LAN configuation unknown

Discussion in 'Hardware' started by TimW, Apr 24, 2006.

  1. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    This may not be doable, but if anyone has a suggestion, I'm all ears. We have a small (29 'puters) lan at work and one of the wireless access points has been reset....putting it all back to factory settings (linksys wireless-g access point). Problem is that the person that set this up is no longer available and he set it up with an unknown (to us) password. We need to figure out the settings to reset the one access point so that the 6 'puters on that access point will connect to the lan ..... is there any program/ method to find the settings on the working lan?
     
  2. QuickSilver

    QuickSilver Corporal

    If the system has been somehow set to factory defaults then the password most likely will have been as well... Therefore I'd recommend getting the manual out and seeing what the default password was; usually something imaginative like 'password'... Worth a shot before considering other options.
     
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I can get into the reset access point ( admin as password/ no user name) .... but I can't get into the other access points to find their configuration to be able to re-configure the one thats been reset. Tried numerous settings on that one but no go.
     
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Now this gets curioser and curiouser ..... every Monday something is screwed up with these computers.....we shut them all down on Friday, except the server, and on Mondays we always find one or two that no longer have the shared printers attached. Just not there anymore. Today the internet crashed, unplugged the routers and modems five times and the internet never came back, plus programs on the server started crashing left and right, even after doing rebuilds on the databases and such. I'm starting to think that someone is accessing these units. Any thoughts as to how to detect this?
     
  5. technaut

    technaut Private E-2

    Does the local server have an event viewer that logs errors in applications/system/security?

    Check administrative tools/component services/event viewer. I think all access actions get logged, including endpoint id's.

    As far as passwords go, do a goog search for password recovery, password generator, or for wireless, try wepcrack.sourceforge.net, or airsnort.schmoo.com
     
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Local server does have an event viewer ....will check that tomorrow .....the though was dawning on me on the way home.
    Will also check on the wepcrack programs ..... I'm very reluctant to just reset all the routers and then find that I can't get connected ....not enough experience with routers and switches to be comfortable with messing up the teaching lab.
    What about intrusion detection programs? Any though in pursuing that, considering it all may be way over my head?
    Thanks technaut!
     
  7. technaut

    technaut Private E-2

    Hope I helped!

    Password generators, and IDS's are somewhat user-friendly. For IDS app's, see iss.net, snort.org, okena.com, & networkintrusion.co.uk.

    What's really obnoxious is the wealth of info that gets logged in the event viewer - warnings, and info requests, besides just errors. Most of it is also way over my noggin. I think all the info you need is there tho'.

    Networking events are in the security log. And you can't cut n paste a particular event's 'properties', once you find it. Ya' gotta' 'print screen', and paste into a graphics app [new file], such as windows paint, then post to the web.

    Keep us posted on this - I'd like to see this one.
     
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Well it must just be my paranoia .....couldn't find any evidence of intrusions .... so started looking at the network ....pinging the various computers. Interesting enough, can only ping about half of them. In fact on one of the workstations, can ping the server, but when on the server, can't ping that workstation. Am thinking it may be the switch thats having problems. Connected one directly to the modem and all was fine.... need to start looking into switch failures.
     
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    The answer wasn't intrusions or the switch, it was a failed router ..... apparently out ISP modem (cable) allows lightning to pass through it and zap the router .... sweet (not). So have replaced the router and will start doing latency testing to see if any of the workstations are bogging down the network .... any suggestions would be appreciated.
     
  10. technaut

    technaut Private E-2

    Interesting is that the server can ping SOME workstations, and not others. As if some workstations are primary, and others are second degree (get routed to the server through the primary workstations). This is not uncommon an practice. This would also indicate a configuration/access setting, as opposed to a hardware failure, but I'm seeing the router did a meltdown.

    How the network interface can take only a partial hit is a toughie:confused:

    Anybody else got ideas on this one?
     
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I'll know more tomorrow .... found out who set up this network and started trying alll the different passwords that she used for different machines/ program access and got lucky. So, will look at the configuration on Friday for each of the access points after I re-configure the one that got reset to default settings and start running some latency tests. I know that when we keep a few of the 'puters off the net, the speed gets good ..... so I'm thinking one or more are causing the slowdown for all of them. (upload goes from 28 down to 2 or less!! depending on how many machines / access points are enabled.)
     
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Now I'm getting really confused.
    Five access points (linksys wireless g access points) On the one that got reset to default, went in and reset it to the same as the settings on the other access points (I think) (are all the access points on the five different pods going to have the same address? (192.168.1.245?) Still won't connect after doing what Linksys told me to do (give it a static address while connected to only one 'puter ....make the changes .... reset to obtain address auto ..... reconnect all the puters on that pod to the reconfigured access point. Should work. NOT!!! AAAARRRGGHH!
    Second thing: have found that there are four sets of 'puters with the same ip address. All are set to obtain ip address auto. This shows up on the server DHC settings.
    How do I change them so there are no conflicts, and do I have to do something in the server as well?
     
  13. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    OK, have straightened out the duplicate ip addresses .... but still have one pod (six computers) where all will connect to the server and can get on line, but five of them can't be pinged from any of the other computers on different pods... they can ping the other pods, however. And still don't know how to find the address of all the other access points. Help please!!
     
  14. technaut

    technaut Private E-2

    Here's some ways to do this...

    1) A port scanner, such as Nmap, will reveal the IP addresses.
    It does this by ping sweeping a range of addresses, sending an ACK ping,
    instead of a SYN ping, then waits for an ACK response. Then the IP address
    is revealed.
    It's like, Okay, I hear you, what do you want (when no one said anything).
    then when the other guy says "I didn't say anything." You have your IP
    address.
    It's slow, but 100%.

    2) The PC's with unknown IP add's HAVE TO reveal their address to the server,
    to be authenticated.
    I don't know where that info is in the server.

    3) networksolutions.com/cgi-bin/whois/whois
     
  15. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Will try the port scanner method to try to find all the access point address'
    I know the ip addreses of all the computers, it's just that five of them can't be pinged by the rest of them though they can ping all the others (except themselves - the five) . The server shows all computers under the dchp (or dhcp, whatever...)
    Just by trying different adressess is how I stumbled on some of the access points, not sure which ones they are and linksys says they should all have different ssid's, but two so far are the same, and on the same channel, two others have different ssid's and are both on a different (though the same for those two) channel ....confusing in that I'm not sure if I'm seeing a sending access point or a recieving access point. I'm thinking that under ap wireless mode, some only have one mac address which should indicate its a sender, where the ones that show multiple mac address's must be the recievers that connect to the firewall/ router and switches.
    I'm really appreciating your input technaut!! It's helping me wade through this literal can of worms.
     
  16. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    This is finally resolved, at least the reset access point problem. Assigned the reset access point an address that was not being used (within the range of the other access points), gave it the same ssid as three other access points/ same channel/ but instead of opting to set it on wireless ap mode bridge, left it as default and it connected. Yahoo!!!
    Thank for all the suggestions, technaut ..... you and a bunch of research (and reading my A+ book, got me in the right direction).
     
  17. technaut

    technaut Private E-2

    When you teach, you also learn (I think I've learned more in this thread ...).:)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds