# Router troubles



## Sneakers (Nov 9, 2009)

I have a D-Link WBR-2310 wireless G router, and was told it was backwards compatible with Wireless B. Well, it connects to my Wii no troubles (It uses G and B), but my DS(Which uses B only) can't seem to connect to it...it senses it, but won't connect. I can't seem to get the dang router to pick up the DS system at all, and it connected to my Animal Crossing DS game in the past. I tried scanning the router via the web link it gives you, but I don't understand any of the stuff that pops up. I was only able to set my WEP password. I'm totally lost. I thought I'd have to get a new router, but the guy at Best Buy said it would work with it, cause it used B mode as well.

Any help would be most grateful.


----------



## net-cat (Nov 9, 2009)

Sneakers said:


> I have a D-Link


There's your problem! (I'm kidding. I'm not a big fan of D-Link, but you can probably make it work.)

What, exactly, are you trying to do? The Wi-Fi in the DS is exceedingly crippled.


----------



## Runefox (Nov 9, 2009)

If you're using WiFi on your D-Link router, make sure it's not set for WPA authentication, and make sure you're using WEP instead. The Nintendo DS is incompatible with WPA, and will refuse to connect to an access point using that security option.

Also, some routers have a "G Only" mode in their wireless setup options. As it turns out, D-Link offers a setup emulator (o__O!), which, as it turns out, does have a "802.11g Only Mode" checkbox under its wireless setup. Make sure that's unchecked! And make sure you're using WEP security under Wireless Security Mode.

For reference for us techies, here's a link to the rest of the emulators. They've got quite a few, including the old Di-series.


----------



## ToeClaws (Nov 9, 2009)

Semi-related issue here, but from a security perspective, one thing I've suggested to folks who want to put DS's or other WEP-only devices on their network is to create a secondary network within your primary, where it can be brought up only when needed, and be subject to much more strict and restrictive policy given that WEP is less secure.


----------



## Runefox (Nov 9, 2009)

ToeClaws said:


> Semi-related issue here, but from a security perspective, one thing I've suggested to folks who want to put DS's or other WEP-only devices on their network is to create a secondary network within your primary, where it can be brought up only when needed, and be subject to much more strict and restrictive policy given that WEP is less secure.



For that, you'd either need to do subnets (oh god), VPN's (consumer gear isn't really designed for that), or extra gear. A much better option would be to set up MAC address filtering. While it's not foolproof, it will limit the devices allowed to connect to a network only to those trusted devices that are included in the MAC list, and would force a would-be intruder to have to do more work to work out which MAC addresses are allowed on the network. Even better if you don't broadcast the SSID, but that's cutting the convenience level down quite far (fine by me, personally).

Wireless security overall is a tradeoff of usability and protection, and in the end, even with WPA authentication, a determined attacker will still get through. Personally, MAC filtering + disabling SSID broadcast gives me a fairly decent level of protection even with wireless security disabled (at least, in my area).


----------



## Sneakers (Nov 9, 2009)

net-cat said:


> There's your problem! (I'm kidding. I'm not a big fan of D-Link, but you can probably make it work.)
> 
> What, exactly, are you trying to do? The Wi-Fi in the DS is exceedingly crippled.



my D-Link works nicely....at least compared to what I had. I'm trying to connect to the router with my DS, muc like I can connect my Wii to the router.


----------



## Sneakers (Nov 9, 2009)

Runefox said:


> If you're using WiFi on your D-Link router, make sure it's not set for WPA authentication, and make sure you're using WEP instead. The Nintendo DS is incompatible with WPA, and will refuse to connect to an access point using that security option.
> 
> Also, some routers have a "G Only" mode in their wireless setup options. As it turns out, D-Link offers a setup emulator (o__O!), which, as it turns out, does have a "802.11g Only Mode" checkbox under its wireless setup. Make sure that's unchecked! And make sure you're using WEP security under Wireless Security Mode.
> 
> For reference for us techies, here's a link to the rest of the emulators. They've got quite a few, including the old Di-series.



