. Setting IP address and modes of interface
The file /etc/sysconfig/network-scripts/ifcfg-eth0 contains all the settingsfor interface eth0 including
IP allocation type (static or dynamic)
IP Address
Subnet mask
Broadcast address
Wireless mode
wireless channel
type
# man ifcfg
to see all the options for this config file
Use
# ifup eth0
to bring eth0 network interface up using the script ifcfg-eth0
#ifdown eth0
to pull the eth0 interface down
2. The DNS nameserver
The file /etc/resolve.conf contains the nameserver (dns) to use for the network
3. The gateway and other network routes
To see the current network routes type
# route
This will show you all the routes which the network is currently using
To add a new route for interface eth0 type
# route add -net 10.0.0.0 netmask 255.255.255.0 dev eth0
This adds a route to the network 10.0.0.0 using device eth0
# route add default gw 10.0.0.8
Adds a default route which will be used if no other route matches.
There should be an existing route, in this case, to 10.0.0.8 through some interface.
1. Setting IP address and modes of interface
The file /etc/sysconfig/network-scripts/ifcfg-eth0 contains all the settingsfor interface eth0 including
IP allocation type (static or dynamic)
IP Address
Subnet mask
Broadcast address
Wireless mode
wireless channel
type
# man ifcfg
to see all the options for this config file
Use
# ifup eth0
to bring eth0 network interface up using the script ifcfg-eth0
#ifdown eth0
to pull the eth0 interface down
2. The DNS nameserver
The file /etc/resolve.conf contains the nameserver (dns) to use for the network
3. The gateway and other network routes
To see the current network routes type
# route
This will show you all the routes which the network is currently using
To add a new route for interface eth0 type
# route add -net 10.0.0.0 netmask 255.255.255.0 dev eth0
This adds a route to the network 10.0.0.0 using device eth0
# route add default gw 10.0.0.8
Adds a default route which will be used if no other route matches.
There should be an existing route, in this case, to 10.0.0.8 through some interface.
Good wireless and networking to install off the Mandrake CD's - and some install tips
1. Kismet: An 802.11 network sniffer and network detecter
Common applications Kismet is useful for:
- Wardriving: Mobile detection of wireless networks, logging and mapping
of network location, WEP, etc.
- Site survey: Monitoring and graphing signal strength and location.
- Distributed IDS: Multiple Remote Drone sniffers distributed throughout
an installation monitored by a single server, possibly combined with a
layer3 IDS like Snort.
- Rogue AP Detection: Stationary or mobile sniffers to enforce site policy
against rogue access points.
Setup tips
Make sure you set up the following in /etc/kismet.conf or they may be in /usr/local/etc/kismet.conf
1. Setup the target suiduser: eg. suiduser=djohnson
2. Setup the capture sources using the 'source' directive: eg. source=hostap_prism2,wifi0,david (this works for the SANOA cards)
Change to root
run kismet_monitor to put the wifi card into monitor mode
run kismet
When you are finished using kismet
run kismet_unmonitor to put the wifi card back into it's previous mode
2. Ethereal: A network traffic analyser - this is used to view the network packet dumps produced by Kismet
3. Etherape: A graphical network viewer
Common applications Kismet is useful for:
- Wardriving: Mobile detection of wireless networks, logging and mapping
of network location, WEP, etc.
- Site survey: Monitoring and graphing signal strength and location.
- Distributed IDS: Multiple Remote Drone sniffers distributed throughout
an installation monitored by a single server, possibly combined with a
layer3 IDS like Snort.
- Rogue AP Detection: Stationary or mobile sniffers to enforce site policy
against rogue access points.
Setup tips
Make sure you set up the following in /etc/kismet.conf or they may be in /usr/local/etc/kismet.conf
1. Setup the target suiduser: eg. suiduser=djohnson
2. Setup the capture sources using the 'source' directive: eg. source=hostap_prism2,wifi0,david (this works for the SANOA cards)
Change to root
run kismet_monitor to put the wifi card into monitor mode
run kismet
When you are finished using kismet
run kismet_unmonitor to put the wifi card back into it's previous mode
2. Ethereal: A network traffic analyser - this is used to view the network packet dumps produced by Kismet
3. Etherape: A graphical network viewer
MeshDynamics--High Performance Mesh Networks for HotZones and Metro
This company claims that only their proprietry mesh network (Structured Mesh) can create useable city wide mesh networks.
