Re: [Full-disclosure] WEEPING FOR WEP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ahh those windows, drafty things, always letting the elements in, might want to get some plastic up over em'... better yet, replace them altogether. - -tlc Mike Vasquez wrote: Nice, even better. So that means a lot of the higher end APs that use sophisticated techniques (smaller IV pools, dynamic, etc) are going to be much less effective. I know a few large entities that will be affected negatively. Time to seriously upgrade the wireless security! People who don't think they need more than wep are fooling themselves. Kids will a) build that cool pringles can antenna to experiment... b) run kismet to explore the wireless around them, and c) practice their wepcracking on your network. what's next? Exploring your windows machines once they're on. They'll be destructive just b/c they can. Keylogger on your home pc? cake. Do you patch every day? All they need is one windows vulnerability to get access to all your data. Anything think that if they wait long enough, a windows flaw will come around? hrm? and *then* your network will be... their network. It's really not that far fetched. On 4/6/07, [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: With the newest crack released earlier this week from the German researchers that reduces the number of packets by an order of magnitude, that's under 1 minute on average with ARP replay on an 802.11g network. About 20 seconds average if the network is going full blast on its own. http://blogs.techrepublic.com.com/Ou/?p=464 George Original Message Subject: Re: [Full-disclosure] WEEPING FOR WEP From: Mike Vasquez [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Date: Fri, April 06, 2007 1:22 pm To: full-disclosure@lists.grok.org.uk mailto:full-disclosure@lists.grok.org.uk And traffic rate shouldn't be in the discussion either, since arp-replay allows enough packets to be captured, on most home equipment, in about 20 minutes if you're unlucky, and attacking 128-bit wep. 64 bit keys can be had in under 5 minutes, 128 in under 10, and all you have to do is be connected for that length of time. On 4/6/07, [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: But WPA-PSK mode is even easier to use than WEP. Why would you use WEP. Distance isn't really a problem with a pringle can antenna. George ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ http://secunia.com/%3C/pre ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGGjuInBEWLrrYRl8RAtCzAJ9gnQ6Dhkop1UPKljj838IKdL62wwCeP8rY 3bdPwHcY5nJGOp6gRDl0JO4= =NLCA -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] WEEPING FOR WEP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 seconds. Knowing that WEP is no more secure than a plastic luggage lock, many people are questioning whether WEP is even useful at all. While I certainly do not recommend WEP for high security (or even moderate risk) environments, you need to remember: security is a measurement of risk. If the threat is low enough, then WEP should be fine. WEP actually has three things going in its favor: * Availability: While there are many alternatives to WEP, such as WPA and LEAP, only WEP is widely available. Hotels and coffee shops that only cater to WPA or LEAP will not support many of their customers. However, if you support WEP then everyone should be able to access the network. * Better than nothing: There's a saying in Colorado: I don't have to run faster than the bear, I just have to run faster than you. If a casual war driver or WiFi-parasite has the option to use your WEP system or your neighbor's open system, they will always choose your neighbor. Having WEP makes you less desirable than an open WiFi because there is no effort needed to use the network. If you happen to live next to a coffee shop or library that offers free WiFi, then the casual wireless user who just wants Internet access will always choose free over the hassle of cracking WEP. While WEP does not block a determined attacker who wants your network, it will stop opportunistic network users. Attackers tend to not be sophisticated and do not choose their targets. Attackers are much like Russian roulette players, and like Russian roulette players are usually both Russian and not very intelligent. * Intent: This is a biggie. If someone trespassed on your private network through an open wireless access point, then proving digital trespassing can be very difficult. However, if the user must bypass your minimalist WEP security, then they clearly show intent to trespass. Consider WEP like a low fence around a swimming pool. Without the fence, you are in trouble if a neighborhood kid drowns in the pool. It's an attractive nuisance. However, with the fence, you should be covered if a kid climbs the fence and drowns. It's still bad, but you have a standing to refute blamed since you put up a barrier, even if the barrier was minimal. As far as WEP goes, it may not be very secure, but it is better than the open-network alternative. If you have the option to use a stronger