I already know about WEP...I found out after spending a good amount of time reading and searching help pages to find out that it only used WEP...I had it to WPA. It's at WEP now, and like I said, it senses it, but just won't pick up. I'll try the links and fiddle with that. I spend another good hour scanning the router settings looking for the mode settings.


----------



## ToeClaws (Nov 9, 2009)

Runefox said:


> For that, you'd either need to do subnets (oh god), VPN's (consumer gear isn't really designed for that), or extra gear. A much better option would be to set up MAC address filtering. While it's not foolproof, it will limit the devices allowed to connect to a network only to those trusted devices that are included in the MAC list, and would force a would-be intruder to have to do more work to work out which MAC addresses are allowed on the network. Even better if you don't broadcast the SSID, but that's cutting the convenience level down quite far (fine by me, personally).
> 
> Wireless security overall is a tradeoff of usability and protection, and in the end, even with WPA authentication, a determined attacker will still get through. Personally, MAC filtering + disabling SSID broadcast gives me a fairly decent level of protection even with wireless security disabled (at least, in my area).



Easiest solution is usually secondary hardware.  You can pick up older WEP-only routers for around $20 on classified sites, and then yes you can set up stuff like MAC filtering, firewalls, time restrictions and so on, but most importantly - when you got a separate box, you can just unplug it when not using it.  The ability to firewall also allows you to protect the other boxes on your network from things that come from the less secure WEP network.  

Heh - totally right with the consumer VPN thing though, gods... you don't get decent solutions there until you start spending thousands of dollars on big corporate gear.

Overall, I'm no fan of wireless - even with my own, which is WPA2/AES, I only turn it on when I need it and turn it off again immediately when finished with it. :/


----------



## Runefox (Nov 9, 2009)

Sneakers said:


> I already know about WEP...I found out after spending a good amount of time reading and searching help pages to find out that it only used WEP...I had it to WPA. It's at WEP now, and like I said, it senses it, but just won't pick up. I'll try the links and fiddle with that. I spend another good hour scanning the router settings looking for the mode settings.



Make sure the "802.11g Mode Only" box isn't checked, and make sure you're near the router when you use your DS; I've had problems with connectivity on the DS even more than ten feet away from the router - The antenna in the DS sucks ass. Also, try disabling the "Suber G" option, and make sure the DS is set to automatically discover its IP address.



> Easiest solution is usually secondary hardware. You can pick up older WEP-only routers for around $20 on classified sites, and then yes you can set up stuff like MAC filtering, firewalls, time restrictions and so on, but most importantly - when you got a separate box, you can just unplug it when not using it. The ability to firewall also allows you to protect the other boxes on your network from things that come from the less secure WEP network.


Yeah, that's the major reason I was letting my pfSense box take care of my wireless (using the router as a bridge/switch) along with MAC filtering and the like. It also supports things like RADIUS and such; I really should try and get it running again sometime soon. The gigabit ethernet card I had in it for the WAN port drops the link when it tries to get an IP via DHCP. I'm thinking it's blown - It was a TP-Link with a Realtek 8169 chip on it, so it wasn't exactly the best for that kind of thing. I need to get my hands on some Intel PRO/1000 adapters.


----------



## Sneakers (Nov 9, 2009)

Runefox said:


> Make sure the "802.11g Mode Only" box isn't checked, and make sure you're near the router when you use your DS; I've had problems with connectivity on the DS even more than ten feet away from the router - The antenna in the DS sucks ass. Also, try disabling the "Suber G" option, and make sure the DS is set to automatically discover its IP address.



Well, this is the setting I have it set at...thumbnail below. I had it connect before I had to reforat my c drive and re-install XP....now is all crazy. I tried dowlaong the latest firmeare, but it's a .bin file, and don't know how to use them. I have 1.04, they have 1.05 up.


----------



## Irreverent (Nov 9, 2009)

Older implementations of 802.11b code (or just brain dead versions) might not handle SSID's with embedded spaces.  ie"Sneakers Computer" may not work, but "SneakersComputer" might.

Also, some braindead implementations of code can't handle non-broadcasting SSIDs.  Turn SSID broadcast on, reqister the device and then turn it off.


