SammyFox wrote on 2021-01-25, 00:12:

I have the odi drivers and everything but I have absolutely no idea what to do after. I downloaded a copy of novel netware 3.11 but I have absolutely no idea how/what to install in the set of floppy images.

Here is a manual http://wireless.ictp.it/school_2001/docs/spec … ual_pc_card.pdf and a some info http://www.vcfed.org/forum/archive/index.php/t-38433.html

I have no idea why you would want/need Netware 3.11 .

If you intend to get the Orinoco Gold working on a Windows 3.11 PC (or any PC, for tha matter), I hope that you will be using it on an isolated network, since WEP encryption (the only crypto the Orinoco Gold supports) has been basically worthless for over a decade now . If you enable WEP on your main home gateway router, without some king of isolation, you will risk putting your entire network at increased risk of hacking/intrusion .

If you intend to actually connect wirelessly on a long-term basis from a retro machine, I recommend getting a wired network adapter instead and connecting it to a modern WIFI bridge to handle the actual wireless connectivity part. This will be faster, much more secure and likely easier to set up .

Here I have some files i took off my laptop's drive backup. Basically i copied C:\autoexec.bat and C:\config.sys and additional folders. I had to use additional card service software which is not included here, but I modified autoexec.bat and config.sys in such way that in theory it should work without it. Configs which use card services are in autoexec.pcm and config.pcm files. I made a boot menu where you can select if you want to boot into DOS or Win 3.11. You enter network name and key in NET.CFG file. Or in WVLAN43.CFG. Or both, I don't remember.

No idea if it will work in your case, I didn't use it for long time because now I'm using ethernet PCMCIA card (3CCFE574BT) with tiny router like this https://openwrt.org/toh/unbranded/a5-v11
That way i can access WPA2 networks. And I don't need to mess with so many config files.

adalbert wrote on 2021-01-25, 00:59:

No idea if it will work in your case, I didn't use it for long time because now I'm using ethernet PCMCIA card (3CCFE574BT) with tiny router like this https://openwrt.org/toh/unbranded/a5-v11
That way i can access WPA2 networks. And I don't need to mess with so many config files.

That is in the same vein as what I was referring to (using a WIFI bridge)
AFAIK, instead of being a dedicated WIFI bridge, practically any home gateway router that is supported by OpenWRT or DD-WRT can be turned into a WIFI client bridge . You can then use such a setup to connect to your main home gateway/router .

Agree ! And some like Asus AC1900 can work as a bridge "out of the box" very easily. Some like the older Cisco/Linksys Se2800 also can be a bridge out of the box but requires a bit more setup work (just my experience) 😀

Just for the record: The Orinoco cards with Lucent chipset do support WPA under Windows (XP, 2000) and Linux. There´s no WPA2 support though.

If your laptop is 2000 / XP capable, it probably can just use 32 bit cardbus cards, which often support WPA2 natively.

majestyk wrote on 2021-01-25, 07:52:

Just for the record: The Orinoco cards with Lucent chipset do support WPA under Windows (XP, 2000) and Linux. There´s no WPA2 support though.

If memory serves, that WPA support is limited to WPA with TKIP on cards without AES encryption support (which means all cards initially released with only WEP support). Though better than plain WEP, it's not that great either .

darry wrote on 2021-01-25, 13:14:

majestyk wrote on 2021-01-25, 07:52:

Just for the record: The Orinoco cards with Lucent chipset do support WPA under Windows (XP, 2000) and Linux. There´s no WPA2 support though.

If memory serves, that WPA support is limited to WPA with TKIP on cards without AES encryption support (which means all cards initially released with only WEP support). Though better than plain WEP, it's not that great either .

Not great, but for home use it's generally safe enough and a massive improvement over WEP.

WEP can be completely hacked in 30 sec with an off-the-shelf tool (just run Kali Linux in VM or on a USB stick and you have everything you need) giving you full access to the network. WPA-TKIP with a suitably secure passphrase is vulnerable to a few DoS attacks (but there are enough that WPA2 is vulnerable to as well if 802.11w protected management frames isn't implemented - and it almost never is), plus if you really know what you are doing you can inject limited traffic into a network and decode individual frames, enough for say a port scan, but you can't get full access to the network and the rate at which you can decode frames is insufficient for all but the most targeted of attacks.

