Security Basics mailing list archives
RE: Dumb question abt. Wireless WEP security
From: Giraldo Alonso Suárez <giraldo.alonso () cigb edu cu>
Date: Wed, 21 Jan 2004 20:33:24 -0500
Hi, All the answers that I read about this topic are true. I really want to response about the minor time to deride WEP. OK, all the ways spoke above to me message are fine but I think that exist a few time to do spoofing thanks to WEP weak. appropriate to one physical address of the wireless network and supplant identity (spoofing?). WEP work in layer 3 and the physical address are in layer 2. Thereby with a sniff for a very short time the insider may catch and use a real address of the wireless network and inject traffic, or use the network to another tasks for example. I think that this is the way to obtain minor time to hack WEP. Thanks -----Original Message----- From: Random Task [mailto:rand0m_t4sk () yahoo com] Sent: Wednesday, January 21, 2004 5:54 PM To: JGrimshaw () ASAP com; Vizo Bilisim Ltd. Cc: security-basics () securityfocus com Subject: Re: Dumb question abt. Wireless WEP security With all due respect, Veli is asking how tough it is to crack, not whether he should or should not use WEP. So, to that end, it's not difficult. As someone else mentioned, even if you're using 128-bit WEP, part of the key is transmitted in plain-text. This is the initialization vector (IV) used in the hand-shake process. The IV is usually 24 bits, so the security of your WEP encryption is effectively 112 bit. And if you're using 64-bit, it is effectively 40 bit. The IV is used in the RC4 encryption algorithm, which has been shown crackable. Even with a truly strong WEP key (not really possible) I have read that cracking this encryption will take at most 11 days. And this (if I recall correctly) is without having captured the IV. Someone correct me if I'm wrong. I have actually not attempted to crack a WEP key yet, but will be attempting to do so soon. I will post my results if they are noteworthy. The Cisco WEP key switching someone else mentioned is a viable solution to overcome WEP's weakness, but I think even in this situation, if someone captured your traffic, they could later decrypt each packet and view the session. This would (if I am correct in my assumptions) prevent someone from accessing your network directly, but not from accessing any data that was captured. I believe it is called LEAP, but I may be incorrect. In your research you may find people recommending 802.1x authentication as a way to provide more security, but mathematically speaking, this is just as weak as WEP. I think the only difference is there may not be a tool to use to automate cracking 802.1x data, but I have not looked. The weakness in 802.1x is the same as WEP, in that it uses RC4. Whether there's an IV transmitted in plain-text or not, the protocol is weak. The cheapest and simplest solution is to use VPN or SSH, switch your WEP key every day or two, or authenticate to a proxy server and just forget using WEP. This all depends on what you're using it for though, you may want to use VPN, altered WEP keys, AND a proxy server. Hope that helps, and as I said before, if I'm wrong, someone, please correct me. --- JGrimshaw () ASAP com wrote:
To hopefully answer your question, From my computer in my home, I can access my Wireless Access point. Last night, when I turned off the access point, I attached to one in the neighborhood that is advertising it's SSID as Linksys. Windows XP connected me automatically. I had no choice; I was a hacker because Microsoft finds it to be more convenient that way rather than including instructions on how to manually connect, if I chose to engage in such activities. I surfed the web for free, and briefly considered cancelling my cable modem service. After being unable to administratively log in to 192.168.1.1, despite finding the default password on the internet via the connection I inadvertently hijacked, I went to bed after running a ping sweep on the subnet and finding I was the only computer connected and my connection was slow anyway. All from a regular PCI based wireless card with no additional pringles can. The other SSID that is being advertised, D-Link, I was unable to connect to. It had WEP, and I couldn't connect. Moral of this true story that happened just last night: WEP is better than nothing. You can complement it (or find an access point and cards that cost more than $69 and use 128 bit encryption and eliminate this issue entirely) by turning on IPsec between your hosts and servers, using MAC layer security, and perhaps a proxy server that authenticates via user ID. If you do not use anything, someone like me that subscribes to these security lists may knock on your door one day, advertising his services. "Vizo Bilisim Ltd." <vizo () vizo com> 01/20/2004 08:23 AM To <security-basics () securityfocus com> cc Subject Dumb question abt. Wireless WEP security Hi all, There seems a general understanding that WEP is not secure enough, because theoretically WEP encyrption can be broken. The question is abot the practical usage; how easy it is for WEP to be broken? Does it suffice to sniff the wireless network for one hour, or do we need to sniff for few days? What happens if the wireless network is periodically stopped let's say every 10 hours for 15 minutes, Regards, Veli I. Cigirgan Vizo Bilisim Sistemleri Ltd. Istanbul Tel:+90(212)210 2657 Fax:+90(212)210 3678
---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course!
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course!
----------------------------------------------------------------------------
__________________________________ Do you Yahoo!? Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Dumb question abt. Wireless WEP security Vizo Bilisim Ltd. (Jan 20)
- Re: Dumb question abt. Wireless WEP security JGrimshaw (Jan 20)
- Re: Dumb question abt. Wireless WEP security Random Task (Jan 21)
- RE: Dumb question abt. Wireless WEP security Michael P. Kassner (Jan 22)
- Re: Dumb question abt. Wireless WEP security Greg Tracy (Jan 22)
- Re: Dumb question abt. Wireless WEP security Random Task (Jan 21)
- Re: Dumb question abt. Wireless WEP security JGrimshaw (Jan 20)
- Re: Dumb question abt. Wireless WEP security Steve Frank (Jan 20)
- RE: Dumb question abt. Wireless WEP security Sarbjit Singh Gill (Jan 21)
- <Possible follow-ups>
- RE: Dumb question abt. Wireless WEP security jburzenski (Jan 20)
- RE: Dumb question abt. Wireless WEP security Rosenhan, David (Jan 20)
- RE: Dumb question abt. Wireless WEP security Giraldo Alonso Suárez (Jan 22)
- RE: Dumb question abt. Wireless WEP security Shawn Jackson (Jan 22)
- Re: Dumb question abt. Wireless WEP security crtech (Jan 26)
- RE: Dumb question abt. Wireless WEP security Bruyere, Michel (Jan 26)
- RE: Dumb question abt. Wireless WEP security Shawn Jackson (Jan 26)