----------



## Runefox (Nov 9, 2009)

Actually, the "Enable Hidden Wireless" button _disables_ SSID broadcast (even though it confusingly says its function in brackets in such a way that you're not sure if checking the box hides or doesn't hide the SSID). The spaces thing tripped me up, too - I'd try what Irre said - Try SneakersComputer instead. You might find that it works without a space.


----------



## Sneakers (Nov 9, 2009)

I had shortened it to just Sneakers while back, shortly after making that picture 

Anyways, I called Nintendo again, and got a real helpful guy and stayed on and was viewing the emulator while talking it through, and it turned out, I had to turn the Mac thingie off. Soon as it was turned off, it worked.

Thanks a whole lot....I had also called the companie...got some guy I couldn't understand, and had to say pardon about 11 times. He told me to call Nintendo for a code, to give them, but ended up getting the problem solved instead by a Nintendo Rep. 

Thanks to you all for the help and suggestions....I was soooo lost! :/


----------



## AshleyAshes (Nov 9, 2009)

Runefox said:


> For that, you'd either need to do subnets (oh god), VPN's (consumer gear isn't really designed for that), or extra gear. A much better option would be to set up MAC address filtering. While it's not foolproof, it will limit the devices allowed to connect to a network only to those trusted devices that are included in the MAC list, and would force a would-be intruder to have to do more work to work out which MAC addresses are allowed on the network. Even better if you don't broadcast the SSID, but that's cutting the convenience level down quite far (fine by me, personally).


 
MAC Address filtering isn't doing to do squat.  Any script kiddy with the tools to crack WEP can also pull a MAC address off of one of the packets and spoof it.


----------



## ToeClaws (Nov 9, 2009)

AshleyAshes said:


> MAC Address filtering isn't doing to do squat.  Any script kiddy with the tools to crack WEP can also pull a MAC address off of one of the packets and spoof it.



Pretty much.  It's more like an annoying speed bump than a wall.  The one perk of it though on the secondary hardware platform is that if you can't get on, you know someone else is trying to since you can lock that second box down to only the DS (or whatever else needs WEP).  

Oh yes, one other advantage of the secondary box is broadcast strength - you can turn it way down, only to the bare minimum of what you require, so that when you do have the WEP network turned on (and you shouldn't have it on unless you need it), it's not broadcasting very far.


----------



## AshleyAshes (Nov 9, 2009)

ToeClaws said:


> Pretty much. It's more like an annoying speed bump than a wall.


 
I say MAC Address filtering is like making sure your door is dead bolted, when your yard is covered with razor wire and land mines.  If they got past the razor wire and land mines, do you really think the dead bolt will be a problem?


----------



## ToeClaws (Nov 9, 2009)

AshleyAshes said:


> I say MAC Address filtering is like making sure your door is dead bolted, when your yard is covered with razor wire and land mines.  If they got past the razor wire and land mines, do you really think the dead bolt will be a problem?



Any good burglar should have a Jet pack.  :mrgreen:

Good analogy though, but it depends really - WEP cracking tools are widely available and provided with really easy to use command line and/or GUI interfaces.  For a script kitty, sniffing WEP might actually be easier than manually sniffing for a MAC.  

Either way, it's more like a yard full of razor wire that's actually made of soft plastic, and a sign on the door that says "Please don't break in."


----------



## AshleyAshes (Nov 9, 2009)

ToeClaws said:


> Either way, it's more like a yard full of razor wire that's actually made of soft plastic, and a sign on the door that says "Please don't break in."


 
This is why I don't bother with any security beyond WPA2.  Because if I have neighbours with the resources and know how to crack my WPA2 key, I'm fucked anyway.


----------



## ToeClaws (Nov 9, 2009)

AshleyAshes said:


> This is why I don't bother with any security beyond WPA2.  Because if I have neighbours with the resources and know how to crack my WPA2 key, I'm fucked anyway.



*chuckles* Aye, which is why I suggest bringing up WEP only as a secondary heavily restricted, only-when-needed sub-network under the normal one.  

And yes... if you have neighbour's that tech savvy, I suggest resorting to the lower-tech pillowcase and tire-iron demotivational talk with them.   As I said, with my own WPA2, it comes on only when I need it (which is maybe 1 to 2 times a month) and remains on only for the time it's required (usually under an hour).


