Re: Dumb question abt. Wireless WEP security

JGrimshaw_at_ASAP.com
Date: 01/20/04

  • Next message: David Gillett: "RE: XP security permissions" 
    To: "Vizo Bilisim Ltd." <vizo@vizo.com>
Date: Tue, 20 Jan 2004 12:06:07 -0600

    To hopefully answer your question,

    From my computer in my home, I can access my Wireless Access point.

    Last night, when I turned off the access point, I attached to one in the
    neighborhood that is advertising it's SSID as Linksys. Windows XP
    connected me automatically. I had no choice; I was a hacker because
    Microsoft finds it to be more convenient that way rather than including
    instructions on how to manually connect, if I chose to engage in such
    activities. I surfed the web for free, and briefly considered cancelling
    my cable modem service. After being unable to administratively log in to
    192.168.1.1, despite finding the default password on the internet via the
    connection I inadvertently hijacked, I went to bed after running a ping
    sweep on the subnet and finding I was the only computer connected and my
    connection was slow anyway. All from a regular PCI based wireless card
    with no additional pringles can.

    The other SSID that is being advertised, D-Link, I was unable to connect
    to. It had WEP, and I couldn't connect.

    Moral of this true story that happened just last night: WEP is better
    than nothing. You can complement it (or find an access point and cards
    that cost more than $69 and use 128 bit encryption and eliminate this
    issue entirely) by turning on IPsec between your hosts and servers, using
    MAC layer security, and perhaps a proxy server that authenticates via user
    ID.

    If you do not use anything, someone like me that subscribes to these
    security lists may knock on your door one day, advertising his services.

    "Vizo Bilisim Ltd." <vizo@vizo.com>
    01/20/2004 08:23 AM

    To
    <security-basics@securityfocus.com>
    cc

    Subject
    Dumb question abt. Wireless WEP security

    Hi all,

    There seems a general understanding that WEP is not secure enough, because
    theoretically WEP encyrption can be broken.

    The question is abot the practical usage; how easy it is for WEP to be
    broken?

    Does it suffice to sniff the wireless network for one hour, or do we need
    to
    sniff for few days? What happens if the wireless network is periodically
    stopped let's say every 10 hours for 15 minutes,

    Regards,

    Veli I. Cigirgan
    Vizo Bilisim Sistemleri Ltd.
    Istanbul
    Tel:+90(212)210 2657
    Fax:+90(212)210 3678

    ---------------------------------------------------------------------------
    Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any

    course! All of our class sizes are guaranteed to be 10 students or less.
    We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion
    Prevention,
    and many other technical hands on courses.
    Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
    any course!
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
    course! All of our class sizes are guaranteed to be 10 students or less.
    We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
    and many other technical hands on courses.
    Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
    any course!
    ----------------------------------------------------------------------------

  • Next message: David Gillett: "RE: XP security permissions"

    Relevant Pages

    • RE: Dumb question abt. Wireless WEP security
      ... I don't know if the technology improved any, but when deploying wireless ... You can use WEP in coordination with other ... technologies, VPN, IPSEC, etc to make your network more secure. ... We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion ...
      (Security-Basics)
    • Re: Unable to connect to wireless network
      ... I just want WEP running on this one computer so that I can connect wirelessly. ... It seems as if you have a wireless router that initially was configured to use WEP encryption. ... Both computer 1 and computer 2 could successfully connect to the router (and thus to the Internet) wirelessly. ... the network password showed to correct amount of characters that my connection used to have. ...
      (microsoft.public.windowsxp.network_web)
    • Re: Stupid networking question!!
      ... The WEP password is definitely correct. ... MAC address filtering is usually only configurable for wireless ... Before you start to debug the wireless connection, ...
      (uk.comp.sys.mac)
    • Re: [SLE] DWL-G650 AirPlus and Atheros Communications AR5212
      ... The problem was with WEP it would not connect before the profile loaded, or after it loaded, it would try to connect, see the router, but not issue an IP or display subnet info. WPA-PSK fixed this issue using a passphrase and supplying these credentials in YAST. ... The one thing that doesn't work plug and play is switching from a hard wired connection from the wireless connection. ...
      (SuSE)
    • Re: new to wireless - help!
      ... WEP is a must regardless of the fact your running a firewall. ... Post additional questions concerning wireless networking to the ... my connection cannot be completed. ...
      (microsoft.public.windowsxp.work_remotely)