MeshDynamics--High Performance Mesh Networks for HotZones and Metro
MeshDynamics--High Performance Mesh Networks for HotZones and Metro
Daily Wireless - Ugly truth about mesh networks
This is why it is so important to build a real experimental mesh network which will be tested under high usage situations
Read the first argument and the counter-arguments to get the whole picture in this article
Daily Wireless - Ugly truth about mesh networks
Read the first argument and the counter-arguments to get the whole picture in this article
Daily Wireless - Ugly truth about mesh networks
Wednesday, August 04, 2004
IP addresses for the office mesh
It appears that we need to use static IP addresses for the mobile mesh network. For Computers in Building 43 - here are the current IP address assignments
Anyone that wants to become part of the mesh must contact me for an IP address
10.0.0.2 - Lawrence: Free-BSD machine 1
10.0.0.3 - Lawrence: Mandrake Linux machine 2
10.0.0.4 - Andrew: Mandrake Linux machine
10.0.0.5 - David: Edna Mandrake Linux machine (can be used as a gateway)
10.0.0.6 - David: Mandrake Linux laptop
10.0.0.7 - Andrew/Kim: Debian Linux Digital doorway machine
10.0.0.3 - Lawrence: Mandrake Linux machine 2
10.0.0.4 - Andrew: Mandrake Linux machine
10.0.0.5 - David: Edna Mandrake Linux machine (can be used as a gateway)
10.0.0.6 - David: Mandrake Linux laptop
10.0.0.7 - Andrew/Kim: Debian Linux Digital doorway machine
10.0.0.8 - Albert: Laptop Windows machine
10.0.0.9 - David/Kim: Norbit Mandrake Linux machine
10.0.0.10 - Kim: Desktop Windows machine
10.0.0.11 - Ajay: Desktop windows machine
10.0.0.12 - Yusuf: Desktop windows machine
10.0.0.13 - Andrew: Desktop windows machine
10.0.0.9 - David/Kim: Norbit Mandrake Linux machine
10.0.0.10 - Kim: Desktop Windows machine
10.0.0.11 - Ajay: Desktop windows machine
10.0.0.12 - Yusuf: Desktop windows machine
10.0.0.13 - Andrew: Desktop windows machine
Anyone that wants to become part of the mesh must contact me for an IP address
Monday, August 02, 2004
Sunday, August 01, 2004
Radio theory and link planning for Wireless LAN (WLAN) - good summary
Radio theory and link planning for Wireless LAN (WLAN)
Everyone should know the free space loss equation in their head
Loss [ dB] = 32.44 + 20(Log(distance[km]) + Log(freq[MHz]))
Useful cable losses
RG58 = 1 dB/m
RG213 = -.6 dB/m
RG174 = 2 dB/m (often used in pigtails)
LMR-400 = 0.22 dB/m
Typical WiFi sensitivity for orinoco cards
11Mbps = -82dBm
5.5Mbps = -87dBm
2Mbps = -92dBm
1Mbps = -94dBm
Typical allowed signal to noise ratios for orinoco cards
11Mbps = 16dB
5.5Mbps = 11dB
2Mbps = 7dB
1Mbps = 4dB
Typical Noise level at 2.4GHz = -100dBm. Compute S/N level eg. at 11Mbps = -84dBm but sensitivity is -82dBm so sensitivity is the limiting factor.
Just worked out that with our 2 8dBi omnis, 2dB loss in the RF cable each side of the link and the 200mW SANOA cards it is possible to acheive a theoretical distance of 5km with a 3dB margin (margin probably a bit tight), 4km will give you a 5dB margin - probably more realistic.
Everyone should know the free space loss equation in their head
Loss [ dB] = 32.44 + 20(Log(distance[km]) + Log(freq[MHz]))
Useful cable losses
RG58 = 1 dB/m
RG213 = -.6 dB/m
RG174 = 2 dB/m (often used in pigtails)
LMR-400 = 0.22 dB/m
Typical WiFi sensitivity for orinoco cards
11Mbps = -82dBm
5.5Mbps = -87dBm
2Mbps = -92dBm
1Mbps = -94dBm
Typical allowed signal to noise ratios for orinoco cards
11Mbps = 16dB
5.5Mbps = 11dB
2Mbps = 7dB
1Mbps = 4dB
Typical Noise level at 2.4GHz = -100dBm. Compute S/N level eg. at 11Mbps = -84dBm but sensitivity is -82dBm so sensitivity is the limiting factor.
Just worked out that with our 2 8dBi omnis, 2dB loss in the RF cable each side of the link and the 200mW SANOA cards it is possible to acheive a theoretical distance of 5km with a 3dB margin (margin probably a bit tight), 4km will give you a 5dB margin - probably more realistic.
Subscribe to:
Posts (Atom)