Security Basics mailing list archives
RE: Dumb question abt. Wireless WEP security
From: jburzenski () americanhm com
Date: Tue, 20 Jan 2004 14:48:31 -0500
Hi all, There seems a general understanding that WEP is not secure enough, because theoretically WEP encyrption can be broken. The question is abot the practical usage; how easy it is for WEP to be broken?
The rate at which WEP can be broken using traditional methods depends on the amount of traffic that is generated by the wireless network. In my experience a typical network will take at least 3 days to crack with the average looking more like 7-10 days. This is using tools such as Kismet / Airsnort / wepcrack. To attempt to answer your first question below, I haven't run into a WEP protected network that could be cracked in less than an hour (or a day for that matter).
Does it suffice to sniff the wireless network for one hour, or do we need to sniff for few days? What happens if the wireless network is periodically stopped let's say every 10 hours for 15 minutes,
Periodically stopping the wireless network (ie. Killing the power) every day for a few minutes won't make a whole lot of difference to a cracker. Unless you change your keys or something, the cracking process will pick up right where it left off. If you can leave your network off for hours at a time (when the business is closed or when the lights are turned off) you will be better protected from the casual war-driver because your network will be undetectable while it is powered off. Speaking practically, turning off your network to protect your WEP keys doesn't really make a whole lot of sense. There are two types of hackers coming after your wireless network, casual and determined. The casual hacker will most likely keep on driving because chances are there are 10-12 unsecured, clear text wireless networks with out of the box configuration settings setup with 3 miles of where you are. The determined hacker who has patience and accessibility to your wireless signal will break your WEP and will sniff your traffic which is why it is imperative to not rely solely on WEP for protection of your data.
Regards, Veli I. Cigirgan Vizo Bilisim Sistemleri Ltd. Istanbul Tel:+90(212)210 2657 Fax:+90(212)210 3678
--------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Dumb question abt. Wireless WEP security Vizo Bilisim Ltd. (Jan 20)
- Re: Dumb question abt. Wireless WEP security JGrimshaw (Jan 20)
- Re: Dumb question abt. Wireless WEP security Random Task (Jan 21)
- RE: Dumb question abt. Wireless WEP security Michael P. Kassner (Jan 22)
- Re: Dumb question abt. Wireless WEP security Greg Tracy (Jan 22)
- Re: Dumb question abt. Wireless WEP security Random Task (Jan 21)
- Re: Dumb question abt. Wireless WEP security JGrimshaw (Jan 20)
- Re: Dumb question abt. Wireless WEP security Steve Frank (Jan 20)
- RE: Dumb question abt. Wireless WEP security Sarbjit Singh Gill (Jan 21)
- <Possible follow-ups>
- RE: Dumb question abt. Wireless WEP security jburzenski (Jan 20)
- RE: Dumb question abt. Wireless WEP security Rosenhan, David (Jan 20)
- RE: Dumb question abt. Wireless WEP security Giraldo Alonso Suárez (Jan 22)
- RE: Dumb question abt. Wireless WEP security Shawn Jackson (Jan 22)
- Re: Dumb question abt. Wireless WEP security crtech (Jan 26)
- RE: Dumb question abt. Wireless WEP security Bruyere, Michel (Jan 26)
- RE: Dumb question abt. Wireless WEP security Shawn Jackson (Jan 26)