[TriLUG] WEP insecure? What else?
ianmeyer at gmail.com
Tue Aug 24 23:26:48 EDT 2004
for research purpouses of course, i cracked a 40 bit key over the
suimmer, and it was really easy. i just captured packets for about 30
minutes, and then ran a newshams crack or something against it to
extract the key, but have no experience with 120 bit.
soon, though, i might have a spare wireless network to play with
around the house here, and might see if i can crack it at the higher
On Tue, 24 Aug 2004 16:09:11 -0400, Aaron S. Joyner <aaron at joyner.ws> wrote:
> Jim Thompson wrote:
> >Hi all,
> >I've seen several posts to the effect of "never use WEP because it's
> >incredibly easy to break". To test this, I've been using Airsnort to
> >monitor my own 128-WEP network at home. I've been capturing packets
> >for awhile now and have only one "interesting" packet. This link:
> >seems to say similar things: guy captures millions of packets and gets
> >only one "interesting" one. Has anyone actually *used* Airsnort or
> >some other sniffing tool to successfully crack a 128bit WEP-enabled
> >wireless link before (and not just "I've heard it's really easy to
> >kr4ck LOL")? How long is a practical window on a home connection
> >before enough "interesting" packets get collected (even assuming that
> >the network is relatively busy instead of idle most of the time)? Is
> >the risk of a neighbor cracking your WEP really practical? Certainly,
> >if it takes days or weeks to get enough packets, that sort of rules
> >out the casual wardriver, right?
> First off, Kudos to you for not taking the parrot's word for it, and
> testing the methods yourself. This is the right way to look at the
> world, in my humble (yet accurate) opinion. Having done the same thing
> myself in the past, I can say that your initial assertions are correct -
> on your average residential network, with passive methods, it can take a
> long time to crack a WEP key. On the other hand, on a very busy
> network, or if you consider the possibility of injection, things change
> very quickly.
> I have tinkered with this method under KisMac, for OS X, and it requires
> two wireless NICs in the same box. I haven't tried it under Linux with
> AirSnort, but I'd be really surprised if AirSnort didn't support
> something along the same lines in terms of functionality. Here's an
> excerpt from the KisMac docs that describes how it works:
> > Packet reinjection is a very advanced WEP cracking technique. Be aware
> > that this is the bleeding edge of technology, so it might not be
> > working right away. When you use this attack, KisMAC will try to find
> > packets, that cause another computer to respond. The program will now
> > send these packets over and over again. If KisMAC detects answers, it
> > will go into injection mode. Now the network will generate huge
> > amounts of traffic, and more weak frames will be generated. Wireless
> > networks with WEP can be broken within an hour.
> > Please be aware that all detections are of a heurisitic nature,
> > therefore it might not always be working.
> > *Note: Packet re-injection requires a PrismII as well as a Apple
> > Airport card. Make sure that the PrismII card uses the latest
> > firmware. Please select the Viha Driver in the preferences, the
> > MACJack driver will be loaded automatically. Also make sure that you
> > do not use channel hopping.*
> I have successfully broken a network or two with this method, but it was
> probably a year ago when I was trying it. Since then I've upgraded OS X
> to 10.3.x, and my second wireless NIC is not supported (yet). So I lack
> the ability to play with this currently.
> >My current project is
> >to put a *BSD box in between the wireless router and the internet/LAN
> >access, but that's kind of an end-run around getting Linux wireless to
> >be more secure.
> End-run or not, you should often do what works best. Linux is a
> powerful tool, but don't neglect to use the right tool for the right job.
> Aaron J.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
Uh-huh, I know I ain't hearin' that see. You tellin' or you askin'?
Cuz nobody tells Boxy Brown. - Boxy Brown
More information about the TriLUG