NetStumbler.org Forums - View Single Post

KoreK · 08-06-2004

I don't want to disappoint you, but if you are using wep, and somebody wants to screw you, he won't have much trouble. WEP is broken (officially since 2001). WEP-64 with a passphrase is even worse, since it's not even 40-bit security (easy brute force, 90 seconds on a PII-233, according to the README in Tim Newsham's wep_util). WEP-64 in hex can be brute-forced (day-days?). WEP-128 can not be brute-forced, nevertheless WEP has so many holes, that cracking it takes minutes/hours, depending on the tools/conditions. For example, if you are using P2P (ie lot of traffic), it will be crackable in less than a day. If the attacker generates a lot of traffic (wnet), it will be crackable in a few hours. You can configure WEP to use 4 keys, rotating them, nevertheless your solution is still broken. Answer is WPA, which means new card/new access point, or some IPsec/VPN solution, which also means new hardware. Do use WEP (13-byte hex key - passphrases generally don't work), if you don't have a choice, nevertheless never consider your link safe.

Authentification method should be open-system. As you can guess, WEP shared-key authentification is also broken. It gives attacker a simple way to inject any kind of traffic on your wireless network (wepwedgie). Not that it really matters, since as I mentionned somewhere above, WEP is broken.

MAC address authentification is commonly known as "MAC address filtering". Kismet or ethereal will get you the MAC connected to an AP.

SSID cloaking is pretty useless. Waiting for a new connection, or simply sending a Dissassociate frame will reveal the SSID. Only nice thing about it, is that Windows XP Wireless Configuration for Zeros doesn't like it...

Of the three measures, WEP is probably the least weak (since it requires more than a bit of sniffing around).

Post-edit: Removed a word. BTW don't forget to change the AP default password (admin).

08-06-2004	#9 (permalink)
KoreK Banned in DC Join Date: Jul 2004 Posts: 102	I don't want to disappoint you, but if you are using wep, and somebody wants to screw you, he won't have much trouble. WEP is broken (officially since 2001). WEP-64 with a passphrase is even worse, since it's not even 40-bit security (easy brute force, 90 seconds on a PII-233, according to the README in Tim Newsham's wep_util). WEP-64 in hex can be brute-forced (day-days?). WEP-128 can not be brute-forced, nevertheless WEP has so many holes, that cracking it takes minutes/hours, depending on the tools/conditions. For example, if you are using P2P (ie lot of traffic), it will be crackable in less than a day. If the attacker generates a lot of traffic (wnet), it will be crackable in a few hours. You can configure WEP to use 4 keys, rotating them, nevertheless your solution is still broken. Answer is WPA, which means new card/new access point, or some IPsec/VPN solution, which also means new hardware. Do use WEP (13-byte hex key - passphrases generally don't work), if you don't have a choice, nevertheless never consider your link safe. Authentification method should be open-system. As you can guess, WEP shared-key authentification is also broken. It gives attacker a simple way to inject any kind of traffic on your wireless network (wepwedgie). Not that it really matters, since as I mentionned somewhere above, WEP is broken. MAC address authentification is commonly known as "MAC address filtering". Kismet or ethereal will get you the MAC connected to an AP. SSID cloaking is pretty useless. Waiting for a new connection, or simply sending a Dissassociate frame will reveal the SSID. Only nice thing about it, is that Windows XP Wireless Configuration for Zeros doesn't like it... Of the three measures, WEP is probably the least weak (since it requires more than a bit of sniffing around). Post-edit: Removed a word. BTW don't forget to change the AP default password (admin). Last edited by KoreK : 08-06-2004 at 06:44 PM.