Security Basics mailing list archives
Re: Dumb question abt. Wireless WEP security
From: JGrimshaw () ASAP com
Date: Tue, 20 Jan 2004 12:06:07 -0600
To hopefully answer your question,
From my computer in my home, I can access my Wireless Access point.
Last night, when I turned off the access point, I attached to one in the neighborhood that is advertising it's SSID as Linksys. Windows XP connected me automatically. I had no choice; I was a hacker because Microsoft finds it to be more convenient that way rather than including instructions on how to manually connect, if I chose to engage in such activities. I surfed the web for free, and briefly considered cancelling my cable modem service. After being unable to administratively log in to 192.168.1.1, despite finding the default password on the internet via the connection I inadvertently hijacked, I went to bed after running a ping sweep on the subnet and finding I was the only computer connected and my connection was slow anyway. All from a regular PCI based wireless card with no additional pringles can. The other SSID that is being advertised, D-Link, I was unable to connect to. It had WEP, and I couldn't connect. Moral of this true story that happened just last night: WEP is better than nothing. You can complement it (or find an access point and cards that cost more than $69 and use 128 bit encryption and eliminate this issue entirely) by turning on IPsec between your hosts and servers, using MAC layer security, and perhaps a proxy server that authenticates via user ID. If you do not use anything, someone like me that subscribes to these security lists may knock on your door one day, advertising his services. "Vizo Bilisim Ltd." <vizo () vizo com> 01/20/2004 08:23 AM To <security-basics () securityfocus com> cc Subject Dumb question abt. Wireless WEP security Hi all, There seems a general understanding that WEP is not secure enough, because theoretically WEP encyrption can be broken. The question is abot the practical usage; how easy it is for WEP to be broken? Does it suffice to sniff the wireless network for one hour, or do we need to sniff for few days? What happens if the wireless network is periodically stopped let's say every 10 hours for 15 minutes, Regards, Veli I. Cigirgan Vizo Bilisim Sistemleri Ltd. Istanbul Tel:+90(212)210 2657 Fax:+90(212)210 3678 --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Dumb question abt. Wireless WEP security Vizo Bilisim Ltd. (Jan 20)
- Re: Dumb question abt. Wireless WEP security JGrimshaw (Jan 20)
- Re: Dumb question abt. Wireless WEP security Random Task (Jan 21)
- RE: Dumb question abt. Wireless WEP security Michael P. Kassner (Jan 22)
- Re: Dumb question abt. Wireless WEP security Greg Tracy (Jan 22)
- Re: Dumb question abt. Wireless WEP security Random Task (Jan 21)
- Re: Dumb question abt. Wireless WEP security JGrimshaw (Jan 20)
- Re: Dumb question abt. Wireless WEP security Steve Frank (Jan 20)
- RE: Dumb question abt. Wireless WEP security Sarbjit Singh Gill (Jan 21)
- <Possible follow-ups>
- RE: Dumb question abt. Wireless WEP security jburzenski (Jan 20)
- RE: Dumb question abt. Wireless WEP security Rosenhan, David (Jan 20)
- RE: Dumb question abt. Wireless WEP security Giraldo Alonso Suárez (Jan 22)
- RE: Dumb question abt. Wireless WEP security Shawn Jackson (Jan 22)
- Re: Dumb question abt. Wireless WEP security crtech (Jan 26)