Ignoramus4611 writes:

>Is 128 bit wep any more secure than 64 bit wep?

>This is in context of an apartment building.

>The wifi router in question, unfortunately does not support WPA.

>How much security do its owners really have?

As a previous post says, look at
http://www.aircrack-ng.org
It claims 3-5 min is enough time to collect enough info ( using active
techniques) to crack 128 bit WEP.
Of course your attacker must want to crack you,and must have the tools to
do
so. Unfortunately neither of those are under your control. Thus, yes, WEP
is better than nothing. But if y our attacker is determined, it is not much
better than nothing. If he is not, then you should be fine.



>i

On 2007-12-26, Unruh wrote:
> Ignoramus4611 writes:
>
>>Is 128 bit wep any more secure than 64 bit wep?
>
>>This is in context of an apartment building.
>
>>The wifi router in question, unfortunately does not support WPA.
>
>>How much security do its owners really have?
>
> As a previous post says, look at
> http://www.aircrack-ng.org
> It claims 3-5 min is enough time to collect enough info ( using active
> techniques) to crack 128 bit WEP.
> Of course your attacker must want to crack you,and must have the tools to
> do
> so. Unfortunately neither of those are under your control. Thus, yes, WEP
> is better than nothing. But if y our attacker is determined, it is not much
> better than nothing. If he is not, then you should be fine.

I think that I will start looking for a new WPA capable wifi
router. This is very unfortunately, as they are unable to set it up by
themselves.

i

On Wed, 26 Dec 2007 15:11:49 -0600, Ignoramus4611 wrote:

> Is 128 bit wep any more secure than 64 bit wep?
>
> This is in context of an apartment building.
>
> The wifi router in question, unfortunately does not support WPA.
>
> How much security do its owners really have?
>
> i

WEP is useful for keeping your neighbors from stealing your bandwidth but
you shouldn't count on it for security. A weak cipher is worse than no
cipher, just ask Mary Queen of Scots (she counted on an easily broken
cipher and it cost her her head).

If you are going to use a wireless network you should treat it like the
Internet, i.e. assume that everything is visible. Put firewalls on all of
your machines with only the ssh port open if you can. Require RSA
authentication on the ssh connections and don't allow root access on ssh.
If you need some other ports open then you should take the same
precautions as you would if those ports were connected to the Internet.

Ignoramus7897 writes:

>On 2007-12-26, Unruh wrote:
>> Ignoramus4611 writes:
>>
>>>Is 128 bit wep any more secure than 64 bit wep?
>>
>>>This is in context of an apartment building.
>>
>>>The wifi router in question, unfortunately does not support WPA.
>>
>>>How much security do its owners really have?
>>
>> As a previous post says, look at
>> http://www.aircrack-ng.org
>> It claims 3-5 min is enough time to collect enough info ( using active
>> techniques) to crack 128 bit WEP.
>> Of course your attacker must want to crack you,and must have the tools to
>> do
>> so. Unfortunately neither of those are under your control. Thus, yes, WEP
>> is better than nothing. But if y our attacker is determined, it is not much
>> better than nothing. If he is not, then you should be fine.

>I think that I will start looking for a new WPA capable wifi
>router. This is very unfortunately, as they are unable to set it up by
>themselves.

Maybe if you were to tell us what your attack threat was, we could help you
more. Ie, if you are worried that the other apartment dwellers will connect
to the internet via your router and dsl connection and hog the whole
bandwidth, then simple WEP is probably sufficient to discourage them. After
using it and discovering that it is not sufficient (ie finding that your
apartment neighbours are using your bandwidth and using up your quota of
bytes transfered from your ISP) then you can escalate to buying a new
wireless router. Or you can simply disable wireless and use wired
connections. Or you can buy a new router ($20 on boxing week sales).

WPA is not that much more difficult than WEP on Linux.

Who are "they"?

