Page 1 of 2

For the mods to consider :

PostPosted: Fri Jun 09, 2006 6:33 am
by Starpoint
Guys, as much as I hate to see threads deleted, I want to express something we ALL should consider.

This thread in the UNix/Linux section talks about "How to crack WEP under GNU/Linux"
http://www.netstumbler.org/showthread.php?t=11161

G8te is even posted in there asking about making it a "sticky"

Now as often as we flame/ban people about stealing wifi, cracking wep and all, should we NOT have threads on here that give examples?

I mean a N00b might go read that, then their 1st post is "I want to crack wep and per this thread you guys seem to talk/condone it... so here is my question."


I say we all need to go thru the forums, and any forum that has a thread that discuss's wep cracking, DELETE IT!

any thoughts?

PostPosted: Fri Jun 09, 2006 6:41 am
by wrzwaldo
WEP/WPA/Whatever Else is often part of a wireless audit/pen test. I think discussion should be allowed but I think any thread that requests step-by-step instruction or is a blatant query for assistance cracking something they have no business cracking should be swiftly dealt with.

WW

PostPosted: Fri Jun 09, 2006 6:59 am
by Starpoint
wrzwaldo wrote:WEP/WPA/Whatever Else is often part of a wireless audit/pen test. I think discussion should be allowed but I think any thread that requests step-by-step instruction or is a blatant query for assistance cracking something they have no business cracking should be swiftly dealt with.

WW


A good discussion is always welcomed, my POV is this: Even some basic guidance about wep cracking (telling them to Google for it) is still telling them "we do not condemn it" If they want to learn, let them learn on their own. Even if they ask "have you ever cracked your OWN wep key?" don't even answer.

This way they should get the feeling that no-one here will even acknowledge wep cracking in general, they will either give up and go away, or say something stupid and get banned

PostPosted: Fri Jun 09, 2006 7:10 am
by randomr8
Starpoint is stellar at sturring up topics. I have to believe that the regular contributors of this forum, with their gentle guidance:rolleyes: , keep alot of noobs from going to a meeting with Bubba. It may not be the job of this forum to be the moral compass of all things wireless, but someone has to be. I haven't seen any group better qualified. It's better that people get a straight slap to the face here than the slap of some cuffs down the road. My 2 cents.

PostPosted: Fri Jun 09, 2006 8:12 am
by renderman
I think you need to consider context. The discussion about cracking WEP/WPA as an academic exercise is one thing, but n00b flame attractors coming on and asking why they can't use thier broadcom for injection is right out.

When Aircrack first came out the mods were pretty good about sorting the good and the bad. The good usually were approaching it scientifically and were discussing metrics of time and packet count. The jackasses usually just start out bitching that it won't run on thier card.

One thing to consider it the recent Cowpatty/WPA tables we released. Discussion about the mechanics of it and efficiencies of wordlists, etc has been fine, but people bithing that they can't get a 4 way handshake are punished.

I think that sane logical discussion is fine, but any hint of mal intent should be cleared off. If they really want the answer, it's probobly buried under that elusive search button. Let's just not spoonfeed them.

PostPosted: Fri Jun 09, 2006 8:24 am
by Thorn
renderman wrote:I think you need to consider context. The discussion about cracking WEP/WPA as an academic exercise is one thing, but n00b flame attractors coming on and asking why they can't use thier broadcom for injection is right out.

When Aircrack first came out the mods were pretty good about sorting the good and the bad. The good usually were approaching it scientifically and were discussing metrics of time and packet count. The jackasses usually just start out bitching that it won't run on thier card.

One thing to consider it the recent Cowpatty/WPA tables we released. Discussion about the mechanics of it and efficiencies of wordlists, etc has been fine, but people bithing that they can't get a 4 way handshake are punished.

I think that sane logical discussion is fine, but any hint of mal intent should be cleared off. If they really want the answer, it's probobly buried under that elusive search button. Let's just not spoonfeed them.
Render has summed up my feelings on this pretty well. I've never minded any discussion about the theory or even the general applications about cracking WEP. As wrzwaldo pointed out, such attacks are valid for audits and pen tests, which fits in with the infosec tone which runs through these forums.

However, my position regarding a HOWTO is that it's way over the line. As I've stated in the past, I'm no more inclined to do that as I am to supply a HOWTO on robbing a bank.

PostPosted: Fri Jun 09, 2006 8:27 am
by streaker69
Thorn wrote:Render has summed up my feelings on this pretty well. I've never minded any discussion about the theory or even the general applications about cracking WEP. As wrzwaldo pointed out, such attacks are valid for audits and pen tests, which fits in with the infosec tone which runs through these forums.

However, my position regarding a HOWTO is that it's way over the line. As I've stated in the past, I'm no more inclined to do that as I am to supply a HOWTO on robbing a bank.


A. Put on Mask
B. walk into bank
c. Demand money.

"A" is optional since banks don't care anymore, they just give out money to anyone that demands it anymore without question.

PostPosted: Fri Jun 09, 2006 8:39 am
by Dutch
streaker69 wrote:A. Put on Mask
B. walk into bank
c. Demand money.

"A" is optional since banks don't care anymore, they just give out money to anyone that demands it anymore without question.

D. Go outside and depending on speed of execution of step C, see step E or step F

E. Go home, and turn on local news channel to see your face on the screen from the surveillance camera footage in the bank, then go to step E

F. Lay down on street while officers search you for concealed weapons, and Mirandarize you.

End of How To.

Dutch

PostPosted: Fri Jun 09, 2006 8:41 am
by streaker69
Dutch wrote:D. Go outside and depending on speed of execution of step C, see step E or step F

E. Go home, and turn on local news channel to see your face on the screen from the surveillance camera footage in the bank, then go to step E

F. Lay down on street while officers search you for concealed weapons, and sodomize you.

End of How To.

Dutch


Fixed.

PostPosted: Fri Jun 09, 2006 8:47 am
by renderman
One could also consider the documentation for Aircrack or cowpatty to be a how-to. I have no problems with how-to's per'se. A properly written how-to steps you through everything in the documentation to do 'whatever'.

What I and I think everyone else objects to is the spoon feeding of basic, stupid information. i.e. why does'nt my broadcom work, how do i work this linux thing, etc.

I think that as long as there is a baseline knowledge required (basic unix, basic wireless know-how) we can weed out the intelligent from the stupid (if they can't hit search to find an old posted how-to, that's a pretty high baseline)

Just my thoughts

PostPosted: Fri Jun 09, 2006 8:54 am
by MikeP928
streaker69 wrote:A. Put on Mask
B. walk into bank
c. Demand money.

"A" is optional since banks don't care anymore, they just give out money to anyone that demands it anymore without question.


If you were handing out paint bombs, wouldn't you prefer they not have on any facial protection?

I think they should pack a couple of flash bangs in with the paint bomb. Discolor both ends at the same time.

MikeP

PostPosted: Fri Jun 09, 2006 10:02 am
by Mother
IMHO if we have a thread that anyone can read, and of course that people can search for, which gives some pointers towards WEP/WPA cracking (or whatever touchy topic), then we have all the right to flame the n00b that comes in asking "hey, how do I crack WEP" in his first post.

There are plenty of step-by-step guides (even videos) on using aircrack, so why they have to come in here and ask the same questions ad nauseam really escapes me.

Cheers,

Mother

PostPosted: Fri Jun 09, 2006 10:16 am
by Barry
MikeP928 wrote:If you were handing out paint bombs, wouldn't you prefer they not have on any facial protection?

I think they should pack a couple of flash bangs in with the paint bomb. Discolor both ends at the same time.

MikeP



Screw that. Claymores. They'll just plea bargin their way out of a long term and be back on the streets in a year anyway. Body bags are way cheaper than all the court costs, plus whatever it costs to keep them in jail. Or we could make out banks like they do over in Russia. The tellers are armed, and can shoot better than Audit. A friend of mine up here has a Russian wife that was a bank teller for a while. They are trained by whatever took over for the KGB, she did it long enough ago to actually be trained by the KGB.

PostPosted: Fri Jun 09, 2006 11:39 am
by G8tK33per
Starpoint wrote:Guys, as much as I hate to see threads deleted, I want to express something we ALL should consider.

This thread in the UNix/Linux section talks about "How to crack WEP under GNU/Linux"
http://www.netstumbler.org/showthread.php?t=11161

G8te is even posted in there asking about making it a "sticky"

Now as often as we flame/ban people about stealing wifi, cracking wep and all, should we NOT have threads on here that give examples?

I mean a N00b might go read that, then their 1st post is "I want to crack wep and per this thread you guys seem to talk/condone it... so here is my question."


I say we all need to go thru the forums, and any forum that has a thread that discuss's wep cracking, DELETE IT!

any thoughts?

Not being sure of the purpose of mentioning my name, I will say this. There are only 3 people on this board I have to keep happy (no, not THAT). Thorn, aFR and bks. If you don't like the way I do things, talk to them. I'll hand over my bat in a heartbeat and wish you luck keeping up the shit that crawls in here on a regular basis. I have a full-time job, a life and kids. If I miss the complete content of a thread now and then, excuse the fuck outta me. Cut my pay...

PostPosted: Fri Jun 09, 2006 12:17 pm
by Dutch
G8tK33per wrote:Not being sure of the purpose of mentioning my name, I will say this. There are only 3 people on this board I have to keep happy (no, not THAT). Thorn, aFR and bks. If you don't like the way I do things, talk to them. I'll hand over my bat in a heartbeat and wish you luck keeping up the shit that crawls in here on a regular basis. I have a full-time job, a life and kids. If I miss the complete content of a thread now and then, excuse the fuck outta me. Cut my pay...


Hell no, you ain't getting away from moderator duty that easy. It's like being appointed/anointed a Supreme Court Judge. Once in, it's a term for life (or as long as the NS Forum gods (bks+aFR) decides).

All the moderators has their own distinctive style of moderating, Voice Of Reason, RedNeck Nazi, The Bat<tm> etc etc, but all of the moderators follows the same baseline. If your posts appear more un-P.C. in some peoples eyes, they have the problem, not you. You are doing a good job, and I'm not the only one who'd hate to see you pass The Bat<tm> on to somebody else, bro..

Dutch