Wireless security - Networking

This is a discussion on Wireless security - Networking ; Wolfgang Draxinger writes: > DON'T use WEP. WEP is so insecure, that you might consider it > unencrypted. There are tools that break a WEP encryption within > few minutes, by injecting special packets. http://www.informit.com/articles/art...x?p=27666&rl=1 "Regardless of the issues surrounding ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 24 of 24

Thread: Wireless security

  1. Re: Wireless security

    Wolfgang Draxinger writes:

    > DON'T use WEP. WEP is so insecure, that you might consider it
    > unencrypted. There are tools that break a WEP encryption within
    > few minutes, by injecting special packets.


    http://www.informit.com/articles/art...x?p=27666&rl=1


    "Regardless of the issues surrounding WEP, it should be understood that
    cracking WEP is not as easy as everyone makes it sound. Although
    cracking WEP is possible on the typical home-owned WLAN, it would take
    two to four weeks to capture enough data to successfully extract the
    key. In other words, by simply enabling WEP and changing the secret
    key periodically, you can be fairly certain that your WLAN will not be
    hijacked by a hacker."


    --
    [** America, the police state **]
    Whoooose! What's that noise? Why, it's US citizen's
    rights, going down the toilet with Bush flushing.
    http://www.wired.com/politics/securi...007/08/wiretap
    http://www.hermes-press.com/police_state.htm

  2. Re: Wireless security

    Randy Yates writes:

    > The other side of the coin, however, is that if WPA is relatively easy
    > to employ, why not utilize it and be safe? I believe, at least for my
    > system (Fedora 8 and a Netgear wg311v3/ndiswrapper), this is NOT the
    > case, i.e., it's going to be a real pain to get WPA working.


    After a three-day fight and alot of swearing, I finally got WPA/WPA2
    working via hostap and wpa_supplicant. Hostap wasn't so bad, but when
    wpa_supplicant had even one bad line in its config file, it would
    throw the wireless interface into a tailspin that required destroying
    the interface, re-creating the interface, add the IP address, adding
    nick, channel, essid via iwconfig, and then bring the interface back
    up before another attempt with wpa_supplicant.

    I need a paragraph's worth of commands to up the interface and use
    hostap/wpa_suplicant, while WEP doesn't require either and needs about
    two commands total. I'll probably use WEP or just let the thing
    open [1] like the 8 other networks visible from my apartment while
    remembering someone might be watching. What's to see anyway, ecrypted
    SSH connections and me browsing Linux sites?

    BTW, why ndiswrapper? Won't the madwifi drivers work for your card? I
    have two Netgear WG311T's using madwifi drivers.




    [1] Actually, I think I'll just leave the ethernet/cable in place

    --
    [** America, the police state **]
    Whoooose! What's that noise? Why, it's US citizen's
    rights, going down the toilet with Bush flushing.
    http://www.wired.com/politics/securi...007/08/wiretap
    http://www.hermes-press.com/police_state.htm

  3. Re: Wireless security

    jayjwa writes:

    >Wolfgang Draxinger writes:


    >> DON'T use WEP. WEP is so insecure, that you might consider it
    >> unencrypted. There are tools that break a WEP encryption within
    >> few minutes, by injecting special packets.


    >http://www.informit.com/articles/art...x?p=27666&rl=1



    >"Regardless of the issues surrounding WEP, it should be understood that
    >cracking WEP is not as easy as everyone makes it sound. Although
    >cracking WEP is possible on the typical home-owned WLAN, it would take
    >two to four weeks to capture enough data to successfully extract the
    >key. In other words, by simply enabling WEP and changing the secret
    >key periodically, you can be fairly certain that your WLAN will not be
    >hijacked by a hacker."



    Well, I would say that this is two opinions overboard in opposite
    directions. WEP IS insecure, and I would certainly not rely on it for
    anything critical, but it is better than nothing. It still does require
    some work for the attacker to break it. Your position is like saying that
    putting locks on the doors of your house is worthless, since the attacker
    can always break down the door, or smash a window. Both require more work
    and may attract attention ( just like someone parking outside your house
    for a few hours with a laptop might attract attention).
    The amount of data needed is large, but with people downloading movies,
    etc, the amount of data which goes over a home wireless like can be very
    large.


  4. Re: Wireless security

    jayjwa wrote:

    > http://www.informit.com/articles/art...x?p=27666&rl=1
    >
    >
    > "Regardless of the issues surrounding WEP, it should be
    > understood that cracking WEP is not as easy as everyone makes
    > it sound. Although cracking WEP is possible on the typical
    > home-owned WLAN, it would take two to four weeks to capture
    > enough data to successfully extract the key. In other words, by
    > simply enabling WEP and changing the secret key periodically,
    > you can be fairly certain that your WLAN will not be hijacked
    > by a hacker."


    Look at the date of the article: It's been published in 2002,
    that was ages ago.

    A skilled hacker nicknamed "KoreK" developed an attack, that
    allows to generate enough packets for decryption within about 5
    minutes. That is done by injecting special formed packets into
    WEP encrypted network. The attack is implemented in the
    Aircrack-NG tools and I'm using this tool on a regular base, to
    show people, how insecure WEP is.

    http://www.aircrack-ng.org

    Wolfgang Draxinger
    --
    E-Mail address works, Jabber: hexarith@jabber.org, ICQ: 134682867


+ Reply to Thread
Page 2 of 2 FirstFirst 1 2