security algorithm, then definitely do that. However, if you have no other option, then WEP is better than nothing. - - Dr. Neal Krawetz, PhD Author of An Advanced Guide to chmod(1) and An Introduction to Graphical Wrappers for apt and dpkg in Ubuntu I am best known for spending two weeks figuring out alternatives to single user mode on my Mac. PhD powah! http://www.hackerfactor.com/blog/ -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkYWcbAACgkQDpFP8dW5K4aMSQP8CnJ3MAgAUBhBpVESlhsZppveFAwz FA92uVeBAZMR4d1s4YlPuGuiAd8X14/Q9yZmXdQthKxdteADfviJwPsqos/HDXvep6Zb wAQZfO1VLFofT1/rJ5j3rJ2gvcGu1BI7RFfX2/Sic+lVCD2aTRcpBl/G4+8lX4xjIJHC XlaWIdQ= =o3+F -END PGP SIGNATURE- -- Click to consolidate debt and lower month expenses http://tagline.hushmail.com/fc/CAaCXv1QPxZfhpzcJ4Xn8PICitIjcFxD/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WEEPING FOR WEP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I use WEP at home, even though my house is far enough from the road to make it rather difficult for someone to jump on my network. Even if someone decided to hide in the woods at the edge of my yard with a laptop they're more likely to be eaten by a bear, sprayed by a skunk, or chewed alive by mosquitoes than collecting enough packets to crack the WEP key, so WPA or LEAP would be overkill. Like you said, measurement of risk. [EMAIL PROTECTED] wrote: seconds. Knowing that WEP is no more secure than a plastic luggage lock, many people are questioning whether WEP is even useful at all. While I certainly do not recommend WEP for high security (or even moderate risk) environments, you need to remember: security is a measurement of risk. If the threat is low enough, then WEP should be fine. WEP actually has three things going in its favor: * Availability: While there are many alternatives to WEP, such as WPA and LEAP, only WEP is widely available. Hotels and coffee shops that only cater to WPA or LEAP will not support many of their customers. However, if you support WEP then everyone should be able to access the network. * Better than nothing: There's a saying in Colorado: I don't have to run faster than the bear, I just have to run faster than you. If a casual war driver or WiFi-parasite has the option to use your WEP system or your neighbor's open system, they will always choose your neighbor. Having WEP makes you less desirable than an open WiFi because there is no effort needed to use the network. If you happen to live next to a coffee shop or library that offers free WiFi, then the casual wireless user who just wants Internet access will always choose free over the hassle of cracking WEP. While WEP does not block a determined attacker who wants your network, it will stop opportunistic network users. Attackers tend to not be sophisticated and do not choose their targets. Attackers are much like Russian roulette players, and like Russian roulette players are usually both Russian and not very intelligent. * Intent: This is a biggie. If someone trespassed on your private network through an open wireless access point, then proving digital trespassing can be very difficult. However, if the user must bypass your minimalist WEP security, then they clearly show intent to trespass. Consider WEP like a low fence around a swimming pool. Without the fence, you are in trouble if a neighborhood kid drowns in the pool. It's an attractive nuisance. However, with the fence, you should be covered if a kid climbs the fence and drowns. It's still bad, but you have a standing to refute blamed since you put up a barrier, even if the barrier was minimal. As far as WEP goes, it may not be very secure, but it is better than the open-network alternative. If you have the option to use a stronger security algorithm, then definitely do that. However, if you have no other option, then WEP is better than nothing. - Dr. Neal Krawetz, PhD Author of An Advanced Guide to chmod(1) and An Introduction to Graphical Wrappers for apt and dpkg in Ubuntu I am best known for spending two weeks figuring out alternatives to single user mode on my Mac. PhD powah! http://www.hackerfactor.com/blog/ - -- Click to consolidate debt and lower month expenses http://tagline.hushmail.com/fc/CAaCXv1QPxZfhpzcJ4Xn8PICitIjcFxD/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ - -- Troy Cregger Lead Developer, Technical Products. Kennedy Information, Inc One Phoenix Mill Ln, Fl 3 Peterborough, NH 03458 (603)924-0900 ext 662 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGFpY5nBEWLrrYRl8RAujxAJ4/emoKx9/vwwteZeGrBdEQNJq7YwCfRT+H w5n4HjI21HB4ENS5a2hkTI0= =8pPp -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WEEPING FOR WEP
