Re: Dumb question abt. Wireless WEP security

From: Steve Frank (stevefrankrit_at_yahoo.com)
Date: 01/20/04

  • Next message: Rosenhan, David: "RE: Dumb question abt. Wireless WEP security" 
    Date: Tue, 20 Jan 2004 11:46:01 -0800 (PST)
To: "Vizo Bilisim Ltd." <vizo@vizo.com>, security-basics@securityfocus.com

    Hello Everyone,

    I went wardriving with a group of my friends for a
    project around two semi-major roads in the outer-metro
    Rochester NY area. The goal of our project was to
    determine how many wireless access points were
    operational; we also aimed to find out how many were
    using WEP and default SSIDs.

    Although I do not have my numbers with me as I am
    writing this, we found something close to 320 access
    points in a roughly 2 mile circle. Only a one third of
    those access points used WEP. Nearly all of the access
    points had default SSIDs. One of the guys who came
    along wardriving with us proclaimed that wep couldn't
    be broken that easily to which me and one of my good
    friends said that it could definately be broken
    easily. After some debating we decided to look into
    the matter further...

    We found that most standard WEP implementations can be
    broken in about 3-8 hours (assuming a small network of
    around 3 devices constantly communicating). From what
    I've been told form a variety of sources a 128-bit key
    can be broken in less than week's time even if the
    number of systems using the access point is small.
    Obviously the more traffic that is generated the
    easier the job of cracking the key will become.

    Further research indiciated that even the 128 bit WEP
    key had 40-something leading bits of plain text (which
    aparantly is required for the algorithm to work).
    Those 40-something leading bits are the catalyist for
    the cracking algorithm aparantly.

    If anyone has more information on the specific
    duration it takes to break a WEP-key I would be very
    interested to hear about it. (Don't forget to include
    the number of hosts that are on the network if you can
    determine it).

    Thanks in advance,

    Steven Frank

    President,
    SPARSA (Security Practices and Research Student
    Association)
    www.sparsa.org

    --- "Vizo Bilisim Ltd." <vizo@vizo.com> wrote:
    > Hi all,
    >
    > There seems a general understanding that WEP is not
    > secure enough, because
    > theoretically WEP encyrption can be broken.
    >
    > The question is abot the practical usage; how easy
    > it is for WEP to be
    > broken?
    >
    > Does it suffice to sniff the wireless network for
    > one hour, or do we need to
    > sniff for few days? What happens if the wireless
    > network is periodically
    > stopped let's say every 10 hours for 15 minutes,
    >
    > Regards,
    >
    > Veli I. Cigirgan
    > Vizo Bilisim Sistemleri Ltd.
    > Istanbul
    > Tel:+90(212)210 2657
    > Fax:+90(212)210 3678
    >
    >
    >
    ---------------------------------------------------------------------------
    > Ethical Hacking at InfoSec Institute. Mention this
    > ad and get $720 off any
    > course! All of our class sizes are guaranteed to be
    > 10 students or less.
    > We provide Ethical Hacking, Advanced Ethical
    > Hacking, Intrusion Prevention,
    > and many other technical hands on courses.
    > Visit us at
    > http://www.infosecinstitute.com/securityfocus to get
    > $720 off
    > any course!
    >
    ----------------------------------------------------------------------------
    >

    __________________________________
    Do you Yahoo!?
    Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
    http://hotjobs.sweepstakes.yahoo.com/signingbonus

    ---------------------------------------------------------------------------
    Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
    course! All of our class sizes are guaranteed to be 10 students or less.
    We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
    and many other technical hands on courses.
    Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
    any course!
    ----------------------------------------------------------------------------

  • Next message: Rosenhan, David: "RE: Dumb question abt. Wireless WEP security"

    Relevant Pages

    • RE: Dumb question abt. Wireless WEP security
      ... I have cracked WEP and it is not a picnic, ... the amount of time required to obtain enough weak IV's on the network ... We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, ...
      (Security-Basics)
    • RE: Wireless access
      ... Then implement WEP over the wireless network. ... But do keep in mind, if there's any kind of h4x0r in the neighborhood, even the WEP can be cracked. ... > Ethical Hacking at the InfoSec Institute. ...
      (Security-Basics)
    • RE: Dumb question abt. Wireless WEP security
      ... Thereby with a sniff for a very short time the insider may catch and use a real address of the wireless network and inject traffic, or use the network to another tasks for example. ... I think that this is the way to obtain minor time to hack WEP. ... Even with a truly strong WEP key I ... > We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion ...
      (Security-Basics)
    • RE: Dumb question abt. Wireless WEP security
      ... Wireless WEP security ... Does it suffice to sniff the wireless network for one hour, ... We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, ... and many other technical hands on courses. ...
      (Security-Basics)
    • Re: Dumb question abt. Wireless WEP security
      ... WEP, part of the key is transmitted in plain-text. ... Even with a truly strong WEP key I ... > From my computer in my home, I can access my Wireless Access point. ... > We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion ...
      (Security-Basics)