Re: Dumb question abt. Wireless WEP security

[JGrimshaw () ASAP com]

To hopefully answer your question,

> From my computer in my home, I can access my Wireless Access point. 

Last night, when I turned off the access point, I  attached to one in the 
neighborhood that is advertising it's SSID as Linksys.  Windows XP 
connected me automatically.  I had no choice; I was a hacker because 
Microsoft finds it to be more convenient that way rather than including 
instructions on how to manually connect, if I chose to engage in such 
activities.  I surfed the web for free, and briefly considered cancelling 
my cable modem service.  After being unable to administratively log in to 
192.168.1.1, despite finding the default password on the internet via the 
connection I inadvertently hijacked, I went to bed after running a ping 
sweep on the subnet and finding I was the only computer connected and my 
connection was slow anyway.  All from a regular PCI based wireless card 
with no additional pringles can.

The other SSID that is being advertised, D-Link, I was unable to connect 
to.  It had WEP, and I couldn't connect.

Moral of this true story that happened just last night:  WEP is better 
than nothing.  You can complement it (or find an access point and cards 
that cost more than $69 and use 128 bit encryption and eliminate this 
issue entirely) by turning on IPsec between your hosts and servers, using 
MAC layer security, and perhaps a proxy server that authenticates via user 
ID.

If you do not use anything, someone like me that subscribes to these 
security lists may knock on your door one day, advertising his services. 




"Vizo Bilisim Ltd." <vizo () vizo com> 
01/20/2004 08:23 AM

To
<security-basics () securityfocus com>
cc

Subject
Dumb question abt. Wireless WEP security






Hi all,

There seems a general understanding that WEP is not secure enough, because
theoretically WEP encyrption can be broken. 

The question is abot the practical usage; how easy it is for WEP to be
broken?

Does it suffice to sniff the wireless network for one hour, or do we need 
to
sniff for few days? What happens if the wireless network is periodically
stopped let's say every 10 hours for 15 minutes, 

Regards,

Veli I. Cigirgan
Vizo Bilisim Sistemleri Ltd.
Istanbul
Tel:+90(212)210 2657
Fax:+90(212)210 3678 


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 

course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion 
Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course! 
----------------------------------------------------------------------------




---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------