On Fri, 06 Apr 2007 14:49:29 EDT, Troy Cregger said: Even if someone decided to hide in the woods at the edge of my yard with a laptop they're more likely to be eaten by a bear, sprayed by a skunk, or chewed alive by mosquitoes than collecting enough packets to crack the WEP key, so WPA or LEAP would be overkill. That's one bad-ass woods you live in, or one *really* low packet rate network. Given the recent attacks that can do the break based on only a few minutes of packet capture on a moderately busy network, it shouldn't be more than a long afternoon's work. Eaten by a bear is *exceedingly* rare, most skunks won't spray unless you corner them, and if you have any brains it will take mosquitoes a long afternoon to chew you alive unless you're in swampland. I will however grant you that rabid skunks are both fairly common and bad news. pgpU3M6K1ncjm.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WEEPING FOR WEP
On Fri, 6 Apr 2007 [EMAIL PROTECTED] wrote: ... moderate risk) environments, you need to remember: security is a measurement of risk. If the threat is low enough, then WEP should be fine. ... Wait just a minute. Do you propose to say that security is an economic good, with associated opportunity costs and benefits? But just the other day, all the anti-virus vendors and trade rags in the world seemed to say that security was binary, and on is the preferred state. What the sam scratch is going on around here? Do I have to make a tradeoff, again? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WEEPING FOR WEP
On Fri, 06 Apr 2007 13:05:00 MDT, Bruce Ediger said: Wait just a minute. Do you propose to say that security is an economic good, with associated opportunity costs and benefits? But just the other day, all the anti-virus vendors and trade rags in the world seemed to say that security was binary, and on is the preferred state. Well, people who do it for a living understand it's a tradeoff continuum, where fractional values make sense, and the most sensible setting varies from place to place. But when you're trying to sell to Joe Sixpack, or a PHB in upper management, confusing him with more than two choices (Good and Bad) just pisses him off and loses you the sale. pgpGxMYkslgL5.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WEEPING FOR WEP
I use WEP at home, even though my house is far enough from the road to make it rather difficult for someone to jump on my network. Really? Like how far? I've done point-to-multipoint (me with 24db parabolic, them with a standard omni) at 6 miles (granted, I was on the 12th floor of a building). Even if someone decided to hide in the woods at the edge of my yard with a laptop they're more likely to be eaten by a bear, sprayed by a skunk, or chewed alive by mosquitoes 2 Linksys boxes running OpenWRT and a decent battery (actually using WDS you could have a whole string of such devices) sort of negates the mosquito/bear/skunk problem if you're so far away that you can't be found with a reasonably high-gain antenna. WEP is basically a screen door, and always has been. ~Mike. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WEEPING FOR WEP
But WPA-PSK mode is even easier to use than WEP. Why would you use WEP. Distance isn't really a problem with a pringle can antenna. George Original Message Subject: Re: [Full-disclosure] WEEPING FOR WEPFrom: Troy Cregger [EMAIL PROTECTED]Date: Fri, April 06, 2007 11:49 amTo: [EMAIL PROTECTED]Cc: full-disclosure@lists.grok.org.uk-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I use WEP at home, even though my house is far enough from the road to make it rather difficult for someone to jump on my network. Even if someone decided to hide in the woods at the edge of my yard with a laptop they're more likely to be eaten by a bear, sprayed by a skunk, or chewed alive by mosquitoes than collecting enough packets to crack the WEP key, so WPA or LEAP would be overkill. Like you said, measurement of risk. neal.krawetz@mac.hush.com wrote: seconds. Knowing that WEP is no more secure than a plastic luggage lock, many people are questioning whether WEP is even useful at all. While I certainly do not recommend WEP for high security (or even moderate risk) environments, you need to remember: security is a measurement of risk. If the threat is low enough, then WEP should be fine. WEP actually has three things going in its favor: * Availability: While there are many alternatives to WEP, such as WPA and LEAP, only WEP is widely available. Hotels and coffee shops that only cater to WPA or LEAP will not support many of their customers. However, if you support WEP then everyone should be able to access the network. * Better than nothing: There's a saying in Colorado: I don't have to run faster than the bear, I just have to run faster than you. If a casual war driver or WiFi-parasite has the option to use your WEP system or your neighbor's open system, they will always choose your neighbor. Having WEP makes you less desirable than an open WiFi because there is no effort needed to use the network. If you happen to live next to a coffee shop or library that offers free WiFi, then the casual wireless user who just wants Internet access will always choose free over the hassle of cracking WEP. While WEP does not block a determined attacker who wants your network, it will stop opportunistic network users. Attackers tend to not be sophisticated and do not choose their targets. Attackers are much like Russian roulette players, and