WEP - how easy is it to defeat?

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View


I am a newbie, so pls be gentle ...  :-)
How easy is it to defeat WEP? From reading the the news traffic in this
group it seemed that many people are having trouble with WPA (PSK?) so
I have not gone with it, yet. Currently I am only enabling WEP (
10-digit hex network connection) and SSID hidden/not broadcast.  Is
there a tool that people use to sniff un-encrypted wifi signal and
extract this network login key or something like that?  I think it
would help other newbie too if someone can give info on how these
things are hacked. Thanks.


Re: WEP - how easy is it to defeat?


cmdrdata wrote:

Quoted text here. Click to load it
I don't know specifics on the subject (a google search would probably be
enlightening), but there is software available which can break a WEP key
in a very short time if there is sufficient traffic (say a minute?).

Not broadcasting the SSID is worthless as is filtering MAC addresses.

WEP is fine for preventing someone from inadvertently connecting to your
network, but not for security.

If you don't want someone to connect to your network, use WPA or WPA2
with a good, long passphrase (one that is not easily discovered with a
dictionary attack).


Re: WEP - how easy is it to defeat?


ok, here's my setup and help me understand if I am at risk: two laptops
on wifi, both are mostly "off" when not in use (hibernate or standby).
My desktop (hard wired 10BaseT) is also powered off when not in use.
Shared printer connected to the router is always on, and I live in the
suburb. Nothing else is shared between these PCs. However, my DSL is
always connected to the internet.  Is this a high risk setup with just
WEP?

Another question: When I bring my laptop in the car, I can drive around
and see many wifi signal with 50% says unsecured, and some of them have
SSID=default.  So If I stopped in a parking lot and connect to this
network to access the internet using someone's  unsecured wifi network,
is there a law against that yet (I am sure there will be one soon).


Re: WEP - how easy is it to defeat?


cmdrdata wrote:

Quoted text here. Click to load it
The laws in most places are not clear about connecting to unsecured
networks. In some places you can be charged -- but it is also hard to
determine who connected to an unsecured network.

Another reason it is unclear is that it is easy to connect to an
unsecured network inadvertently. Where I live, there has been no other
wireless network near enough to register at my home until recently.
About a week ago, I noticed I couldn't connect to my network printer.
Discovered my wireless card had connected to my neighbor's unsecured
network instead of my own network. Easy enough to fix, but very easy to
happen.

Systems which are powered off are not at risk. If any system is running,
it can compromise your network. If anyone breaks your WEP encryption,
they can access your access point at any time, since it is always on. If
someone using your AP engages in illegal activity through your IP, that
activity could be attributed to you.

It is not very probable that anyone will misuse your network or even
want to break in (until just recently, my AP was unsecured), but if you
are concerned, you should use WPA.

Re: WEP - how easy is it to defeat?


Unencrypted WLAN traffic can be intercepted VERY easy, see this
screenshot for an example:
http://www.iopus.com/iPig/images/wlan-hotspot-intercept.png


Re: WEP - how easy is it to defeat?



Quoted text here. Click to load it

See
<http://www.oreillynet.com/pub/a/wireless/excerpt/wirlsshacks_chap1/inde
x.html>.

In 2003, Rob Flickenger cracked a WEP key after sniffing about 90
minutes of traffic on a busy 802.11b network. (The "hidden" SSID was
detected in seconds.) Today, a similarly saturated 802.11g network could
be cracked in even less time. That doesn't mean WEP is worthless. It's
still better than nothing, but it's just not a significant hurdle for a
determined attacker.

As for reported problems with WPA, remember that Usenet always
exaggerates the negative: people don't post about problems they aren't
having. WPA has been around for a while, and lots of people are using it
successfully. Try it. If it works for you, there's no reason to stick
with WEP.


Re: WEP - how easy is it to defeat?


