Re: Wireless Pent-Test

From: Matthew Leeds (mleeds_at_theleeds.net)
Date: 10/06/03

  • Next message: Cuthbert, Daniel: "RE: Web application security testing pricing"
    Date: Mon, 06 Oct 2003 09:50:46 -0700
    To: pen-test@securityfocus.com
    
    

    OK, I keep hearing about how simple it is to crack WEP using a variety of tools. I also keep hearing that some WLAN hardware manfacturers have modified their firmware to eliminate the generation of 'weak' WEP keys. Has anyone investigated this sufficiently to authortatively discuss whether the 'removal' of weak keys reduces/eliminates the risk of WEP? Whether it renders the current generation of tools for cracking WEP ineffective?

    Some references:
    http://www.agere.com/NEWS/PRESS2001/111201b.html
    http://www.ydi.com/deployinfo/wp-wep-plus.php

    ---Matthew
    *********** REPLY SEPARATOR ***********

    On 10/6/2003 at 5:09 PM Daniel Nylander wrote:

    >Getting the WEP-key from a WLAN is "pretty" simple.
    >Download airsnort, wepcrack, kismet and other usefull tools.. then capture
    >enough packets to wepcrack and .. voila!
    >
    >Daniel
    >
    >----- Original Message -----
    >From: "Cesar Diaz" <cesadiz@yahoo.com>
    >To: <pen-test@securityfocus.com>
    >Sent: Sunday, October 05, 2003 3:16 AM
    >Subject: Wireless Pent-Test
    >
    >
    >>
    >>
    >> Remote users in my company have been begging for permission to use
    >wireless NICs in their laptops for awhile now. When they are not on the
    >road, most of them work from home and would like to be able to use their
    >laptops anywhere in their house.
    >>
    >> Due to our industry and business requierements, we have to document every
    >process and method used to access our data and prove that we've tested the
    >security of our data.In order to let the users go wireless I have to show
    >that I've tested the security on a wireless network.
    >>
    >> Our idea is to let the users buy wireless routers to connect to their
    >cable/dsl routers and then wireless PCMCIA or USB cards on the laptop. We
    >would implement 128 bit WEP security to prevent unauthorized access. I
    >realize that WEP does not provide for stringent security, but we feel that
    >by forcing users to change their WEP key regularly we can meet our
    >requierements.
    >>
    >> My question is, how do I test WEP and document wether or not it's secure?
    >Any way to sniff for WEP keys, or to brute force attack a WEP session? If
    >there is, how hard is it to set up? How much of a risk of a wireless
    >connection with WEP enabled to be comprimised other than a dedicated, brute
    >force attack?
    >>
    >> Any information is greatly appreciated.
    >>
    >>
    >> Cesar
    >>
    >>
    >--------------------------------------------------------------------------
    >-
    >> Tired of constantly searching the web for the latest exploits?
    >> Tired of using 300 different tools to do one job?
    >> Get CORE IMPACT and get some rest.
    >> www.coresecurity.com/promos/sf_ept2
    >>
    >--------------------------------------------------------------------------
    >--
    >>
    >>
    >
    >
    >
    >---------------------------------------------------------------------------
    >Tired of constantly searching the web for the latest exploits?
    >Tired of using 300 different tools to do one job?
    >Get CORE IMPACT and get some rest.
    >www.coresecurity.com/promos/sf_ept2
    >----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Tired of constantly searching the web for the latest exploits?
    Tired of using 300 different tools to do one job?
    Get CORE IMPACT and get some rest.
    www.coresecurity.com/promos/sf_ept2
    ----------------------------------------------------------------------------


  • Next message: Cuthbert, Daniel: "RE: Web application security testing pricing"

    Relevant Pages

    • RE: [Full-Disclosure] Wireless ISPs
      ... If they put WEP in, that's one more thing for customer to do and they'll ... Therefore end-user security ... Im using this venue to influence several wireless ISPs ... >> All transactions done via secure websites are ...
      (Full-Disclosure)
    • Re: Wireless Pent-Test
      ... Download airsnort, wepcrack, kismet and other usefull tools.. ... Subject: Wireless Pent-Test ... that I've tested the security on a wireless network. ... would implement 128 bit WEP security to prevent unauthorized access. ...
      (Pen-Test)
    • Re: wireless network security best practice?
      ... >> look at the type of traffic you're running on your wireless network, ... >> both in terms of security sensitivity and traffic volume. ... >> One of the big issues with wireless is that your radio waves from your ... >> at a time to gather enough data to crack my 128 bit WEP code. ...
      (comp.os.linux.networking)
    • Re: WAP or WEP
      ... networked computers, printers, etc have to share the same level of encryption? ... No Security ... The documentation of your Wireless devices (Wireless Router, ... WEP, to whole system must be configured to WEP. ...
      (microsoft.public.windowsxp.network_web)
    • Re: wireless network security best practice?
      ... >> We have a local wireless net. ... Is 128 bit WEP and MAC filtering ... > look at the type of traffic you're running on your wireless network, ... > both in terms of security sensitivity and traffic volume. ...
      (comp.os.linux.networking)