Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] Penetrating Wireless Networks

From: Marc Mosko <marc () COMPUTER ORG>
Date: Mon, 12 Mar 2001 21:03:29 -0800
A group at Berkeley cracked WEP.  They found 4 types of attacks
that make both the 40-bit and so called 128-bit insecure.

http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html

In regards to some other things posted in this thread, the authors
also state:


Although most 802.11 equipment is designed to disregard encrypted
content for which it does not have the key, we have been able to
successfully intercept WEP-encrypted transmissions by changing the
configuration of the drivers. We were able to confuse the firmware
enough that the ciphertext (encrypted form) of unrecognized packets
was returned to us for further examination and analysis.



Phil Cox wrote:
[snip]



A note on WEP:

Do not use it. Since static keys are used, the risk of
someone mounting a statistical cryptanalytical attack on WEP
(as the WEP Faq may have pointed out) are big. Some of the
older AP's are still shipped with 40 bit security. Some of
the cryptokeys are world readable in the registry on the
systems that have RLAN Nics installed, which is a big mistake.
So, dont just look at the hardware (Ok, do some SNMP & default
password checking) you need to look at the software side as well.


You are kidding right? If not, then what perfect solution do you propose? I
would agree that if anyone thinks WEP is the end all of wireless security,
they are sadly mistaken, but "Do not use it" is hardly an appropriate
answer. The answer is "use it, and other appropriate security measures".
Previous By Date Next
Previous By Thread Next

Current thread: