Interesting experiement with my laptop and unsecure wireless networks.

[MercenaryForHire]

What with people claiming that WEP is secure, that MAC address filtering is enough, and that "no one would spend the time to hack WEP" ... I don't know where to start in this thread.

- M4H

 

[Dulanic]

Originally posted by: DLeRium

Originally posted by: FoBoT
he means WEP can be decoded on the fly
you have to use WPA or higher means to get any worthwhile protection


unless you only live near cows. cows cannot yet decode WEP

WEP is not too hard to decode. WPA can be decoded too but if you use TSIK, you're onto a new key already by the time someone has you decoded.

WEP is considered secure. Most people wo uldn't sit there for hours trying to sniff out your key.

I live in an apartment building and all but 1 networks are secure. That makes about ~10 or so.

However I usually take my chances going to friends' apartments. I can almost always find 1 thats not secured.

Suprising in my apartments I can see about 8 networks, 2 secure 6 unsecure. Most named D-Link or Linksys or Netgear too 😛

 

[Specop 007]

Originally posted by: MercenaryForHire
What with people claiming that WEP is secure, that MAC address filtering is enough, and that "no one would spend the time to hack WEP" ... I don't know where to start in this thread.

- M4H

Its not a matter of being secure or not.
Someone with enough time and motivation can get in no matter what you do short of turning off the power.
The point is will it be sufficiently a pain in the ass that they dont want to spend their time getting in.
If you were a major financial institution its a very real concern. As a home network, is someone really going to spend even 15 minutes to get in to do something malicious?
Doubtful.

 

[FoBoT]

Originally posted by: randalee
No we're not talking HOURS sniffing for a key. The key isn't transmitted. 🙂 Fire up Ethereal and listen to a wireless conversation between an AP and a node. You must know the brand of wifi AP, etc., but that can usually be determined with NetStumbler or Air Snort.

Anyhow, take ONE single packet from the encrypted conversation. Flip one bit of the conversation with a hex editor. ONE BIT -- ie change a 0A to an A0 or whatever you want. Transmit that packet to the AP, and it comes back with a standard error message. (One which you have researched and found out on the web.) However, this error message is encrypted using the WEP KEY.

Well guess what? You know how the error message would read in plain text. You now have an encrypted version of this error message. All it takes is letting your CPU pound at it for a little bit to figure out the key.

15-20 minutes on a standard PC is usually enough CPU time to decode the key.

see? that is what he meant by WEP is a waste of time (except with cows, they don't know how to read the plain text error messages)

 

[ryan256]

Its fun to screw with unsecured routers. Set them to not alllow WAN connectivity for an hour every day. Most people will have no clue whats going on. Only that the internet thingy don't work. 😛

 

[nakedfrog]

Originally posted by: MercenaryForHire
What with people claiming that WEP is secure, that MAC address filtering is enough, and that "no one would spend the time to hack WEP" ... I don't know where to start in this thread.

- M4H

Well, you could start by... making a helpful, informative post directing people to resources they could use to secure their wireless networks to M4H's standards 😉

 

[nakedfrog]

As it is, unless somebody wants to prove a point, I'm not sure why they'd bother to get into mine when there's a completely unsecured one in the same area 😛

 

[MercenaryForHire]

Originally posted by: nakedfrog

Originally posted by: MercenaryForHire
What with people claiming that WEP is secure, that MAC address filtering is enough, and that "no one would spend the time to hack WEP" ... I don't know where to start in this thread.

- M4H

Well, you could start by... making a helpful, informative post directing people to resources they could use to secure their wireless networks to M4H's standards 😉

Okay. "Three steps to better security?"

1. Turn on WPA.
If you don't know how, read your router's manual.
If your router doesn't support WPA, buy a new one. I suggest a hackable WRT54G.

2a. Make a strong passphrase for WPA-PSK.
Perhaps a saying that is on your mind at the given time, then intermix it with a number or symbol between each word. The1quick2brown3fox4jumped%over^the&lazy*dog is easy to remember, but damned near impossible to guess. Sticky-note it on the bottom of your router if you've got a memory like a sieve - if someone has physical access to your hardware, it's 0wN3d anyways. 😛

2b. Set up a RADIUS server.
http://www.tinypeap.com - Go get yourself one and run it on your 24/7 box. (If you're considering running a home RADIUS server, it's fairly safe to assume you have at least one machine going round-the-clock.) Better yet, run it on your hacked WRT54G. 🙂

3. Profit!
Send M4H some :beer: money. I never said whose profit it was. 🙂

- M4H

 

[KarenMarie]

sitting in my living room, on my laptop... there are FOUR networks available to me. Mine is password protected and i am using encrypted. the other three are unprotected. well, they were until i found one that belonged to my friend across the street and went over and sorted it out for her. now there are two and two.

 

[MercenaryForHire]

Originally posted by: KarenMarie
sitting in my living room, on my laptop... there are FOUR networks available to me. Mine is password protected and i am using encrypted. the other three are unprotected. well, they were until i found one that belonged to my friend across the street and went over and sorted it out for her. now there are two and two.

I was hoping you'd post. Your sig,

OMGWTFBBQMIKECLINTDIEINAFIRESPIDERREPOXYG&LSTABHERIBTLNEFSTEP3PROFIT!

would be an excellent, highly secure (except for being posted here 😉 ) passphrase. 😀

- M4H

 

[nakedfrog]

Originally posted by: MercenaryForHire

Originally posted by: nakedfrog

Originally posted by: MercenaryForHire
What with people claiming that WEP is secure, that MAC address filtering is enough, and that "no one would spend the time to hack WEP" ... I don't know where to start in this thread.

