Jim Thompson wrote:
First off, Kudos to you for not taking the parrot's word for it, and testing the methods yourself. This is the right way to look at the world, in my humble (yet accurate) opinion. Having done the same thing myself in the past, I can say that your initial assertions are correct - on your average residential network, with passive methods, it can take a long time to crack a WEP key. On the other hand, on a very busy network, or if you consider the possibility of injection, things change very quickly.Hi all,
I've seen several posts to the effect of "never use WEP because it's incredibly easy to break". To test this, I've been using Airsnort to monitor my own 128-WEP network at home. I've been capturing packets for awhile now and have only one "interesting" packet. This link:
http://www.knoppix-std.org/forum/viewtopic.php?t=1714
seems to say similar things: guy captures millions of packets and gets
only one "interesting" one. Has anyone actually *used* Airsnort or
some other sniffing tool to successfully crack a 128bit WEP-enabled
wireless link before (and not just "I've heard it's really easy to
kr4ck LOL")? How long is a practical window on a home connection
before enough "interesting" packets get collected (even assuming that
the network is relatively busy instead of idle most of the time)? Is
the risk of a neighbor cracking your WEP really practical? Certainly,
if it takes days or weeks to get enough packets, that sort of rules
out the casual wardriver, right?
I have tinkered with this method under KisMac, for OS X, and it requires two wireless NICs in the same box. I haven't tried it under Linux with AirSnort, but I'd be really surprised if AirSnort didn't support something along the same lines in terms of functionality. Here's an excerpt from the KisMac docs that describes how it works:
Packet reinjection is a very advanced WEP cracking technique. Be aware that this is the bleeding edge of technology, so it might not be working right away. When you use this attack, KisMAC will try to find packets, that cause another computer to respond. The program will now send these packets over and over again. If KisMAC detects answers, it will go into injection mode. Now the network will generate huge amounts of traffic, and more weak frames will be generated. Wireless networks with WEP can be broken within an hour.I have successfully broken a network or two with this method, but it was probably a year ago when I was trying it. Since then I've upgraded OS X to 10.3.x, and my second wireless NIC is not supported (yet). So I lack the ability to play with this currently.
Please be aware that all detections are of a heurisitic nature, therefore it might not always be working.
*Note: Packet re-injection requires a PrismII as well as a Apple Airport card. Make sure that the PrismII card uses the latest firmware. Please select the Viha Driver in the preferences, the MACJack driver will be loaded automatically. Also make sure that you do not use channel hopping.*
My current project isEnd-run or not, you should often do what works best. Linux is a powerful tool, but don't neglect to use the right tool for the right job.
to put a *BSD box in between the wireless router and the internet/LAN
access, but that's kind of an end-run around getting Linux wireless to
be more secure.
Aaron J. -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
