[CLUE-Tech] WEP security?
Sean LeBlanc
seanleblanc at americanisp.net
Sun Nov 17 16:44:30 MST 2002
I was trying to enable WEP on my laptop to discourage wardrivers or
neighbors from trying to hijack my wireless network, but the wicontrol(8)
man page says this...wicontrol is what is used on FreeBSD, BTW, to set up
wireless configuration.
I knew WEP was on shaky ground, but this makes it sound like cracking WEP is
trivial. Has anyone been cracked at work or at home, and if so, how did you
find out about it?
======
BUGS
The WEP encryption method has been broken so that third parties can
recover the keys in use relatively quickly at distances that are surpris-
ing to most people. Do not rely on WEP for anything but the most basic,
remedial security. IPSEC will give you a higher level of security and
should be used whenever possible. Do not trust access points or wireless
machines that connect through them as they can provide no assurance that the
traffic is legitimate. MAC addresses can easily be forged and should
therefore not be used as the only access control.
The attack on WEP is a passive attack, requiring only the ability to
sniff packets on the network. The passive attack can be launched at a
distance larger, up to many miles, than one might otherwise expect given a
specialized antenna used in point to point applications. The attacker can
recover the keys from a 128-bit WEP network with only 5,000,000 to 6,000,000
packets. While this may sound like a large number of packets, emperical
evidence suggests that this amount of traffic is generated in a few hours on
a partially loaded network. Once a key has been compro- mised, the only
remedial action is to discontinue it and use a new key.
See http://www.cs.rice.edu/~astubble/wep/wep_attack.html for details of
the attack.
If you must use WEP, you are strongly encouraged to pick keys whose bytes
are random and not confined to ASCII characters.
--
Sean LeBlanc:seanleblanc at americanisp.net
http://users.americanisp.net/~seanleblanc/
Get MLAC at: http://sourceforge.net/projects/mlac/
Computers make very fast, very accurate mistakes.
(contributed by Frank v Waveren)
More information about the clue-tech
mailing list