TLDR: if you're an interesting target, do at least WPA2-CCMP(AES) with 802.11w (or WPA3, which mandates 801.11w), if not WPA-TKIP is good enough for home use.

My day job is WiFi and I'd be happy to have a separate WPA1-TKIP SSID for devices like this, just so long as the rest uses a different SSID with WPA2-CCMP for both unicast and broadcast (if you set an SSID to WPA/WPA2, broadcast is automatically done in TKIP, slowing it down and presenting a *much* larger attack surface if someone does want to do nasty stuff)

dionb wrote on 2021-01-25, 14:58:

Not great, but for home use it's generally safe enough and a massive improvement over WEP. […]
Show full quote

darry wrote on 2021-01-25, 13:14:

majestyk wrote on 2021-01-25, 07:52:

Just for the record: The Orinoco cards with Lucent chipset do support WPA under Windows (XP, 2000) and Linux. There´s no WPA2 support though.

If memory serves, that WPA support is limited to WPA with TKIP on cards without AES encryption support (which means all cards initially released with only WEP support). Though better than plain WEP, it's not that great either .

Not great, but for home use it's generally safe enough and a massive improvement over WEP.

WEP can be completely hacked in 30 sec with an off-the-shelf tool (just run Kali Linux in VM or on a USB stick and you have everything you need) giving you full access to the network. WPA-TKIP with a suitably secure passphrase is vulnerable to a few DoS attacks (but there are enough that WPA2 is vulnerable to as well if 802.11w protected management frames isn't implemented - and it almost never is), plus if you really know what you are doing you can inject limited traffic into a network and decode individual frames, enough for say a port scan, but you can't get full access to the network and the rate at which you can decode frames is insufficient for all but the most targeted of attacks.

TLDR: if you're an interesting target, do at least WPA2-CCMP(AES) with 802.11w (or WPA3, which mandates 801.11w), if not WPA-TKIP is good enough for home use.

My day job is WiFi and I'd be happy to have a separate WPA1-TKIP SSID for devices like this, just so long as the rest uses a different SSID with WPA2-CCMP for both unicast and broadcast (if you set an SSID to WPA/WPA2, broadcast is automatically done in TKIP, slowing it down and presenting a *much* larger attack surface if someone does want to do nasty stuff)

Thank you for that information . Unfortunately, since WPA-TKIP support likely did not make it to the Orinoco DOS/Windows 3.1 drivers, it would probably be best for OP to not "Let the Orinoco flow" or he might see his data "sail away" and end up "On the shores of Tripoli" or "Far beyond the Yellow Sea" and "can sigh, say goodbye" to his privacy . 😉 (I have been itching to place a pun/joke on that for years, sorry) .

"Security by obscurity", or rather "obscuring" is not the best way to go, but in theory you can setup a dedicated WEP router and set its power to 1 miliwatt or so, and limit its range to the nearest room... 😜

BTW i have 802.11 (that's pre-WiFi standard) router which uses frequency hopping (FHSS modulation), and ISA network card, completely incompatible with modern networks. I wonder who could potentially hack it nowadays? You probably would need to use an SDR radio to do that 😜

adalbert wrote on 2021-01-25, 16:11:

"Security by obscurity", or rather "obscuring" is not the best way to go, but in theory you can setup a dedicated WEP router and set its power to 1 miliwatt or so, and limit its range to the nearest room... 😜

I wonder if lowering the Sensitivity Range (ACK Timing) could effectively reduce the range .

adalbert wrote on 2021-01-25, 00:59:

Here I have some files i took off my laptop's drive backup. Basically i copied C:\autoexec.bat and C:\config.sys and additional folders. I had to use additional card service software which is not included here, but I modified autoexec.bat and config.sys in such way that in theory it should work without it. Configs which use card services are in autoexec.pcm and config.pcm files. I made a boot menu where you can select if you want to boot into DOS or Win 3.11. You enter network name and key in NET.CFG file. Or in WVLAN43.CFG. Or both, I don't remember.

No idea if it will work in your case, I didn't use it for long time because now I'm using ethernet PCMCIA card (3CCFE574BT) with tiny router like this https://openwrt.org/toh/unbranded/a5-v11
That way i can access WPA2 networks. And I don't need to mess with so many config files.

I got it to work but I'm getting an error, "Error in loading WVLAN43 error code 0000b". When I load PhoenixCARD Manager, it lists the card as "Unconfigured". When I select "Add Card", I'm not sure what to put in for the irq and i/o and such

Also for those wondering, I set up a hidden ssid with mac filtering only allowing connections from my card's mac address and I plan to only enable it when I need to get something from an old site or whatever.

Also I'm using a Thinkpad 760l with the pc card.

darry wrote on 2021-01-25, 16:23:

[...]

I wonder if lowering the Sensitivity Range (ACK Timing) could effectively reduce the range .

Possibly, but don't underestimate WiFi range. Even with 1dB omni antennas 300m is doable and your average US matchstick house hardly blocks anything. An attacker with a directional antenna can probably get more RSSI from across the street than you would with the client. In Europe things can be different. NL, DK and NO are reputed to be worst, with extensive use of reinforced concrete and high levels of insulation mandated in modern buildings even including metal layers on glass windows. Any house built in the last 5 years in one of those countries is effectively a Faraday cage, indeed chances are you can't even get your signal up or down a floor within the house either.

A better way would be to raise the minimal link rate. Default is 1Mbps in 2.4GHz, but even on 802.11b you can raise that to 11Mbps. That means you're only allowed to connect if you have enough signal quality for the highest speed the standard can muster. Then again, 11Mbps is hardly challenging, so it just wins you a few dB.

But if you want security by obscurity, set power to minimal, choose Japan as regulatory domain and select channel 14. Technically you'll be breaking the law outside of Japan, but if you keep power levels low, no one picks up the signal, no one will complain and you're safe enough. Of course anyone actually out for nefarious purposes will spot an 801.11-1997 network on channel 14 and latch onto it right away - but unless you know yourself to be a target (or you have very enterprising children or neighbours, which amounts to the same) chances of that are negligible. I sincerely hope to engage in a similar game of cat and mouse with my elder son when he gets a little bit older. See how long the old man can stay ahead of the young buck 😉

adalbert wrote on 2021-01-25, 16:11:

[...]

BTW i have 802.11 (that's pre-WiFi standard) router which uses frequency hopping (FHSS modulation), and ISA network card, completely incompatible with modern networks. I wonder who could potentially hack it nowadays? You probably would need to use an SDR radio to do that 😜

Yep. I'd love to play around with some of that stuff, if only to troll my colleagues. It would probably play havoc with 2.4GHz 802.11b and later WiFi 😉

SammyFox wrote on 2021-01-25, 16:59:

Also for those wondering, I set up a hidden ssid with mac filtering only allowing connections from my card's mac address and I plan to only enable it when I need to get something from an old site or whatever.

Hidden SSID... that's an invitation that something is there worth taking a look at, protected by someone who doesn't know his stuff 😜

What "hidden SSID" means is that the SSID field is left empty in the beacon frames. However it's still transmitted in probe request & response frames and IIC during association as well. It's like saying "I'm not telling anyone who I am", but as soon as somebody asks "who are you?" you answer anyway.

Same for MAC filtering: that's more of an irritation to yourself than to an attacker. Just capture some packets in the air where there's filtering. Any MAC associated with the network is whitelisted. So clone that MAC in your adapter, wait for it to go offline or if you can't be bothered to wait, send a deauthenticate frame to the valid client and connect yourself. 802.11w protects against specifically this attack, but no 802.11b/g device will support it, and precious few n/ac devices either.

Unfortunately, on Channel 14 you´re restricted to 802.11b with 99% of the available wifi-drivers which is not very fast.
This doesn´t matter of course when you are using an old Orinoco/Lucent or Prism 2 card.
But it´s still fun using this channel 😀

I have two 802.11b access ponts in my network with old Prism 2 Cards running WPA2 EAP-TLS with one of my Win 2008 machines as RADIUS server.
I`m the only one here with 11b and the only one with EAP-TLS 😉

So I finally figured out the problem and it was that I'd forgot to install my laptop's pc card drivers, whoop de doo. Anyway now the card powers on and the drivers are working and I've installed tcp/ip but I'm facing a new problem; When I try to connect to my router dhcp times out, and if I try to assign a static ip my router shows that the card is connected to it but it still doesn't assign any ip address. I tried with my phone via tethering (with an open network cuz no wep support so I limited connections to 1 and shut it down after) and even there it still won't assign an ip and dhcp times out too.

I'm so clooose, I just don't know what else I can do.

Anyone?