[CLUE-Tech] WEP security?

Sean LeBlanc seanleblanc at americanisp.net
Tue Nov 19 12:45:00 MST 2002 

On 11-19 11:51, Adam Bultman wrote:
> 
> A few friends and I recently set up a WAP near a local coffee shop (2nd
> floor apartment, kitty corner form the coffee shop).
> 
> We get weak, although usable connections at the coffee shop, and try not
> to attract too much attention. We use 128bit WEP encryption, and for the
> most part, everything we use is either SSL or SSH encrypted/protected.
> However, I still don't trust traffic.  One individual that came to the
> coffee shop (who later would don a  "Phone Losers of America" shirt) said
> he would "Break WEP in a few hours, then spoof my MAC address and use the
> connection"

If I was in your situation, I'd certainly be using IPSec (I don't know how
to set it up, but I'd get through it somehow, I guess). Especially after
this individual TOLD you his intentions. 

My question is, what kept you from placing your hands around his neck, and
wringing it? It's bad enough when someone is skulking around doing something
like this, but to proudly announce to you that he's going to steal from you?
I'd have a hard time not getting physical... :) 

BTW: can you spoof MAC addresses with IPSec? Does IPSec have weaknesses that
can be exploited?

> While I don't think a barely used wireless network could be hacked in a
> 'few hours' (the PLA shirt made me even MORE skeptic - the only phone
> losers I know mostly skulk around college campuses and steal things) I DO
> rotate my keys on a regular basis.

What is a phone loser? I know what a phreaker is, but I'm not familiar with
this term.

> One thing that I DONT know, is why does it make like, 6 keys, when I can
> only use the first one? How dumb is that? "Sure, you can use this key, but
> it's not gonna work. That one's for show".

I don't understand that, either. Maybe you can rotate them on the client w/o
having to change the WAP? If they are nearly plaintext, it seems futile,
anyway.

-- 
Sean LeBlanc:seanleblanc at americanisp.net  
http://users.americanisp.net/~seanleblanc/
Get MLAC at: http://sourceforge.net/projects/mlac/
Computers are machines for amplifying human error. 
(contributed by Frank v Waveren)

More information about the clue-tech mailing list