- M4H

Well, you could start by... making a helpful, informative post directing people to resources they could use to secure their wireless networks to M4H's standards 😉

Okay. "Three steps to better security?"

1. Turn on WPA.
If you don't know how, read your router's manual.
If your router doesn't support WPA, buy a new one. I suggest a hackable WRT54G.

2a. Make a strong passphrase for WPA-PSK.
Perhaps a saying that is on your mind at the given time, then intermix it with a number or symbol between each word. The1quick2brown3fox4jumped%over^the&lazy*dog is easy to remember, but damned near impossible to guess. Sticky-note it on the bottom of your router if you've got a memory like a sieve - if someone has physical access to your hardware, it's 0wN3d anyways. 😛

2b. Set up a RADIUS server.
http://www.tinypeap.com - Go get yourself one and run it on your 24/7 box. (If you're considering running a home RADIUS server, it's fairly safe to assume you have at least one machine going round-the-clock.) Better yet, run it on your hacked WRT54G. 🙂

3. Profit!
Send M4H some :beer: money. I never said whose profit it was. 🙂

- M4H

Now what about my Nintendo DS and my 1.5 PSP?

 

[MisterJackson]

Mine's unsecure. I could give two fvcks less as long as my bandwidth doesn't drop to 0.

 

[zanieladie]

Originally posted by: ViviTheMage
people dont know how to set it up, plain and simple.
or even what secure and unsecure means!

This is probably the answer...

 

[spidey07]

Originally posted by: nakedfrog

Now what about my Nintendo DS and my 1.5 PSP?

Then run multiple SSID/encryption/vlans on your wireless and firewall it off.

wep/mac filter on one, wpa on the other. Also doable with two APs if you AP doesn't support wireless VLANs.

 

[Kaervak]

Originally posted by: MercenaryForHire

Okay. "Three steps to better security?"

1. Turn on WPA.
If you don't know how, read your router's manual.
If your router doesn't support WPA, buy a new one. I suggest a hackable WRT54G.

2a. Make a strong passphrase for WPA-PSK.
Perhaps a saying that is on your mind at the given time, then intermix it with a number or symbol between each word. The1quick2brown3fox4jumped%over^the&lazy*dog is easy to remember, but damned near impossible to guess. Sticky-note it on the bottom of your router if you've got a memory like a sieve - if someone has physical access to your hardware, it's 0wN3d anyways. 😛

2b. Set up a RADIUS server.
http://www.tinypeap.com - Go get yourself one and run it on your 24/7 box. (If you're considering running a home RADIUS server, it's fairly safe to assume you have at least one machine going round-the-clock.) Better yet, run it on your hacked WRT54G. 🙂

3. Profit!
Send M4H some :beer: money. I never said whose profit it was. 🙂

- M4H

Or if you don't feel like typing out some ungodly long passphrase, <a target=_blank class=ftalternatingbarlinklarge href="https://www.grc.com/passwords">https://www.grc.com/passwords</a> will generate Hex, ASCII & Alpha-Numeric 63 character passphrases for you. And if you own any Athereos based gear, it can do WPA2, which uses AES for it's encryption protocall.

 

[AmigaMan]

Originally posted by: spidey07

Originally posted by: nakedfrog

Now what about my Nintendo DS and my 1.5 PSP?

Then run multiple SSID/encryption/vlans on your wireless and firewall it off.

wep/mac filter on one, wpa on the other. Also doable with two APs if you AP doesn't support wireless VLANs.

riiiiiiiiiight. And we wonder why most people don't even bother. I say meh, WEP is enough.

 

[MotionMan]

I am posting this thru one of four unsecured wireless networks that are available in the conference room I am sitting in right now.

Unsecured wireless networks help keep me awake at depositions.

😉

MotionMan

 

[nakedfrog]

Originally posted by: spidey07

Originally posted by: nakedfrog

Now what about my Nintendo DS and my 1.5 PSP?

Then run multiple SSID/encryption/vlans on your wireless and firewall it off.

wep/mac filter on one, wpa on the other. Also doable with two APs if you AP doesn't support wireless VLANs.

I'm not sure my router can handle all that, and I'm not about to go out and buy another one 😛
I'm stuck with the crappy v5 WRT54G, the one that runs VxWorks instead of Linux.

 

[otispunkmeyer]

mine isnt secured

but then if you wanted it, you'd have to be sat on the path outside my house, and that would look suspicious.

basically where i live is a detached house, the room with the router in it is closest to the road (ie a good 10 from the room to the road) also our house is a fairly old house with thick brick walls. so by the time the wifi signal has reached the dining room its at 30% anyfurther (ie going outside now) and you cant pick it up. that eliminates the neibourghs sneaking on my wireless.

so if you wanted my wireless the only option you have is to be outside on the road

 

[sygyzy]

That is not actually interesting at all. I can't believe people still post about this and about Nigerian Scam emails. Stop it already.

 

[aceO07]

Originally posted by: nakedfrog

Originally posted by: spidey07

Originally posted by: nakedfrog

Now what about my Nintendo DS and my 1.5 PSP?

Then run multiple SSID/encryption/vlans on your wireless and firewall it off.

wep/mac filter on one, wpa on the other. Also doable with two APs if you AP doesn't support wireless VLANs.

I'm not sure my router can handle all that, and I'm not about to go out and buy another one 😛
I'm stuck with the crappy v5 WRT54G, the one that runs VxWorks instead of Linux.

There's an alpha version of DD-WRT that is supposed to do it. Unfortunately, you don't have the proper version of WRT54G to try it.