like Russian roulette players are usually both Russian and not very intelligent. * Intent: This is a biggie. If someone trespassed on your private network through an open wireless access point, then proving digital trespassing can be very difficult. However, if the user must bypass your minimalist WEP security, then they clearly show intent to trespass. Consider WEP like a low fence around a swimming pool. Without the fence, you are in trouble if a neighborhood kid drowns in the pool. It's an "attractive nuisance". However, with the fence, you should be covered if a kid climbs the fence and drowns. It's still bad, but you have a standing to refute blamed since you put up a barrier, even if the barrier was minimal. As far as WEP goes, it may not be very secure, but it is better than the open-network alternative. If you have the option to use a stronger security algorithm, then definitely do that. However, if you have no other option, then WEP is better than nothing. - Dr. Neal Krawetz, PhD Author of "An Advanced Guide to chmod(1)" and "An Introduction to Graphical Wrappers for apt and dpkg in Ubuntu" I am best known for spending two weeks figuring out alternatives to single user mode on my Mac. PhD powah! http://www.hackerfactor.com/blog/ - -- Click to consolidate debt and lower month expenses http://tagline.hushmail.com/fc/CAaCXv1QPxZfhpzcJ4Xn8PICitIjcFxD/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ - -- Troy Cregger Lead Developer, Technical Products. Kennedy Information, Inc One Phoenix Mill Ln, Fl 3 Peterborough, NH 03458 (603)924-0900 ext 662 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGFpY5nBEWLrrYRl8RAujxAJ4/emoKx9/vwwteZeGrBdEQNJq7YwCfRT+H w5n4HjI21HB4ENS5a2hkTI0= =8pPp -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WEEPING FOR WEP
* Intent: This is a biggie. If someone trespassed on your private network through an open wireless access point, then proving digital trespassing can be very difficult. However, if the user must bypass your minimalist WEP security, then they clearly show intent to trespass. Accessing it is different than listening to it. Assuming I don't do ARP replay or other L2 games because I'm impatient, I've never really trespassed since you were blasting your signal into a public area, and it's an unlicensed band. (IANAL .. anyone have a case law link for the above conjecture?) Consider WEP like a low fence around a swimming pool. Without the fence, you are in trouble if a neighborhood kid drowns in the pool. It's an attractive nuisance. However, with the fence, you should be covered if a kid climbs the fence and drowns. It's still bad, but you have a standing to refute blamed since you put up a barrier, even if the barrier was minimal. Depends .. can they convince the jury that your fence wasn't *really* tall enough? Remember .. here in the US, store owners get sued because a burglar falls through the roof during the course of a break-in. Put another way, if I use a system known to be ineffective (a twist-tie on a gate lock, to use the above pool example) it could be plausibly argued that you in effect made no effort at all. Once someone writes a network widget that automates the (capture - crack - connect) process, it could probably argued the same way for WEP (again .. IANAL). ~Mike. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WEEPING FOR WEP
And traffic rate shouldn't be in the discussion either, since arp-replay allows enough packets to be captured, on most home equipment, in about 20 minutes if you're unlucky, and attacking 128-bit wep. 64 bit keys can be had in under 5 minutes, 128 in under 10, and all you have to do is be connected for that length of time. On 4/6/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: But WPA-PSK mode is even easier to use than WEP. Why would you use WEP. Distance isn't really a problem with a pringle can antenna. George ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WEEPING FOR WEP
I do not use WEP at home. I use WPA2 on my home network. I agree with the majority of what you both have said. However, if you solely relied on the risk level as the reason not upgrading to a more secure mechanism, I would say you are doing yourself a disservice. Now since I often rely on NIST for guidance, I will reference NIST SP 800-30. Risk is a function of the likelihood of a given threat-sources exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization. Now we might not allow agree with NIST or follow what they write, but they are smart people doing a good job from my point of view. However, I would have to say for almost all home users and even most business environments the impact that a successful attack would also be rated as low. These conversations have been focusing on likelihood of an attack. Well likelihood can fluctuate all of the time. It will probably be low, but it can change depending on your environment from a day-to-day basis. So let's just say for the purposes of the discussion that there was a very high likelihood someone is going to attack your home WEP network and they are also capable of doing so. Now what is the impact? I doubt the real potential impact would be crucial to ruin or end your life. If you go to shopping and banking sites that use TLS/SSL and you check your certs you probably won't have your credit card information or identity stolen. For them to actually break into your machine once on the network there would have to be more vulnerabilities resulting in the compromise of your machine. Maybe the person launches attacks and does bad stuff from your IP address and you might at worst get paid a visit (worst case scenario). When you look at the impact that would probably caused you have a low impact. Couple that with a low, medium, or high likelihood and you still have LOW risk. By these definitions WEP good enough in most situations. Heck by these definitions an open network might even be low risk in many cases. There is no question that there is a vulnerability with WEP that can be exploited. The question is whether or not someone will actually take the time to exploit this vulnerability and what will happen as a result? What I am getting at is that the cost of using WPA2 in many instances is negligible if there is a cost at all. How many people are using a Linksys WRT54G and a laptop that is less than 3 years old. Chances are all of these users can support WPA at minimum. I've had to run a separate network for WEP users so I am not oblivious to that fact that not everyone supports it. However, their are PCMIA/PCI/USB wireless cards that can be added at a low cost *if* WPA(2) is not already supported. It seems all [most] new hardware support WPA(2). The cost is very low and it's readily available and accepted. Why NOT use WPA(2) if you can? Do you use the Caesar Cipher to encrypt your data or AES-256? If you just go by risk, you could just use the Caesar Cipher half of the time. The likelihood someone will get your encrypted data is low, right? You cannot base all your decisions around risk of likelihood. Especially when there are easy, low cost, and efficient alternatives. Also, as a side note, WPA(2) Personal mode with a strong passphrase is a lot easier to remember than a WEP key...unless you have one of the utilities that generates the key for you. Even then you have diminishing returns. Steven -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I use WEP at home, even though my house is far enough from the road to make it rather difficult for someone to jump on my network. Even if someone decided to hide in the woods at the edge of my yard with a laptop they're more likely to be eaten by a bear, sprayed by a skunk, or chewed alive by mosquitoes than collecting enough packets to crack the WEP key, so WPA or LEAP would be overkill. Like you said, measurement of risk. [EMAIL PROTECTED] wrote: seconds. Knowing that WEP is no more secure than a plastic luggage lock, many people are questioning whether WEP is even useful at all. While I certainly do not recommend WEP for high security (or even moderate risk) environments, you need to remember: security is a measurement of risk. If the threat is low enough, then WEP should be fine. WEP actually has three things going in its favor: * Availability: While there are many alternatives to WEP, such as WPA and LEAP, only WEP is widely available. Hotels and coffee shops that only cater to WPA or LEAP will not support many of their customers. However, if you support WEP then everyone should be able to access the network. * Better than nothing: There's a saying in Colorado: I don't have to run faster than the bear, I just have to run faster than you. If a casual war driver or WiFi-parasite has the option to use your WEP system or your neighbor's open system, they will always choose your
Re: [Full-disclosure] WEEPING FOR WEP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Really? Like how far? Like, I can probably get my car up over 45mph(72.42kph) before I get to the end of my driveway far. I've done point-to-multipoint (me with 24db parabolic, them with a standard omni) at 6 miles (granted, I was on the 12th floor of a building). Yeah, there's some cool shit that can be done with wireless/WRT/WDS/parabolocs... a friend of mine was experimenting with some directional antenna and the WRT54Gs running one of the 3rd party firmwares. He got some pretty far reaching signals. But he had tall buildings around too. Where I'm at, you'd be in a tree. 2 Linksys boxes running OpenWRT and a decent battery (actually using WDS you could have a whole string of such devices) sort of negates the mosquito/bear/skunk problem if you're so far away that you can't be found with a reasonably high-gain antenna. You'll need a bunch of em... it takes me 25 minutes to drive to the grocery, and I know a shortcut. WEP is basically a screen door, and always has been. True, I won't argue with that. I just need to deter the neighbors from trying a simplified version of the above so they can get free broadband access, but even if it was an open AP, I doubt anyone would bother. Where I live, I'm lucky if my broadband connection is working at all. In the last 4 months alone I've gotten over $100 credited to me on my cable bill for downtime. My house came hard wired for a generator... that pretty much says it all right there. I wouldn't trade it for anything though, not even heating my food on the wood stove like it's 1827 when the power is out for 26 hours. NOTE: I still need to pick up a generator, anyone know of one for sale? ;o) Michael Holstein wrote: I use WEP at home, even though my house is far enough from the road to make it rather difficult for someone to jump on my network. Really? Like how far? I've done point-to-multipoint (me with 24db parabolic, them with a standard omni) at 6 miles (granted, I was on the 12th floor of a building). Even if someone decided to hide in the woods at the edge of my yard with a laptop they're more likely to be eaten by a bear, sprayed by a skunk, or chewed alive by mosquitoes 2 Linksys boxes running OpenWRT and a decent battery (actually using WDS you could have a whole string of such devices) sort of negates the mosquito/bear/skunk problem if you're so far away that you can't be found with a reasonably high-gain antenna. WEP is basically a screen door, and always has been. ~Mike. - -- Troy Cregger Lead Developer, Technical Products. Kennedy Information, Inc One Phoenix Mill Ln, Fl 3 Peterborough, NH 03458 (603)924-0900 ext 662 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGFrB6nBEWLrrYRl8RAtzTAJ0VdCKPC9i/YeV3ygqWZB/o4J4WjwCfX+4A l+uVSMn80PH0Cxw5Cwtsbyw= =AbBA -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WEEPING FOR WEP
With the newest crack released earlier this week from the German researchers that reduces the number of packets by an order of magnitude, that's under1 minute on average with ARP replay on an 802.11g network. About 20 seconds average if the network is going full blast on its own. http://blogs.techrepublic.com.com/Ou/?p=464 George Original Message Subject: Re: [Full-disclosure] WEEPING FOR WEPFrom: "Mike Vasquez" [EMAIL PROTECTED]Date: Fri, April 06, 2007 1:22 pmTo: full-disclosure@lists.grok.org.uk And traffic rate shouldn't be in the discussion either, since arp-replay allows enough packets to be captured, on most home equipment, in about 20 minutes if you're unlucky, and attacking 128-bit wep. 64 bit keys can be had in under 5 minutes, 128 in under 10, and all you have to do is be connected for that length of time. On 4/6/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: But WPA-PSK mode is even easier to use than WEP. Why would you use WEP. Distance isn't really a problem with a pringle can antenna. George ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WEEPING FOR WEP
Small plane or Balloon perhaps? http://arstechnica.com/articles/culture/warflying.ars -KF On Apr 6, 2007, at 4:41 PM, Troy Cregger wrote: Where I'm at, you'd be in a tree. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WEEPING FOR WEP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Neal, Your three WEP points of favor are interesting discussion points. #1 - Availability. That's an excellent point and one we should start pushing to change. WEP is the primary hotel wireless protocol. Hotel users usually have the choices of Open WEP or Bring Your Own. It needs to be stressed to the Hiltons and Marriotts of the world that using WEP is a huge disservice to their customers, which means we need to bullet-proof some of the other methods. I'm going through this one at work right now myself. My team convinced me that we should use WPA2 with TKIP for our new wireless service. Guess what? Most Windows-controlled wireless laptops don't have an option to select WPA2 as their authentication protocol! My team says No problem, we can just have them download a more recent version of their driver and use the software that comes with their wireless card to manage their wireless instead of the windows client. ARRRGH! *NOT* a valid answer! - --- #2 - Better than nothing. Actually, the point of the Weeping for WEP story is that its no longer any harder to break WEP than it is to connect to an open network. Demonstrated time-to-connect according to the German's paper? 60 seconds. Now, if I needed 45 minutes to get on to your network, I'd likely keep driving. But if it truly only takes 60 seconds? Its easier to get on your network than to drive to the next signal? (Unless your in my office, where from my 10th floor window I can see 51 Wireless networks, 30 open and 21 WEP without an external antenna from my Dell laptop). The infoworld article: http://www.infoworld.com/article/07/04/04/HNdontusewep_1.html and the actual paper: http://eprint.iacr.org/2007/120.pdf make it clear that 50 seconds of gathering and 3 seconds of cracking open a 104-bit WEP key. - #3 - Intent of Trespass. Well, its true that you could say He intentionally broke in, but how many wireless intrusion cases were there in the entire US last year? Three? Four? I'd rather just spend 5 minutes to update my security and be secure rather than knowing that I could prove the guy who stole my bandwidth (and identity?) did so on purpose. Thanks for sharing your thoughts! _-_ gar -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGFrcTg79eYCOO6PsRAifTAJ9RZru1L0u/TXuhRfGoWpTTZVYH6wCcCZO9 l4IycpfyP6wL6AQ/+A9zLH4= =oE3g -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WEEPING FOR WEP
Gary Warner wrote: I'm going through this one at work right now myself. My team convinced me that we should use WPA2 with TKIP for our new wireless service. Guess what? Most Windows-controlled wireless laptops don't have an option to select WPA2 as their authentication protocol! My team says No problem, we can just have them download a more recent version of their driver and use the software that comes with their wireless card to manage their wireless instead of the windows client. ARRRGH! *NOT* a valid answer! I suspect whether this is a most or not depends a lot on your hardware refresh cycle and what sort of kit you buy - if you've been buying Intel Centrino kit, it all supports WPA (the ipw2100 may not, but everything since then certainly does) so long as you've got the latest drivers and the WPA2 Hotfix for XP. I've implemented WPA2 Infrastructures recently, and the number of laptops which haven't supported WPA2 is somewhere in the 10-15% range. Oddly enough, we have two ipw2200-equipped Toshiba laptops which (even after a full reinstall, and using identical drivers/firmware to machines that do work) refuse to talk WPA2... If you have older prism kit, or a chipset like atheros which is commonly rebadged/resold, you may not have WPA2-compatible drivers/firmware for the card even if the same chipset in other vendors' devices (or in linux) supports WPA2. Thankfully, at the current point in time, sporting the Wifi logo requires WPA2 support so far as I'm aware, so anything you buy now *should* support WPA2. I'm not sure when this requirement came into effect, though.. - James. -- James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org All at sea again / And now my hurricanes Have brought down this ocean rain / To bathe me again https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3 -- smime.p7s Description: S/MIME Cryptographic Signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WEEPING FOR WEP
Nice, even better. So that means a lot of the higher end APs that use sophisticated techniques (smaller IV pools, dynamic, etc) are going to be much less effective. I know a few large entities that will be affected negatively. Time to seriously upgrade the wireless security! People who don't think they need more than wep are fooling themselves. Kids will a) build that cool pringles can antenna to experiment... b) run kismet to explore the wireless around them, and c) practice their wepcracking on your network. what's next? Exploring your windows machines once they're on. They'll be destructive just b/c they can. Keylogger on your home pc? cake. Do you patch every day? All they need is one windows vulnerability to get access to all your data. Anything think that if they wait long enough, a windows flaw will come around? hrm? and *then* your network will be... their network. It's really not that far fetched. On 4/6/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: With the newest crack released earlier this week from the German researchers that reduces the number of packets by an order of magnitude, that's under 1 minute on average with ARP replay on an 802.11g network. About 20 seconds average if the network is going full blast on its own. http://blogs.techrepublic.com.com/Ou/?p=464 George Original Message Subject: Re: [Full-disclosure] WEEPING FOR WEP From: Mike Vasquez [EMAIL PROTECTED] Date: Fri, April 06, 2007 1:22 pm To: full-disclosure@lists.grok.org.uk And traffic rate shouldn't be in the discussion either, since arp-replay allows enough packets to be captured, on most home equipment, in about 20 minutes if you're unlucky, and attacking 128-bit wep. 64 bit keys can be had in under 5 minutes, 128 in under 10, and all you have to do is be connected for that length of time. On 4/6/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: But WPA-PSK mode is even easier to use than WEP. Why would you use WEP. Distance isn't really a problem with a pringle can antenna. George -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ http://secunia.com/%3C/pre ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WEEPING FOR WEP
Security is not a state. It is a practise. On 4/6/07, Bruce Ediger [EMAIL PROTECTED] wrote: On Fri, 6 Apr 2007 [EMAIL PROTECTED] wrote: ... moderate risk) environments, you need to remember: security is a measurement of risk. If the threat is low enough, then WEP should be fine. ... Wait just a minute. Do you propose to say that security is an economic good, with associated opportunity costs and benefits? But just the other day, all the anti-virus vendors and trade rags in the world seemed to say that security was binary, and on is the preferred state. What the sam scratch is going on around here? Do I have to make a tradeoff, again? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/