• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

WEP Cracking - A real threat?

I

imported_spinoza

Member
I've seen a lot of sites that claim that cracking WEP is trivial. However, reading further leads me to believe that it's not quite as easy as some people say. So, educate me.

1. Are all of the tools still Linux-only?

2. Does it require two laptops (or, at a bare minimum, two wireless cards in one machine)?

3. Are the tools still picky about the chipset manufacturer of one's wireless card?

4. Does it still require millions of packets for analysis?

Thanks. The answers to these questions will help settle a debate between me and a friend.
 
1. No idea, who doesn't have a Linux install at this point? 😛
2. No. You should be able to aireplay and airodump from the same card.
3. Probably, but atheros, ralink, and realtek chipsets are fairly common.
4. Nope, thanks to aircrack-ptw.

EDIT: Actually I know #1. They are not all Linux only.
 
WEP should no longer be considered a method of wireless encryption, IMHO. While it will keep out the clueless users it's childs play to crack for any script kiddie.
 
Originally posted by: spinoza
Originally posted by: Zolty
WEP can be cracked in 15 minutes using 1 laptop.
Click to expand...

I've seen this claim, but I've never been able to verify it. It seems like there are a lot of gotchas.
Click to expand...

There are no gotchas. There are tools (very new) available to crack 128bit WEP in under 10 minutes.
 
It took my relatively slow laptop (Sempron 3000) a little under 30 minutes to crack a WEP key on the wireless network at one of my client offices. The boss stubbornly insisted that "an IT expert I know" told him that WEP was more than enough security for an insurance broker and he needed a bit of education. 😉

I had not used any WEP cracking tool previously and just picked the first one I found. Even as a complete beginner with the tools I had no problem at all getting into their wireless network in a very short amount of time. I imagine that with better tools (and better knowledge of the program) it could be done much faster.
 
Yes, but see my original post. Do they still require two Linux laptops with certain brands of wireless cards? What I'm getting at is whether the process of WEP cracking is still out of reach for the average Windows user. If cracking WEP is still difficult, it's good enough for home use.
 
Originally posted by: spinoza
Yes, but see my original post. Do they still require two Linux laptops with certain brands of wireless cards? What I'm getting at is whether the process of WEP cracking is still out of reach for the average Windows user. If cracking WEP is still difficult, it's good enough for home use.
Click to expand...

That was answered already. You do not need linux or 2 systems.
 
Originally posted by: Fardringle
It took my relatively slow laptop (Sempron 3000) a little under 30 minutes to crack a WEP key on the wireless network at one of my client offices. The boss stubbornly insisted that "an IT expert I know" told him that WEP was more than enough security for an insurance broker and he needed a bit of education. 😉

I had not used any WEP cracking tool previously and just picked the first one I found. Even as a complete beginner with the tools I had no problem at all getting into their wireless network in a very short amount of time. I imagine that with better tools (and better knowledge of the program) it could be done much faster.
Click to expand...

Ah yes so many IT experts out there people claim.
At this position a CCIE who was leaving to work at another high paying position and I was taking his job explained to me, and I did a double take, MAC filtering is good enough for the wireless.

Makes me wonder if they just hand these certs out provided the check clears.

I have another great story about an MCSE + CCNP at a contract gig decided to help one of the HR people get printing access to the network printer. The HR person was contract and was part of a different domain. So this brainiac took the laptop out of the domain.

Needless to say thanks to cert man the laptop was heading back to HQ for a little work.
 
Hey now...be nice!!

I am a MCSE that happens to be a Sys Admin for a large university. I dont think MAC filtering is enough nor would I ever un-join a computer from a domain...haha. For real some us cert people are very qualified.

John

Originally posted by: Genx87
Originally posted by: Fardringle
It took my relatively slow laptop (Sempron 3000) a little under 30 minutes to crack a WEP key on the wireless network at one of my client offices. The boss stubbornly insisted that "an IT expert I know" told him that WEP was more than enough security for an insurance broker and he needed a bit of education. 😉

I had not used any WEP cracking tool previously and just picked the first one I found. Even as a complete beginner with the tools I had no problem at all getting into their wireless network in a very short amount of time. I imagine that with better tools (and better knowledge of the program) it could be done much faster.
Click to expand...

Ah yes so many IT experts out there people claim.
At this position a CCIE who was leaving to work at another high paying position and I was taking his job explained to me, and I did a double take, MAC filtering is good enough for the wireless.

Makes me wonder if they just hand these certs out provided the check clears.

I have another great story about an MCSE + CCNP at a contract gig decided to help one of the HR people get printing access to the network printer. The HR person was contract and was part of a different domain. So this brainiac took the laptop out of the domain.

Needless to say thanks to cert man the laptop was heading back to HQ for a little work.
Click to expand...

 
I know there are lots of qualified people with certs and I was huffing a little above. But I have found it funny over the year how many people I have met get certs, brag about it, then end up knowing dick because their head has been in a book for the past 9 months 😀

I happen to be a sys admin who doesnt have a cert but is about to embark on a Server 2003 MCSE. 😉

 
You must log in or register to reply here.

TRENDING THREADS

Back
Top