Thursday, February 28, 2013

One House... 2 Lines

Technically it is POSSIBLE as there has been cases where the home has been sub-let to other tenants and the customer don't want to share the lines for whatever reason.

Based on experience, the Fiber Termination Point can work with 2 fiber points and though it is NOT RECOMMENDED, there are cases where MIOTV (SingTEL) is on 2nd Port and the 1st port is used by M1 or MyRepublic or Starhub (since all uses Nucleus Connect HuaWei ONT device)

That is technically possible and you can even do load balancing to get the best of all worlds.

Cost wise: Probably that Singtel pays for the activation of the 2nd TP Point.....but hey..they already charged the customer $100 for the install fee anyway!

Sunday, February 10, 2013

Open for Attack

So congratulations on your Fiber Optic Network Installation. You have reached the end of the High Speed Wireless Highway and plunging into the unknown. Your Maximum Speed is actually 70Mbps if you use 802.11N or WiFi-N and despite whatever claims it may have, you won't legally reach anywhere over that limit unless you are a hacker. (Ethernet / Communications Rules, Through output speed= Max Speed x 0.7 [Error Corrections etc] divided by 2 [Full Duplex] at the distance of 3meters)

So technically you are still getting anywhere better than SingTel's ADSL+ or Cable Connection of M1 or Starhub services but do you know that you are so susceptible to wireless hacking?

I am a real time hacker. I have to do penetration tests every now and then and for your information, the culprit is the button on your router for Wireless Protected Setup or WPS, and in layman terms, "Lazy Bugger who do not wish to enter the long password" as you only need to press that button and you are authenticated to the network.

WPS however, is not secure. It has a simple 8 digit pin in which the first 4 is encoded and the last 2 are check digits, something like your IC Number where the first 2 are your year, followed by your citizen class (Born Singaporean, Foreign Born, PR, Convict, Undercover Police etc) and then the serial number and a check alphabet (A-J & Z).

That number DO NOT CHANGE unless you disable or modd the Router. Why it's so dangerous? Because Google has a codec called REAVER which is used with Wifi crackerjacks such as AirCrack-NG and such free software (built into Linux) that once that number is cracked... how many times you change your password does not matter since the WPS key is the same.. something like your super master key.

Initial key stress testing takes usually 6 - 10 hours to crack ONE SINGLE Router in sequence and usually a hacker will crack 3 - 6 routers in a go. Even if you do not broadcast your SSID, it will still come out...as radio waves will be transmitted and someone will listen.

So what can you do?? Get a secured Router with that WPS PIN DISABLED.

Unfortunately for many, SINGTEL's router are nearly CRACKER JACK PROOF. The 5012 uses WEP and password is usually 13 numbers or 13 ALPHANUMERIC KEYS with ALL CAPS LOCK making it super hard to crack, ( 36 to the power of 13 combinations or 170 Billion Billion Combinations ). Those white ones are also harder to crack too so don't waste your time...

That is hard coded and a PAIN IN THE BACKSIDE. It's made by some China Company... but it's useful.

Just a cap..which ones are simple to crack includes TPLINK, DLINK, ASUS, EnGenius and those cheapo ones....

Good luck

Friday, February 8, 2013

What NOT to decorate your house with.

Those trendy Flush in TV Cabinets are a real nice thing to do... but do avoid this... It is actually in fact, a Building Code violation and a Fire Safety Hazard as wood can burn if something shorts up.

If you don't see it well, the FTP or Fiber Terminal Point is actually concealed into the cabinet panel and it's a real bugger that the carpenter told the owner that you can ask the installer to access it from there.

How on earth can one access it when you can't even get your whole hand into it.

Do you see the cables etc dangling back of the panel?

If you wish to do so.. please make a door or flap so that direct access to the equipment is made simple.

In any retro spec, please consult a CERTIFIED ENGINEER before you do your wiring and renovations as I have slapped the owner of the premise a Notice of Safety Violation and any issues with network or system deterioration will be borne fully by them and that the violation voids all Home Insurance and Fire Insurance Coverage on the premises.




Sunday, February 3, 2013

Extending your WiFi Coverage.

Extending your WiFi Coverage is not as simple as it is.... but it's quite effective.

Here are some tips:

NEVER USE A POWER LINE ADAPTER... PLCs are so susceptible to disruptions and also waste your money. They are limited to the old slower technologies. If you die-die need to use one.. then use it for your LAN Connection. Remember Singtel's mIOTV issues?? All caused by so much disruption etc as the customers do not want to have wiring or drilling. They opted for the ComTrend CHC and from my experience and toying about...they only go as fast as 70mbps... as 200mbps is ONE WAY or Half-Duplex. Full Duplex is 35% of their Promised Speed.

DO NOT USE WIRELESS-WIRELESS Extenders... or using WDS mode. They just amplify your poor signals and cause more harm to your expensive router.  It's just like a relay game.. using one channel.. every time there is a relay..someone will take 10-15% commission or cut from the bandwidth available. Eventually, you are better off using a hybrid mix.

DO NOT USE ROUTING MODE. Do you see the connection behind the router saying Broadband and then other 4 ports for LAN? If you need to do a chain relay.. don't plug into the Broadband port as it will firewall your connections and cause more harm.


Technically.. this is how you do it:
From your ONT (Modem) to the Router(A)... you set is as DHCP without using IP Addresses 192.168.1.200 to 192.168.1.254 (255 is broadcast).. or if you prefer 10.0.0.x or 172.16.0.x
Why? Because we want to use those IP. If you let your router handle more than 32 clients in one go.. it will CRASH!!!

So we have 2 routers.. how to go about?
We all know the router (A) may be 192.168.1.1 (Typical... Singtel's is 254 as 1 & 2 used by ONT) and so we Statically Assign the Router (B) as 253 (255-2-N where N is the number of extenders). We disable DHCP from Router B so users will get IP addresses from router (A). And we MUST NOT use the SAME AP-Name or SSID for Router A and B..it will conflict. You can try... but you have to allocate different channels.

Then from Router (A) we connect the LAN port via RJ45 cable to the Router (B) on the RJ45 port (not labeled Broadband). Then we have a distributed AP Network. If for some silly reason you still don't want wiring.. you can use PLC Adapters (get 300mbps or more) to connect those 2.

Any router can be used..even the Singtel black 5012 or 5520.. those MioV white boxes need to be reconfigured manually by Tomato.


WiFi and Wireless

Don't be confused when any Sales person says you will get 100Mbps over WIRELESS or WiFi ...as it's actually NOT TRUE.

As Wifi is dependent of many factors and that 802.11G (Normal WiFi such as iphones and smart tabs) are limited to the 2.4Ghz frequency and technically LIMITED to 54Mbps One Way, usually you will get about 15-20Mbps Maximum at best at 3m range whereas the WiFi-N or 802.11N uses the 5.Ghz band and on top of that 40Mhz bandwidth slots within the 802.11G (which uses 20Mhz slots).

Technically, it could go as far as 100+ but you will only see 45-60Mbps range and it's much better with newer HDB BTO Flats as they can pass thru the walls better.... being higher in power.

If your package is 100Mbps...then you need at least a Fast Ethernet (FE) Lan card connected to the wire which will let you push thru 92-100mbps or Gigabit Ethernet (GBE) port for up to 1000Mbps

Dual Bands or what not.. we are sorry you are misled by the sales person. Be it SingTEL or MyRepublic... they don't know much other what they were told from those up there. Here...we are down to earth.

To check your WiFi connection... we recommend using Xirrus WiFi inspector... anything more than -60dbm is BAD... (less than ONE BAR) as you get up to only 10mbps.