Of course it would be better to have security than not
have security. But, getting an access code requires dedication,
skill, talent, know-how, time and hard work.. Not just any
run-of-the-mill hacker can do it. A person would need a
reason to get a code. Plus generally a long transmission would
be required.  Generally a professional would be needed
and professionals have to be paid, usually. I don't flatter
my ego by thinking that such a person will be attracted to
my AP. Some of the security scare is promoted by orgs.
who sell their wares to you..IMHOP



Re: WEP - how easy is it to defeat?


My thinking is more in line with Hank.  As long as the casual user
don't have an easy access to my network, I think that I am quite safe.
OTOH, say that I am traveling with my my wifi laptop, found an
"unsecured" AP, and unbeknowsnt to me this was a "scam" setup by  a
scrupulous operator to retrieve critical data from anyone that uses
that network, then I'd be in real trouble.... Say this person is
sniffing my TCP/IP traffic and extracting bank account info, login
password etc. I mean don't we all at one or another use the hotel
network or other legit wifi AP to check our bank statements etc.?  This
brings up another point that I also am experiencing: my WZC is dropping
 one connection and trying to connect to other network it sees, and
then it goes back to the previous network.


Re: WEP - how easy is it to defeat?



Quoted text here. Click to load it

Your original post asked how easy it was to crack WEP. As you have
learned, WEP can now be cracked in a few minutes. Your original post
also implied an interest in the relative merits of WEP versus WPA. If
you are willing to use wireless encryption, and WPA is supported by your
hardware and OS, there's no reason to use WEP.

As for whether you should use wireless security at all, that's obviously
your call. I live in a pretty safe wireless data environment, and I
don't transmit sensitive information over my wireless LAN; but I use
WPA. Why? Because it's really cheap insurance.

Quoted text here. Click to load it

This might have something to do with your SSID being hidden. Encryption
will also eliminate the risk of broadcasting your SSID to "casual"
users: they'll be able to see it, but they won't be able to do anything
with it.


Re: WEP - how easy is it to defeat?


cmdrdata wrote:
Quoted text here. Click to load it

There is a big difference between securing your network and what you
choose to do on someone else's network.

Quoted text here. Click to load it

You can try unchecking "Automatically connect to non-preferred networks"
in your wireless setup, though I'm not at all sure how effective this is.
--
Smartin

Re: WEP - how easy is it to defeat?


Quoted text here. Click to load it

That data should be SSL protected.

Re: WEP - how easy is it to defeat?


[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]


Quoted text here. Click to load it

Until a neighbor kid thinks cracking is cool.  Hint: You aren't safe at all.

--
Best regards,        HELP FOR CINGULAR GSM & SONY ERICSSON PHONES:
John Navas           <http://navasgrp.home.att.net/#Cingular

Re: WEP - how easy is it to defeat?


cmdrdata wrote:

Quoted text here. Click to load it

That's odd logic.  The casual user is only hogging your bandwidth.  You can
fix them with many routers just by playing with the Quality of Service
settings, so that they can't create an accidental DOS.

The determined hacker _isn't_ just going to use your bandwidth - they're the
only ones you need to keep out.
--
derek

Re: WEP - how easy is it to defeat?


cmdrdata wrote:
Quoted text here. Click to load it

This article
http://www.tomsnetworking.com/Sections-article111.php
does a great job of explaining how WEP can be broken using a handful of
free tools. The technique is not for noobs, but far from beyond the
realm of possibility for a weekend hacker.

--
Smartin

Re: WEP - how easy is it to defeat?


There is precedent in the UK for unauthorised WLAN access being a
criminal offence:

http://news.bbc.co.uk/1/hi/technology/4721723.stm

WPA works just as well as WEP as is far more secure.  Use WPA-PSK (Pre
Shared Key), with a strong key (letters, symbols & numbers, and nothing
in the dictionary) - keep this key to yourself.


Re: WEP - how easy is it to defeat?


[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]


Quoted text here. Click to load it

All-in-one WEP cracking tools, suitable for noobs, are now readily available.

--
Best regards,        HELP FOR CINGULAR GSM & SONY ERICSSON PHONES:
John Navas           <http://navasgrp.home.att.net/#Cingular

Site Timeline