On 2007-12-27, Unruh wrote:
> Ignoramus7897 writes:
>
>>On 2007-12-26, Unruh wrote:
>>> Ignoramus4611 writes:
>>>
>>>>Is 128 bit wep any more secure than 64 bit wep?
>>>
>>>>This is in context of an apartment building.
>>>
>>>>The wifi router in question, unfortunately does not support WPA.
>>>
>>>>How much security do its owners really have?
>>>
>>> As a previous post says, look at
>>> http://www.aircrack-ng.org
>>> It claims 3-5 min is enough time to collect enough info ( using active
>>> techniques) to crack 128 bit WEP.
>>> Of course your attacker must want to crack you,and must have the tools to
>>> do
>>> so. Unfortunately neither of those are under your control. Thus, yes, WEP
>>> is better than nothing. But if y our attacker is determined, it is not much
>>> better than nothing. If he is not, then you should be fine.
>
>>I think that I will start looking for a new WPA capable wifi
>>router. This is very unfortunately, as they are unable to set it up by
>>themselves.
>
> Maybe if you were to tell us what your attack threat was, we could help you
> more. Ie, if you are worried that the other apartment dwellers will connect
> to the internet via your router and dsl connection and hog the whole
> bandwidth, then simple WEP is probably sufficient to discourage them. After
> using it and discovering that it is not sufficient (ie finding that your
> apartment neighbours are using your bandwidth and using up your quota of
> bytes transfered from your ISP) then you can escalate to buying a new
> wireless router. Or you can simply disable wireless and use wired
> connections. Or you can buy a new router ($20 on boxing week sales).
>
> WPA is not that much more difficult than WEP on Linux.
>
> Who are "they"?
>

They are my parents. They stubbornly refuse to do system
administration. My dad has used computers since the 60s and yet does
not want to learn sysadmin stuff etc. Whateverr.

The threat model is that some resident of their apartments would abuse
their bandwidth.

i

On Fri, 28 Dec 2007 07:42:13 -0600, Ignoramus14384 wrote:

> On 2007-12-27, Unruh wrote:
>> Ignoramus7897 writes:
>>
>>>On 2007-12-26, Unruh wrote:
>>>> Ignoramus4611 writes:
>>>>
>>>>>Is 128 bit wep any more secure than 64 bit wep?
>>>>
>>>>>This is in context of an apartment building.
>>>>
>>>>>The wifi router in question, unfortunately does not support WPA.
>>>>
>>>>>How much security do its owners really have?
>>>>
>>>> As a previous post says, look at
>>>> http://www.aircrack-ng.org
>>>> It claims 3-5 min is enough time to collect enough info ( using
>>>> active techniques) to crack 128 bit WEP.
>>>> Of course your attacker must want to crack you,and must have the
>>>> tools to do
>>>> so. Unfortunately neither of those are under your control. Thus, yes,
>>>> WEP is better than nothing. But if y our attacker is determined, it
>>>> is not much better than nothing. If he is not, then you should be
>>>> fine.
>>
>>>I think that I will start looking for a new WPA capable wifi router.
>>>This is very unfortunately, as they are unable to set it up by
>>>themselves.
>>
>> Maybe if you were to tell us what your attack threat was, we could help
>> you more. Ie, if you are worried that the other apartment dwellers will
>> connect to the internet via your router and dsl connection and hog the
>> whole bandwidth, then simple WEP is probably sufficient to discourage
>> them. After using it and discovering that it is not sufficient (ie
>> finding that your apartment neighbours are using your bandwidth and
>> using up your quota of bytes transfered from your ISP) then you can
>> escalate to buying a new wireless router. Or you can simply disable
>> wireless and use wired connections. Or you can buy a new router ($20 on
>> boxing week sales).
>>
>> WPA is not that much more difficult than WEP on Linux.
>>
>> Who are "they"?
>>
>>
> They are my parents. They stubbornly refuse to do system administration.
> My dad has used computers since the 60s and yet does not want to learn
> sysadmin stuff etc. Whateverr.
>
> The threat model is that some resident of their apartments would abuse
> their bandwidth.
>
> i

They aren't running any servers so you can close all of their ports on
their firewall. A firewall plus WEP should be enough for their needs.

