On Wed, 2002-08-28 at 11:10, Hewitt Tech wrote: > The other good reason for waiting for 802.11g is that the 802.11b standard > has a very weak WEP implementation and I believe the g standard will correct > that. What I know about the 802.11b standard is that there are two WEP > encryption levels, 64 and 128 bit (actually less because there is a 24 bit > table of seed values).
The SMC device that I mentioned earlier says that it does 256-bit WEP. > Although you will hear people say that using WEP is > useless, the truth is that not using WEP means you're running a wide open > network. Anyone with a Pringles can antenna and a wireless card can > participate in your wireless setup from as far as a couple of miles away. There are a few ways that this can be curtailed. The most obvious is to run a VPN between the wireless clients. The other is to use some of the features of the router/firewall's DHCP server. This particular device does MAC address registration, so unless they know one of the two MAC addresses and can spoof it, they can't get on to the network (in theory). It seems like a lot of time and effort, and a whole lot of guess work. Of course, if they set up their own base station close enough, I suppose they could sniff the ARP's. > The Orinoco PCMCIA cards have antenna connectors built into them. The 64 bit > WEP supposedly requires about 15 minutes worth of packet traffic for a > cracker to exploit while the 128 bit flavor takes 15 hours of traffic. There > are already proprietary solutions. I believe Cisco is using a dynamic keying > mechanism to change keys every 5 minutes or so. That means that cracking > their setup would be very difficult. The problem is that it's a proprietary > solution and only works when you are using their hardware exclusively. Another problem is that since it is proprietary, no one really knows how secure it is, since it can't be independantly verified. Closed encryption usually falls over. > Of course if someone is really determined to crack your systems they can > probably manage it but I don't think it's wise to leave the door completely > open. If you leave the door open, they will walk right in. If you lock the door, only the truly determined will bother to pick the lock. That will happen on a hard-wired network as well. C-Ya, Kenny -- ---------------------------------------------------------------------------- "Tact is just *not* saying true stuff" -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xCB254DD0 _______________________________________________ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss