Go Back   Wireless and Wifi Forums > News > Newsgroups > alt.internet.wireless
Register FAQ Forum Rules Members List Calendar Search Today's Posts Advertise Mark Forums Read

 
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 10-24-2005, 03:39 PM
cmdrdata
Guest
 
Posts: n/a
Default WEP - how easy is it to defeat?

I am a newbie, so pls be gentle ... :-)
How easy is it to defeat WEP? From reading the the news traffic in this
group it seemed that many people are having trouble with WPA (PSK?) so
I have not gone with it, yet. Currently I am only enabling WEP (
10-digit hex network connection) and SSID hidden/not broadcast. Is
there a tool that people use to sniff un-encrypted wifi signal and
extract this network login key or something like that? I think it
would help other newbie too if someone can give info on how these
things are hacked. Thanks.


Reply With Quote
  #2 (permalink)  
Old 10-24-2005, 04:16 PM
Jerry Park
Guest
 
Posts: n/a
Default Re: WEP - how easy is it to defeat?

cmdrdata wrote:

>I am a newbie, so pls be gentle ... :-)
>How easy is it to defeat WEP? From reading the the news traffic in this
>group it seemed that many people are having trouble with WPA (PSK?) so
>I have not gone with it, yet. Currently I am only enabling WEP (
>10-digit hex network connection) and SSID hidden/not broadcast. Is
>there a tool that people use to sniff un-encrypted wifi signal and
>extract this network login key or something like that? I think it
>would help other newbie too if someone can give info on how these
>things are hacked. Thanks.
>
>
>

I don't know specifics on the subject (a google search would probably be
enlightening), but there is software available which can break a WEP key
in a very short time if there is sufficient traffic (say a minute?).

Not broadcasting the SSID is worthless as is filtering MAC addresses.

WEP is fine for preventing someone from inadvertently connecting to your
network, but not for security.

If you don't want someone to connect to your network, use WPA or WPA2
with a good, long passphrase (one that is not easily discovered with a
dictionary attack).

Reply With Quote
  #3 (permalink)  
Old 10-24-2005, 04:52 PM
cmdrdata
Guest
 
Posts: n/a
Default Re: WEP - how easy is it to defeat?

ok, here's my setup and help me understand if I am at risk: two laptops
on wifi, both are mostly "off" when not in use (hibernate or standby).
My desktop (hard wired 10BaseT) is also powered off when not in use.
Shared printer connected to the router is always on, and I live in the
suburb. Nothing else is shared between these PCs. However, my DSL is
always connected to the internet. Is this a high risk setup with just
WEP?

Another question: When I bring my laptop in the car, I can drive around
and see many wifi signal with 50% says unsecured, and some of them have
SSID=default. So If I stopped in a parking lot and connect to this
network to access the internet using someone's unsecured wifi network,
is there a law against that yet (I am sure there will be one soon).


Reply With Quote
  #4 (permalink)  
Old 10-24-2005, 06:00 PM
Jerry Park
Guest
 
Posts: n/a
Default Re: WEP - how easy is it to defeat?

cmdrdata wrote:

>ok, here's my setup and help me understand if I am at risk: two laptops
>on wifi, both are mostly "off" when not in use (hibernate or standby).
>My desktop (hard wired 10BaseT) is also powered off when not in use.
>Shared printer connected to the router is always on, and I live in the
>suburb. Nothing else is shared between these PCs. However, my DSL is
>always connected to the internet. Is this a high risk setup with just
>WEP?
>
>Another question: When I bring my laptop in the car, I can drive around
>and see many wifi signal with 50% says unsecured, and some of them have
>SSID=default. So If I stopped in a parking lot and connect to this
>network to access the internet using someone's unsecured wifi network,
>is there a law against that yet (I am sure there will be one soon).
>
>
>

The laws in most places are not clear about connecting to unsecured
networks. In some places you can be charged -- but it is also hard to
determine who connected to an unsecured network.

Another reason it is unclear is that it is easy to connect to an
unsecured network inadvertently. Where I live, there has been no other
wireless network near enough to register at my home until recently.
About a week ago, I noticed I couldn't connect to my network printer.
Discovered my wireless card had connected to my neighbor's unsecured
network instead of my own network. Easy enough to fix, but very easy to
happen.

Systems which are powered off are not at risk. If any system is running,
it can compromise your network. If anyone breaks your WEP encryption,
they can access your access point at any time, since it is always on. If
someone using your AP engages in illegal activity through your IP, that
activity could be attributed to you.

It is not very probable that anyone will misuse your network or even
want to break in (until just recently, my AP was unsecured), but if you
are concerned, you should use WPA.

Reply With Quote
  #5 (permalink)  
Old 10-24-2005, 06:29 PM
peter20052005@mailinator.com
Guest
 
Posts: n/a
Default Re: WEP - how easy is it to defeat?

Unencrypted WLAN traffic can be intercepted VERY easy, see this
screenshot for an example:
http://www.iopus.com/iPig/images/wla...-intercept.png


Reply With Quote
  #6 (permalink)  
Old 10-24-2005, 07:26 PM
Neill Massello
Guest
 
Posts: n/a
Default Re: WEP - how easy is it to defeat?

cmdrdata <cmdrdata@mail.com> wrote:

> I am a newbie, so pls be gentle ... :-)
> How easy is it to defeat WEP? From reading the the news traffic in this
> group it seemed that many people are having trouble with WPA (PSK?) so
> I have not gone with it, yet. Currently I am only enabling WEP (
> 10-digit hex network connection) and SSID hidden/not broadcast. Is
> there a tool that people use to sniff un-encrypted wifi signal and
> extract this network login key or something like that? I think it
> would help other newbie too if someone can give info on how these
> things are hacked.


See
<http://www.oreillynet.com/pub/a/wire...cks_chap1/inde
x.html>.

In 2003, Rob Flickenger cracked a WEP key after sniffing about 90
minutes of traffic on a busy 802.11b network. (The "hidden" SSID was
detected in seconds.) Today, a similarly saturated 802.11g network could
be cracked in even less time. That doesn't mean WEP is worthless. It's
still better than nothing, but it's just not a significant hurdle for a
determined attacker.

As for reported problems with WPA, remember that Usenet always
exaggerates the negative: people don't post about problems they aren't
having. WPA has been around for a while, and lots of people are using it
successfully. Try it. If it works for you, there's no reason to stick
with WEP.


Reply With Quote
  #7 (permalink)  
Old 10-24-2005, 09:46 PM
Hank
Guest
 
Posts: n/a
Default Re: WEP - how easy is it to defeat?

Of course it would be better to have security than not
have security. But, getting an access code requires dedication,
skill, talent, know-how, time and hard work.. Not just any
run-of-the-mill hacker can do it. A person would need a
reason to get a code. Plus generally a long transmission would
be required. Generally a professional would be needed
and professionals have to be paid, usually. I don't flatter
my ego by thinking that such a person will be attracted to
my AP. Some of the security scare is promoted by orgs.
who sell their wares to you..IMHOP



Reply With Quote
  #8 (permalink)  
Old 10-24-2005, 11:33 PM
Smartin
Guest
 
Posts: n/a
Default Re: WEP - how easy is it to defeat?

cmdrdata wrote:
> I am a newbie, so pls be gentle ... :-)
> How easy is it to defeat WEP? From reading the the news traffic in this
> group it seemed that many people are having trouble with WPA (PSK?) so
> I have not gone with it, yet. Currently I am only enabling WEP (
> 10-digit hex network connection) and SSID hidden/not broadcast. Is
> there a tool that people use to sniff un-encrypted wifi signal and
> extract this network login key or something like that? I think it
> would help other newbie too if someone can give info on how these
> things are hacked. Thanks.
>


This article
http://www.tomsnetworking.com/Sections-article111.php
does a great job of explaining how WEP can be broken using a handful of
free tools. The technique is not for noobs, but far from beyond the
realm of possibility for a weekend hacker.

--
Smartin

Reply With Quote
  #9 (permalink)  
Old 10-25-2005, 11:59 AM
__spc__
Guest
 
Posts: n/a
Default Re: WEP - how easy is it to defeat?

There is precedent in the UK for unauthorised WLAN access being a
criminal offence:

http://news.bbc.co.uk/1/hi/technology/4721723.stm

WPA works just as well as WEP as is far more secure. Use WPA-PSK (Pre
Shared Key), with a strong key (letters, symbols & numbers, and nothing
in the dictionary) - keep this key to yourself.


Reply With Quote
  #10 (permalink)  
Old 10-25-2005, 08:09 PM
cmdrdata
Guest
 
Posts: n/a
Default Re: WEP - how easy is it to defeat?

My thinking is more in line with Hank. As long as the casual user
don't have an easy access to my network, I think that I am quite safe.
OTOH, say that I am traveling with my my wifi laptop, found an
"unsecured" AP, and unbeknowsnt to me this was a "scam" setup by a
scrupulous operator to retrieve critical data from anyone that uses
that network, then I'd be in real trouble.... Say this person is
sniffing my TCP/IP traffic and extracting bank account info, login
password etc. I mean don't we all at one or another use the hotel
network or other legit wifi AP to check our bank statements etc.? This
brings up another point that I also am experiencing: my WZC is dropping
one connection and trying to connect to other network it sees, and
then it goes back to the previous network.


Reply With Quote
  #11 (permalink)  
Old 10-25-2005, 09:07 PM
Neill Massello
Guest
 
Posts: n/a
Default Re: WEP - how easy is it to defeat?

cmdrdata <cmdrdata@mail.com> wrote:

> My thinking is more in line with Hank. As long as the casual user
> don't have an easy access to my network, I think that I am quite safe.


Your original post asked how easy it was to crack WEP. As you have
learned, WEP can now be cracked in a few minutes. Your original post
also implied an interest in the relative merits of WEP versus WPA. If
you are willing to use wireless encryption, and WPA is supported by your
hardware and OS, there's no reason to use WEP.

As for whether you should use wireless security at all, that's obviously
your call. I live in a pretty safe wireless data environment, and I
don't transmit sensitive information over my wireless LAN; but I use
WPA. Why? Because it's really cheap insurance.

> OTOH, say that I am traveling with my my wifi laptop, found an
> "unsecured" AP, and unbeknowsnt to me this was a "scam" setup by a
> scrupulous operator to retrieve critical data from anyone that uses
> that network, then I'd be in real trouble.... Say this person is
> sniffing my TCP/IP traffic and extracting bank account info, login
> password etc. I mean don't we all at one or another use the hotel
> network or other legit wifi AP to check our bank statements etc.? This
> brings up another point that I also am experiencing: my WZC is dropping
> one connection and trying to connect to other network it sees, and
> then it goes back to the previous network.


This might have something to do with your SSID being hidden. Encryption
will also eliminate the risk of broadcasting your SSID to "casual"
users: they'll be able to see it, but they won't be able to do anything
with it.


Reply With Quote
  #12 (permalink)  
Old 10-25-2005, 09:45 PM
Smartin
Guest
 
Posts: n/a
Default Re: WEP - how easy is it to defeat?

cmdrdata wrote:
> My thinking is more in line with Hank. As long as the casual user
> don't have an easy access to my network, I think that I am quite safe.
> OTOH, say that I am traveling with my my wifi laptop, found an
> "unsecured" AP, and unbeknowsnt to me this was a "scam" setup by a
> scrupulous operator to retrieve critical data from anyone that uses
> that network, then I'd be in real trouble.... Say this person is
> sniffing my TCP/IP traffic and extracting bank account info, login
> password etc. I mean don't we all at one or another use the hotel
> network or other legit wifi AP to check our bank statements etc.?


There is a big difference between securing your network and what you
choose to do on someone else's network.

> This
> brings up another point that I also am experiencing: my WZC is dropping
> one connection and trying to connect to other network it sees, and
> then it goes back to the previous network.
>


You can try unchecking "Automatically connect to non-preferred networks"
in your wireless setup, though I'm not at all sure how effective this is.
--
Smartin

Reply With Quote
  #13 (permalink)  
Old 10-25-2005, 10:25 PM
David Taylor
Guest
 
Posts: n/a
Default Re: WEP - how easy is it to defeat?

> that network, then I'd be in real trouble.... Say this person is
> sniffing my TCP/IP traffic and extracting bank account info, login
> password etc. I mean don't we all at one or another use the hotel
> network or other legit wifi AP to check our bank statements etc.? This


That data should be SSL protected.

Reply With Quote
  #14 (permalink)  
Old 10-26-2005, 12:16 AM
John Navas
Guest
 
Posts: n/a
Default Re: WEP - how easy is it to defeat?

[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

In <1130270978.629921.148240@o13g2000cwo.googlegroups .com> on 25 Oct 2005
13:09:38 -0700, "cmdrdata" <cmdrdata@mail.com> wrote:

>My thinking is more in line with Hank. As long as the casual user
>don't have an easy access to my network, I think that I am quite safe.
>...


Until a neighbor kid thinks cracking is cool. Hint: You aren't safe at all.

--
Best regards, HELP FOR CINGULAR GSM & SONY ERICSSON PHONES:
John Navas <http://navasgrp.home.att.net/#Cingular>

Reply With Quote
  #15 (permalink)  
Old 10-26-2005, 12:17 AM
John Navas
Guest
 
Posts: n/a
Default Re: WEP - how easy is it to defeat?

[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

In <g-mdndT_lPzV8sDeRVn-qw@giganews.com> on Mon, 24 Oct 2005 19:33:25 -0400,
Smartin <smartin108@yahoo.com> wrote:

>cmdrdata wrote:
>> I am a newbie, so pls be gentle ... :-)
>> How easy is it to defeat WEP? From reading the the news traffic in this
>> group it seemed that many people are having trouble with WPA (PSK?) so
>> I have not gone with it, yet. Currently I am only enabling WEP (
>> 10-digit hex network connection) and SSID hidden/not broadcast. Is
>> there a tool that people use to sniff un-encrypted wifi signal and
>> extract this network login key or something like that? I think it
>> would help other newbie too if someone can give info on how these
>> things are hacked. Thanks.

>
>This article
>http://www.tomsnetworking.com/Sections-article111.php
>does a great job of explaining how WEP can be broken using a handful of
>free tools. The technique is not for noobs, but far from beyond the
>realm of possibility for a weekend hacker.


All-in-one WEP cracking tools, suitable for noobs, are now readily available.

--
Best regards, HELP FOR CINGULAR GSM & SONY ERICSSON PHONES:
John Navas <http://navasgrp.home.att.net/#Cingular>

Reply With Quote
  #16 (permalink)  
Old 10-26-2005, 01:33 PM
Derek Broughton
Guest
 
Posts: n/a
Default Re: WEP - how easy is it to defeat?

cmdrdata wrote:

> My thinking is more in line with Hank. As long as the casual user
> don't have an easy access to my network, I think that I am quite safe.


That's odd logic. The casual user is only hogging your bandwidth. You can
fix them with many routers just by playing with the Quality of Service
settings, so that they can't create an accidental DOS.

The determined hacker _isn't_ just going to use your bandwidth - they're the
only ones you need to keep out.
--
derek

Reply With Quote
Reply


« How many Google wireless access points for San Francisco? | Hi.Any body knows FWA? »
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Ringtones on E815 easy! Larry alt.cellular.verizon 0 03-24-2007 06:48 AM
easy access mobi domains John uk.telecom.mobile 2 11-27-2006 09:08 AM
Just installed a PC Power & Cooling supply in Dell - easy to install The poster formerly known as Colleyville Alan alt.comp.hardware 6 11-22-2006 02:28 AM
HOw easy is it to remove all 3 branding from my N70 Mikey alt.cellular.nokia 5 10-28-2006 03:17 PM
easy cash Rangersword3 alt.comp.hardware 2 07-27-2005 01:55 PM


All times are GMT. The time now is 08:36 PM.



Powered by vBulletin® Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.0 PL2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45