Troubleshooting Q&A - April 15, 2004
The Wireless ThinkPad Blues
Adding a computer to your wireless network can occasionally be the simplest thing in the world, but at other times it can be more challenging than successfully evading the tax man. This week's Q&A offers a few general tips and some ThinkPad-specific tricks to try when all else fails.
By Ron Pacchiano
Q. I am the network manager for a small medical office in Long Island. A few weeks back I purchased a new laptop computer. Among its many features is an integrated mini-PCI 802.11 B/G wireless network card. Since I routinely move around my office, I thought it would be nice to take advantage of this feature. So I went out to the local electronics store and purchased a wireless access point to install on my network.
In only a few minutes I had both the laptop and access point successfully configured and communicating with my laptop. Some of my colleagues where a bit concerned about the security of our wireless network and asked me to secure it as best I could. So I decided to implement all of the security settings I could think of. I set the encryption level to 128-bit WEP, changed the default broadcast channel, enabled MAC filtering, and even disabled SSID broadcasting. Once the configuration was completed, my laptop had full access to our network and I felt we were pretty secure. I was quite pleased with this configuration and was amazed by how smoothly everything had worked out.
Then came the day when one of my bosses came in with his IBM ThinkPad. His ThinkPad also had a built-in 802.11B wireless adapter, and he asked me if I could configure it to work with our wireless network as well. Sure, no problem I said.
It was at this point that everything went wrong. For some strange reason, regardless of what I try, I just can't seem to get this ThinkPad to connect to our wireless network. I double-checked all of my wireless settings (encryption level, broadcast channel, SSID, MAC filter, etc.), and it just won't work. The thing that bothers me the most is that I know everything is configured and functioning correctly because MY laptop works just fine with the network the way it is.
Do you have any idea what could be causing this problem? I'm fresh out of ideas and would appreciate any assistance you might have. Thanks.
A. Actually I do have a couple of ideas for you to try. I had a similar problem about 6 months ago with a ThinkPad that belonged to a client of mine. This laptop had two problems that were making things difficult for me to get it online. The first was related to something called the IBM Configuration Manager. Essentially this utility was overriding the network settings that I had configured through Windows.
So even though I had configured the IP address and WEP encryption information correctly on the system, the IBM software was causing the system to ignore my settings and use an entirely different set of network parameters. Needless to say nothing worked and it was very frustrating. I would set the IP address and then run an IPCONFIG to verify the setting and see something totally different than what I had set. However, I would go back to look at my settings and everything was fine. Weird!
Check your system to see if your ThinkPad is also using this utility. If this is the case, you'll need to modify your network information from within the Configuration Manager itself or remove the utility from your system altogether.
You would think that once I solved that issue everything would have been OK. Well in typical PC fashion, it wasn't. Now even with the IP address and proper WEP security levels in place, I still wasn't able to connect to the wireless network.
After some head scratching I finally decided to try something kind of far fetched. I reconfigured the router to broadcast the SSID name. Like you, I had disabled it for increased security, and it worked fine on all of my systems. So I really didn't think this was necessary.
Sure enough, though, as soon as I disabled it I had access to the network. I disabled the SSID broadcast once again and as soon as I did the ThinkPad lost all conductivity to the network. For some reason, this ThinkPad only communicated with the network when SSID Broadcasting was enabled. I would suggest you try this and see what happens.
On the outside chance that neither of these solutions works for you, then I would resort to going back to the basics. It could be something simple like having configured the WEP key in the router with HEX and on the PC with ASCII. Or maybe it is something like the ThinkPad being configured for ADHoc as opposed to Infrastructure mode. Both of these scenarios would prevent the system from communicating.
After double-checking all the basics, if you still can't get the ThinkPad to work on the wireless network, I would check out IBM's website for any updated drivers, BIOS updates, or firmware revisions. If you find any go ahead and update the system. Hopefully that will resolve it.
As an absolute last resort, you could always try purchasing a PC Card-based wireless adapter made by the same vendor as the access point unit itself. While this is not the ideal solution, if the problem is being caused by some esoteric hardware or software incompatibility with the existing wireless adapter, then this would almost certainly get around it. I hope it all works out for you.
Q. I have BlackIce Defender running on my Windows XP Professional system. I recently added a Linksys Cable/DSL router to my home network. Since I've installed the router, the firewall has reported several "attacks" on my system. The router says that UDP port probes were coming from v2.vc.scd.yahoo.com and v7.vc.scd.yahoo.com.
There was also an entry saying "HTTP GET data contains script." How were these external addresses able to access my internal client through the router?
A. The reason your software firewall is logging the first two "attacks" is likely because you're running Yahoo! Messenger software on your computer. The IP addresses and domain names that were flagged are Yahoo! servers that provide Yahoo! Messenger's voice chat capabilities. The application uses UDP to transmit voice data, so use of the voice chat feature could cause these sorts of entries to appear. Even if you weren't using the voice chat feature at the time the entry was recorded, it could have been generated by the application scanning to see what ports were available to accept this type of traffic.
Also keep in mind that whenever a program like Yahoo! Messenger (or any other IM client or similar application, for that matter) is running, it has the ability to proactively initiate connections to communicate with its servers. You can be sure that the program has one or more open connections to its servers whenever it is running. If that weren't the case, you wouldn't be able to communicate with anyone unless you initiated the connection yourself.
This is why that external address was able to access your internal client through the router. The router automatically allows traffic from an external address if it is in response to a request that originated from inside your network.
In regards to the HTTP GET entry, this is typically the result of clicking a link on a Web page. You likely clicked on a link that referenced back to the address recorded by the log and the data returned by that address probably contained a script which BlackIce deemed harmful. Whether it actually was or not is impossible for me to say. However, if an IP address doesn't resolve back to a domain name, there is a good chance that it might be being used for something malicious.
Make note of the IP address logged with the HTTP GET entry. If you see a lot of these entries in the future, you can use a third party utility to try and track down where the attack might have originated from. While it may not be able to tell you the name of the person causing the problem, it can usually tell you which ISP the attacker is using. Authorities could then contact the ISP and inquire which of their customers is using this address, greatly easing the investigation.
One of the nicest utilities I've come across for this is a product called VisualRoute. VisualRoute combines essential networking utilities, including Trace route, Ping, WHOIS, and reverse DNS, into an easy to use graphical interface. It not only tells you who owns the IP address, but also shows you where in the world it originated from on a global map. It's a very cool product, and I highly recommend taking a look at it. More information on VisualRoute can be found at http://www.visualware.com/personal/products/visualroute/index.html.
Most hardware firewalls can detect certain types of common IP-based attacks, but they generally pay more attention to where the traffic is coming from as opposed to what kind of traffic it is. This is why a software firewall is usually a good compliment to a hardware router.
|Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums|