Is anyone aware of a free (GPL) alternative wireless client for Windows? I cannot use the client in Windows XP as it does not support LEAP.
- posted
18 years ago
Is anyone aware of a free (GPL) alternative wireless client for Windows? I cannot use the client in Windows XP as it does not support LEAP.
LEAP is worse than WEP. It's susceptible to a highly efficient dictionary crack and once you have the username and password, you have...the username and password - valid credentials for the network. Capture the admin logging on and your network isn't yours anymore.
At least with WEP all you've lost is a network connection!
Even Cisco gave up on LEAP as not worth fixing, you might want to pass by also.
I'm afraid don't have a choice in the matter and I have to use LEAP.
LEAP is just the authentication scheme and uses WEP (which alternates the WEP keys every 5 minutes). IMHO, it's better than just using WEP and follows the intentions of the WPA standard. From what I understand LEAP was the result of WEPs lack of security and intended as a holdover until WPA (perhaps it was WPA2) was approved and used, and so it was intended to be abonded eventually. I don't claim to know everything about wireless technologies, so feel free to correct me if I'm wrong.
Per Wikipedia:
Plus, I'm quoting Wikipedia, so that may be wrong, and anemic, as well.
Any> > Is anyone aware of a free (GPL) alternative wireless client for
You need to read about the asleap tool. Basically, you catch the authentication, then perform a super quick dictionary crack and you have the users login credentials.
Yes it's the authentication and rotates WEP keys but the fact that the credentials can be compromised very quickly gives the attacker a network login, worse than WEP.
Can you at least not do an 802.1x solution or failing that just a VPN because any amount of googling for LEAP flaw will enlighten you.
David.
Thanks for the info on LEAP - it is very interesting.
I'm afriad the authentication and encryption method is not up to me. I just need a free wireless client which supports LEAP. I'm assuming my chances are slim to none.
David Taylor wrote: Can you at least not do an 802.1x solution or failing that just a VPN because any amount of googling for LEAP flaw will enlighten you. David.
Possibly, not much point writing a client for a broken authentication scheme I guess? You could always educate the person who makes the decision about the config.
David.
There are a couple major reasons why LEAP was used. I won't go into a long history of it, but it's still in use because of our favorite argument: not enough money, time and effort are available to make a change - yet. It foot the bill at the time of implementation.
David Taylor wrote:
It was a good idea years ago when Cisco wanted to have something better than static WEP but the world has moved on - a long way! :)
LEAP was cracked, it was proprietary, times change.
David.
Just to jump in, I don't think there is a LEAP client add on available for Windows to be had in GPL form. The insecure nature of LEAP insures that very few to (you may be the only one in the world) no one would be interested in client software for it. When you think about it, why would someone take the time to write code for something no one would be interested in using?
Good luck in your search, but don't be surprised if nothing turns up. I understand your problem. I really think you and the powers that be need to discuss this issue at some point. I understand ca$h issues, but how much will a compromised network co$t? Again though not your call I understand...
fundamentalism, fundamentally wrong.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.