RE: Dumb question abt. Wireless WEP security

[Giraldo Alonso Suárez <giraldo.alonso () cigb edu cu>]

Hi, 
All the answers that I read about this topic are true.
I really want to response about the minor time to deride WEP. OK, all the ways spoke above to me message are fine but I 
think that exist a few time to do spoofing thanks to WEP weak. appropriate to one physical address of the wireless 
network and supplant identity (spoofing?).

WEP work in layer 3 and the physical address are in layer 2. Thereby with a sniff for a very short time the insider may 
catch and use a real address of the wireless network and inject traffic, or use the network to another tasks for 
example.

I think that this is the way to obtain minor time to hack WEP.

Thanks



-----Original Message-----
From: Random Task [mailto:rand0m_t4sk () yahoo com] 
Sent: Wednesday, January 21, 2004 5:54 PM
To: JGrimshaw () ASAP com; Vizo Bilisim Ltd.
Cc: security-basics () securityfocus com
Subject: Re: Dumb question abt. Wireless WEP security

With all due respect, Veli is asking how tough it is to crack, not
whether he should or should not use WEP. So, to that end, it's not
difficult. As someone else mentioned, even if you're using 128-bit
WEP, part of the key is transmitted in plain-text. This is the
initialization vector (IV) used in the hand-shake process. The IV is
usually 24 bits, so the security of your WEP encryption is
effectively 112 bit. And if you're using 64-bit, it is effectively 40
bit. 

The IV is used in the RC4 encryption algorithm, which has been shown
crackable. Even with a truly strong WEP key (not really possible) I
have read that cracking this encryption will take at most 11 days.
And this (if I recall correctly) is without having captured the IV.
Someone correct me if I'm wrong.

I have actually not attempted to crack a WEP key yet, but will be
attempting to do so soon. I will post my results if they are
noteworthy.

The Cisco WEP key switching someone else mentioned is a viable
solution to overcome WEP's weakness, but I think even in this
situation, if someone captured your traffic, they could later decrypt
each packet and view the session. This would (if I am correct in my
assumptions) prevent someone from accessing your network directly,
but not from accessing any data that was captured. I believe it is
called LEAP, but I may be incorrect.

In your research you may find people recommending 802.1x
authentication as a way to provide more security, but mathematically
speaking, this is just as weak as WEP. I think the only difference is
there may not be a tool to use to automate cracking 802.1x data, but
I have not looked. The weakness in 802.1x is the same as WEP, in that
it uses RC4. Whether there's an IV transmitted in plain-text or not,
the protocol is weak.

The cheapest and simplest solution is to use VPN or SSH, switch your
WEP key every day or two, or authenticate to a proxy server and just
forget using WEP. This all depends on what you're using it for
though, you may want to use VPN, altered WEP keys, AND a proxy
server.

Hope that helps, and as I said before, if I'm wrong, someone, please
correct me.

--- JGrimshaw () ASAP com wrote:
> To hopefully answer your question,
>
> From my computer in my home, I can access my Wireless Access point.
>
>
> Last night, when I turned off the access point, I  attached to one
> in the 
> neighborhood that is advertising it's SSID as Linksys.  Windows XP 
> connected me automatically.  I had no choice; I was a hacker
> because 
> Microsoft finds it to be more convenient that way rather than
> including 
> instructions on how to manually connect, if I chose to engage in
> such 
> activities.  I surfed the web for free, and briefly considered
> cancelling 
> my cable modem service.  After being unable to administratively log
> in to 
> 192.168.1.1, despite finding the default password on the internet
> via the 
> connection I inadvertently hijacked, I went to bed after running a
> ping 
> sweep on the subnet and finding I was the only computer connected
> and my 
> connection was slow anyway.  All from a regular PCI based wireless
> card 
> with no additional pringles can.
>
> The other SSID that is being advertised, D-Link, I was unable to
> connect 
> to.  It had WEP, and I couldn't connect.
>
> Moral of this true story that happened just last night:  WEP is
> better 
> than nothing.  You can complement it (or find an access point and
> cards 
> that cost more than $69 and use 128 bit encryption and eliminate
> this 
> issue entirely) by turning on IPsec between your hosts and servers,
> using 
> MAC layer security, and perhaps a proxy server that authenticates
> via user 
> ID.
>
> If you do not use anything, someone like me that subscribes to
> these 
> security lists may knock on your door one day, advertising his
> services. 
>
>
>
>
> "Vizo Bilisim Ltd." <vizo () vizo com> 
> 01/20/2004 08:23 AM
>
> To
> <security-basics () securityfocus com>
> cc
>
> Subject
> Dumb question abt. Wireless WEP security
>
>
>
>
>
>
> Hi all,
>
> There seems a general understanding that WEP is not secure enough,
> because
> theoretically WEP encyrption can be broken. 
>
> The question is abot the practical usage; how easy it is for WEP to
> be
> broken?
>
> Does it suffice to sniff the wireless network for one hour, or do
> we need 
> to
> sniff for few days? What happens if the wireless network is
> periodically
> stopped let's say every 10 hours for 15 minutes, 
>
> Regards,
>
> Veli I. Cigirgan
> Vizo Bilisim Sistemleri Ltd.
> Istanbul
> Tel:+90(212)210 2657
> Fax:+90(212)210 3678 
---------------------------------------------------------------------------
> Ethical Hacking at InfoSec Institute. Mention this ad and get $720
> off any 
>
> course! All of our class sizes are guaranteed to be 10 students or
> less. 
> We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion 
> Prevention, 
> and many other technical hands on courses. 
> Visit us at http://www.infosecinstitute.com/securityfocus to get
> $720 off 
> any course! 
----------------------------------------------------------------------------
>
---------------------------------------------------------------------------
> Ethical Hacking at InfoSec Institute. Mention this ad and get $720
> off any 
> course! All of our class sizes are guaranteed to be 10 students or
> less. 
> We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion
> Prevention, 
> and many other technical hands on courses. 
> Visit us at http://www.infosecinstitute.com/securityfocus to get
> $720 off 
> any course!  
----------------------------------------------------------------------------
>


__________________________________
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http://hotjobs.sweepstakes.yahoo.com/signingbonus

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!  
----------------------------------------------------------------------------




---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------