Ignoramus14384 writes:

>On 2007-12-27, Unruh wrote:
>> Ignoramus7897 writes:
>>
>>>On 2007-12-26, Unruh wrote:
>>>> Ignoramus4611 writes:
>>>>
>>>>>Is 128 bit wep any more secure than 64 bit wep?
>>>>
>>>>>This is in context of an apartment building.
>>>>
>>>>>The wifi router in question, unfortunately does not support WPA.
>>>>
>>>>>How much security do its owners really have?
>>>>
>>>> As a previous post says, look at
>>>> http://www.aircrack-ng.org
>>>> It claims 3-5 min is enough time to collect enough info ( using active
>>>> techniques) to crack 128 bit WEP.
>>>> Of course your attacker must want to crack you,and must have the tools to
>>>> do
>>>> so. Unfortunately neither of those are under your control. Thus, yes, WEP
>>>> is better than nothing. But if y our attacker is determined, it is not much
>>>> better than nothing. If he is not, then you should be fine.
>>
>>>I think that I will start looking for a new WPA capable wifi
>>>router. This is very unfortunately, as they are unable to set it up by
>>>themselves.
>>
>> Maybe if you were to tell us what your attack threat was, we could help you
>> more. Ie, if you are worried that the other apartment dwellers will connect
>> to the internet via your router and dsl connection and hog the whole
>> bandwidth, then simple WEP is probably sufficient to discourage them. After
>> using it and discovering that it is not sufficient (ie finding that your
>> apartment neighbours are using your bandwidth and using up your quota of
>> bytes transfered from your ISP) then you can escalate to buying a new
>> wireless router. Or you can simply disable wireless and use wired
>> connections. Or you can buy a new router ($20 on boxing week sales).
>>
>> WPA is not that much more difficult than WEP on Linux.
>>
>> Who are "they"?
>>

>They are my parents. They stubbornly refuse to do system
>administration. My dad has used computers since the 60s and yet does
>not want to learn sysadmin stuff etc. Whateverr.

>The threat model is that some resident of their apartments would abuse
>their bandwidth.

Without other evidence just use WEP and do not worry.
If they get their bandwidth abused, then you can persuade your mom to learn
some sysadmin.
Mind you I have not found WPA very hard to do at all. You do have to set up
the modem to use WPA, and your system to do so, but that's it. But if it is
too difficult, let it be. There are more worthwhile things to fight with
your dad about.

General Schvantzkopf writes:

>On Fri, 28 Dec 2007 07:42:13 -0600, Ignoramus14384 wrote:

>> On 2007-12-27, Unruh wrote:
>>> Ignoramus7897 writes:
>>>
>>>>On 2007-12-26, Unruh wrote:
>>>>> Ignoramus4611 writes:
>>>>>
>>>>>>Is 128 bit wep any more secure than 64 bit wep?
>>>>>
>>>>>>This is in context of an apartment building.
>>>>>
>>>>>>The wifi router in question, unfortunately does not support WPA.
>>>>>
>>>>>>How much security do its owners really have?
>>>>>
>>>>> As a previous post says, look at
>>>>> http://www.aircrack-ng.org
>>>>> It claims 3-5 min is enough time to collect enough info ( using
>>>>> active techniques) to crack 128 bit WEP.
>>>>> Of course your attacker must want to crack you,and must have the
>>>>> tools to do
>>>>> so. Unfortunately neither of those are under your control. Thus, yes,
>>>>> WEP is better than nothing. But if y our attacker is determined, it
>>>>> is not much better than nothing. If he is not, then you should be
>>>>> fine.
>>>
>>>>I think that I will start looking for a new WPA capable wifi router.
>>>>This is very unfortunately, as they are unable to set it up by
>>>>themselves.
>>>
>>> Maybe if you were to tell us what your attack threat was, we could help
>>> you more. Ie, if you are worried that the other apartment dwellers will
>>> connect to the internet via your router and dsl connection and hog the
>>> whole bandwidth, then simple WEP is probably sufficient to discourage
>>> them. After using it and discovering that it is not sufficient (ie
>>> finding that your apartment neighbours are using your bandwidth and
>>> using up your quota of bytes transfered from your ISP) then you can
>>> escalate to buying a new wireless router. Or you can simply disable
>>> wireless and use wired connections. Or you can buy a new router ($20 on
>>> boxing week sales).
>>>
>>> WPA is not that much more difficult than WEP on Linux.
>>>
>>> Who are "they"?
>>>
>>>
>> They are my parents. They stubbornly refuse to do system administration.
>> My dad has used computers since the 60s and yet does not want to learn
>> sysadmin stuff etc. Whateverr.
>>
>> The threat model is that some resident of their apartments would abuse
>> their bandwidth.
>>
>> i

>They aren't running any servers so you can close all of their ports on
>their firewall. A firewall plus WEP should be enough for their needs.

Apparently he is not worried about their computer being cracked, but about
some other resident connecting the web through their router and downloading
100G of stuff, causing them to have to pay huge sums to the telco for
overuse of the connection.

On 2007-12-28, Unruh wrote:
> Ignoramus14384 writes:
>
>>On 2007-12-27, Unruh wrote:
>>> Ignoramus7897 writes:
>>>
>>>>On 2007-12-26, Unruh wrote:
>>>>> Ignoramus4611 writes:
>>>>>
>>>>>>Is 128 bit wep any more secure than 64 bit wep?
>>>>>
>>>>>>This is in context of an apartment building.
>>>>>
>>>>>>The wifi router in question, unfortunately does not support WPA.
>>>>>
>>>>>>How much security do its owners really have?
>>>>>
>>>>> As a previous post says, look at
>>>>> http://www.aircrack-ng.org
>>>>> It claims 3-5 min is enough time to collect enough info ( using active
>>>>> techniques) to crack 128 bit WEP.
>>>>> Of course your attacker must want to crack you,and must have the tools to
>>>>> do
>>>>> so. Unfortunately neither of those are under your control. Thus, yes, WEP
>>>>> is better than nothing. But if y our attacker is determined, it is not much
>>>>> better than nothing. If he is not, then you should be fine.
>>>
>>>>I think that I will start looking for a new WPA capable wifi
>>>>router. This is very unfortunately, as they are unable to set it up by
>>>>themselves.
>>>
>>> Maybe if you were to tell us what your attack threat was, we could help you
>>> more. Ie, if you are worried that the other apartment dwellers will connect
>>> to the internet via your router and dsl connection and hog the whole
>>> bandwidth, then simple WEP is probably sufficient to discourage them. After
>>> using it and discovering that it is not sufficient (ie finding that your
>>> apartment neighbours are using your bandwidth and using up your quota of
>>> bytes transfered from your ISP) then you can escalate to buying a new
>>> wireless router. Or you can simply disable wireless and use wired
>>> connections. Or you can buy a new router ($20 on boxing week sales).
>>>
>>> WPA is not that much more difficult than WEP on Linux.
>>>
>>> Who are "they"?
>>>
>
>>They are my parents. They stubbornly refuse to do system
>>administration. My dad has used computers since the 60s and yet does
>>not want to learn sysadmin stuff etc. Whateverr.
>
>>The threat model is that some resident of their apartments would abuse
>>their bandwidth.
>
> Without other evidence just use WEP and do not worry.
> If they get their bandwidth abused, then you can persuade your mom to learn
> some sysadmin.
> Mind you I have not found WPA very hard to do at all. You do have to set up
> the modem to use WPA, and your system to do so, but that's it. But if it is
> too difficult, let it be. There are more worthwhile things to fight with
> your dad about.
>

It is not hard to set up WPA, the problem is that ther old wifi router
only supports WEP. I have WPA at home. While I hate the "keyring"
implementation of NM, stuff actually works.

i

Ignoramus4611 schrieb:
> Is 128 bit wep any more secure than 64 bit wep?
>
> This is in context of an apartment building.
>
> The wifi router in question, unfortunately does not support WPA.
>
> How much security do its owners really have?
If you dont care about the the cypher-strength but just the possibility
of someone using your DSL connection MAC filtering should be sufficient.
Just white-list your own MAC addresses and deny all others.
>
> i