----------



## AshleyAshes (Nov 9, 2009)

ToeClaws said:


> And yes... if you have neighbour's that tech savvy, I suggest resorting to the lower-tech pillowcase and tire-iron demotivational talk with them.  As I said, with my own WPA2, it comes on only when I need it (which is maybe 1 to 2 times a month) and remains on only for the time it's required (usually under an hour).


 
Upon reading about the computational effort that went into producing this WPA rainbow table for common SSIDs;

http://www.renderlab.net/projects/WPA-tables/

I'm confident that cracking a WPA2 Network that doesn't use an easy SSID or key would require a signifigant investment of resources to make the time frame at all reasonable.  As such, I considder WPA2 sufficently secure so long as no one wants your industrial or military secrets.


----------



## ToeClaws (Nov 9, 2009)

AshleyAshes said:


> Upon reading about the computational effort that went into producing this WPA rainbow table for common SSIDs;
> 
> http://www.renderlab.net/projects/WPA-tables/
> 
> I'm confident that cracking a WPA2 Network that doesn't use an easy SSID or key would require a signifigant investment of resources to make the time frame at all reasonable.  As such, I considder WPA2 sufficently secure so long as no one wants your industrial or military secrets.



They will be SADLY disappointed if they manage to get into my network.  Unless they like a lot of furry stuff. <_<  >_>


----------



## AshleyAshes (Nov 9, 2009)

ToeClaws said:


> They will be SADLY disappointed if they manage to get into my network. Unless they like a lot of furry stuff. <_< >_>


 
That too.   For most people, your only real reason for security is to keep some little shit from deleting your stuff for a joke or running up your bandwidth.  As such, WPA2 is more than sufficent where as WEP is pretty weak.  I dunno about you, but I get charged extra by my ISP after 95GB per month.  I'd like to know that the only people downloading are me and my roommate. :X


----------



## ToeClaws (Nov 9, 2009)

AshleyAshes said:


> That too.   For most people, your only real reason for security is to keep some little shit from deleting your stuff for a joke or running up your bandwidth.  As such, WPA2 is more than sufficent where as WEP is pretty weak.  I dunno about you, but I get charged extra by my ISP after 95GB per month.  I'd like to know that the only people downloading are me and my roommate. :X



*chuckles* Yes; beatings are harder to dish out if you have to search for the offender.  That's why I keep my off 95% of the time - removes the issue altogether.  That and there's several open wireless networks all around the area with highly original names like "Linksys", "Dlink" and "default", which probably make more attractive targets.


----------



## Irreverent (Nov 9, 2009)

Sneakers said:


> Anyways, I called Nintendo again, and got a real helpful guy and stayed on and was viewing the emulator while talking it through, and it turned out, I had to turn the Mac thingie off. Soon as it was turned off, it worked. :/


If you can determine the MAC of your device, you can turn MAC filtering back on and then add it to the table.  As noted, its more of a PITA than a protection, so proceed with caution.



ToeClaws said:


> That and there's several open wireless networks all around the area with highly original names like "Linksys", "Dlink" and "default", which probably make more attractive targets.



Hell, I've run a honeypot with those SSID's just to see what flies I could attract.


----------



## Sneakers (Nov 9, 2009)

Irreverent said:


> If you can determine the MAC of your device, you can turn MAC filtering back on and then add it to the table.  As noted, its more of a PITA than a protection, so proceed with caution.



I recall seeing the MAC address on my DS when looking at the options. I went to where I turned off the MAC addresses, added that address, and turned it back so it only allowed the address on my router list, and it worked. Thanks.


----------



## Runefox (Nov 9, 2009)

AshleyAshes said:


> MAC Address filtering isn't doing to do squat.  Any script kiddy with the tools to crack WEP can also pull a MAC address off of one of the packets and spoof it.



This is pretty much why I don't bother with wireless security beyond MAC filtering to begin with - Why should I pay for it in responsiveness and in being a PITA to set up on certain devices (PSP... X_X) when I can hide the SSID and use MAC filtering to do just as good a job? If someone's determined enough, they'll get in anyway. WEP security is a joke anyway, and WPA can be cracked, too (and doesn't support my DS, much less WPA2).


----------



## AshleyAshes (Nov 9, 2009)

Runefox said:


> This is pretty much why I don't bother with wireless security beyond MAC filtering to begin with - Why should I pay for it in responsiveness and in being a PITA to set up on certain devices (PSP... X_X) when I can hide the SSID and use MAC filtering to do just as good a job?


 
That's hardly any security at all. Anyone with the WEP cracking tools can pull your SSID off packets in the air and get a mac MAC and get on.



Runefox said:


> If someone's determined enough, they'll get in anyway. WEP security is a joke anyway, and WPA can be cracked, too (and doesn't support my DS, much less WPA2).


 
WPA/WPA2 cracking, so long as you don't use a common SSID, is pretty much unachivable withuot someone with a cluster of computers available.


----------



## Irreverent (Nov 9, 2009)

AshleyAshes said:


> That's hardly any security at all.  Anyone with the WEP cracking tools can pull your SSID off packets in the air and and the MC and get on.



Agreed, but security by obscurity is a valid technique, if the risk is acceptable to the end user.  If you've got nothing on the network you're protecting, then bandwidth theft is probably your only risk (and that too can be risky)



> WPA/WPA2 cracking, so long as you don't use a common SSID, is pretty much unachivable withuot someone with a cluster of computers available.



You'd be amazed at what a HP c-class blade rack with 16 64gb quad-core processor blades can do...the last one i bought was only about $215K CDN.


----------



## AshleyAshes (Nov 9, 2009)

Irreverent said:


> Agreed, but security by obscurity is a valid technique, if the risk is acceptable to the end user. If you've got nothing on the network you're protecting, then bandwidth theft is probably your only risk (and that too can be risky)


 
In that case, just go with WPA2.  It's essentually fully secure, barring extreme circumstances.  Where as WEP could be cracked by a script kiddy with 30mins and access to Google.  The only issue is the DS which only supports WEP.  Of course the DSi addresses this weakness.  But most any other wireless hardware you'll have will support WPA/WPA2 without difficulty.

Hrm, seems Nintendo has discontinued their USB 'Nintendo Wifi Adaptor' to allow wifi access to Nintendo products. :/


----------



## Runefox (Nov 9, 2009)

The reason I have to make the choice between WEP and no security at all is because I have DS's connecting to the WiFi fairly regularly. The population density in this area of town isn't extreme (houses, rather than apartment buildings, and surrounded by hills), and the percentage of those who are actually savvy enough to pick up and crack my wireless would likely be negligible. My wireless router is right next to me anyway; If I notice strangeness on the WiFi (I know precisely who's using it and when), I check the router's status page to see if there's anything I don't recognize. For the most part, no devices are constantly connected to the AP (mostly never; PSP and DS predominantly), so there would be very small windows of opportunity to catch MAC addresses or even any kind of packet at all with SSID broadcast disabled.

The fact that WEP is so trivial to crack makes it almost easier to simply obscure the network and lock it to specific MAC addresses like I've done if you can't use WPA. It provides, in my opinion, no less security than with WEP enabled if someone's willing to sniff packets to begin with, and no reduction in throughput, range or latency due to encryption/handshaking overhead (negligible though it may be). If I cared a little more about it or if the area I was in was more densely populated, I'd probably make more of an effort and perhaps have a second AP, but that's too much cost for not enough benefit as it is now.


----------



## Irreverent (Nov 10, 2009)

AshleyAshes said:


> In that case, just go with WPA2.  It's essentually fully secure, barring extreme circumstances.



No argument there, I was just making the point that its up to the end user to access his/her risk comfort level.  If you truly have nothing to lose, than no security is a valid option.  Not one I would ever pick.....but still a valid one.



> Hrm, seems Nintendo has discontinued their USB 'Nintendo Wifi Adaptor' to allow wifi access to Nintendo products. :/



I suspect that wifi has reached pervasiveness and is at saturation.  Their business model probably shows that  bridging through a PC is no longer required?


----------

