WEP security question

harsaphes

harsaphes

Supreme [H]ardness
Joined
Aug 29, 2005
Messages
5,330
Ok. After having windows search for wireless networks, i got to wondering about WEP keys and security. If someone is able to defeat my wep key, is that person than able to access files and folders on my computer or only able to leach off of my connection?
 
if they break your WEP key they will have full access to any resources that your wireless device can connect to including shared folders, printers and internet connection

A few security measures everyone should take:
1) disable the SSID Broadcast, this will make your network harder to detect for would-be hackers
2) run 128-bit encryption with a strong password (no dictionary words or common phrases)
3) use MAC-Address filtering to only allow preconfigured mac addresses to connect to your network
 
compslckr said:
if they break your WEP key they will have full access to any resources that your wireless device can connect to including shared folders, printers and internet connection

A few security measures everyone should take:
1) disable the SSID Broadcast, this will make your network harder to detect for would-be hackers
2) run 128-bit encryption with a strong password (no dictionary words or common phrases)
3) use MAC-Address filtering to only allow preconfigured mac addresses to connect to your network
Click to expand...

Are you actually serious? If they're going to go to the trouble of cracking encryption, non-broadcasting SSID and MAC filtering is going to be trivial to get around. Don't bother with these - they just waste your time and make your WLAN more difficult to manage. Additionally, they're not going to have access to shared resources unless those resources are available to unauthenticated guests; they're just going to leech your internet connection. Unless you're running with an unpatched vulnerability, they're not compromising your computer.

OP - Enable 128bit WEP encryption. Better yet, use WPA if at all possible.
 
Hrm.......here's the thing about wireless security , and I say this from personal experience testing my own networks.

While wpa and wpa2 will provide a modicum of security , If somebody wants in , they will get in.

Cracking WEP is just slightly more work than changing the mac addy of a wifi card , and getting thru WPA is only a matter of time ...... :p

here's the thing tho ; If you just want to provide a basic lockout for the 99% of uneducated users who might try for free wifi , Just put a MAC filter on , dun even bother with WEP.It'll just slow the connection down.
 
BrainEater said:
Hrm.......here's the thing about wireless security , and I say this from personal experience testing my own networks.

While wpa and wpa2 will provide a modicum of security , If somebody wants in , they will get in.
Click to expand...

Care to back up cracking WPA2 with actual programs and examples? How complex were the pass phrases?
 
da sponge said:
Care to back up cracking WPA2 with actual programs and examples? How complex were the pass phrases?
Click to expand...

I would also like to see this...
from my understanding wpa/wpa2 is uncrackable with a random character passcode over 22 characters. Like all the computers on earth needing more time than the age of the known universe to crack.
 
BrainEater said:
Hrm.......here's the thing about wireless security , and I say this from personal experience testing my own networks.

While wpa and wpa2 will provide a modicum of security , If somebody wants in , they will get in.

Cracking WEP is just slightly more work than changing the mac addy of a wifi card , and getting thru WPA is only a matter of time ...... :p

here's the thing tho ; If you just want to provide a basic lockout for the 99% of uneducated users who might try for free wifi , Just put a MAC filter on , dun even bother with WEP.It'll just slow the connection down.
Click to expand...


how does having WEP, slow your connection down?
 
harsaphes said:
Ok. After having windows search for wireless networks, i got to wondering about WEP keys and security. If someone is able to defeat my wep key, is that person than able to access files and folders on my computer or only able to leach off of my connection?
Click to expand...

That depends on how your network and sharing is setup. If you have wide open, simple file sharing...the answer is "yes". If you've setup your network using accounts for share permissions...the answer will start going towards "no"...with a solid "no" if you've done it correctly.

WEP is said to have higher overhead than WPA. Why not use WPA? It's much more secure, easier to setup, and less slowdown than WEP. Three good reasons to use it.
 
da sponge said:
Care to back up cracking WPA2 with actual programs and examples? How complex were the pass phrases?
Click to expand...

Nope.

Never tried it.....Even if I had , I would certainly not provide examples and programs.

Posts about Cracking anything are 'verboten' here at [h]forums so I won't go into it.

However , any good discussion about wireless security requires at least a basic rundown.
--------------------

WPA /WPA2 is not 'crackable' per se , however ,it's not bulletproof....In any case where I actually needed strong encryption like WPA2 , I'd avoid the wireless and plug in the damn cat5. :p
 
CyByte said:
How do you set up the sharing so it's safer then open sharing?
Click to expand...

Never leave the Administrator account with a blank password..this should be standard practice anyways, as lots of malware can install itself based on this assumption. People can get easy access to your C$ also if you leave it blank.

And "disable" simple file sharing in WinXP...do it the old fashioned way...create "local users" that match the logon user/password of the "other" workstations on your network..and in the security/NTFS section of your sharing...share only to the local users group, system, and Administrator. And remove the "everyone" group. Same method we used in the Win2KPro and NT4 days.
 
YeOldeStonecat said:
Never leave the Administrator account with a blank password..this should be standard practice anyways, as lots of malware can install itself based on this assumption. People can get easy access to your C$ also if you leave it blank.

And "disable" simple file sharing in WinXP...do it the old fashioned way...create "local users" that match the logon user/password of the "other" workstations on your network..and in the security/NTFS section of your sharing...share only to the local users group, system, and Administrator. And remove the "everyone" group. Same method we used in the Win2KPro and NT4 days.
Click to expand...

I wasn't networking much in those days. Does anyone have a website that can take me there so I can learn how to do this?

I'd like to set it up with WPA2 and it has to work with OS X. Not sure how to set them up yet.
 
BrainEater said:
here's the thing tho ; If you just want to provide a basic lockout for the 99% of uneducated users who might try for free wifi , Just put a MAC filter on , dun even bother with WEP.It'll just slow the connection down.
Click to expand...

The suggestion is the MAC Filtering will be a stronger defense than WEP? or WPA2 as well?

How do you protect from wireless MAC address being sniffed?
 
Last edited:
Two more passive measures:
1. Lower the transmitting power to reduce unintended leaks
2. Turn WiFi off whenever not in use (same as not using WiFi or hook up CAT5)
 
WEP can be broke in 20 minutes.

WPA and WPA2 can be cracked if the password is in the dictionary file and the password is less than 63 characters, if you can somehow get a 64 character password on your router good chance it won't ever be hacked.

Many routers are vulnerable to cross site scripting - no one will probably even attempt this.

Last but not least if the WAP supports WPS and it is enabled, it can be hacked, no matter what encryption you use.

Also there are many man-in-the-middle attacks to get passwords....... But you will probably notice someone doing this.
 
Tee said:
Last but not least if the WAP supports WPS and it is enabled, it can be hacked, no matter what encryption you use.
Click to expand...

That's not necessarily true. The reason WPS is vulnerable to attack is that the first four and last three digits of the WPS pin are authenticated separately. With a reasonably intelligent method of guessing (as in, just make sure the guesses are distinct and you'll be golden), it will only take 11,000 or fewer guesses to break the PIN.

However, that's assuming the router will always respond to validation attempts immediately and will never require any sort of cool-down after a sufficient number of bad attempts. All the router needs to do in order to cover up this hole left by poor design is to temporarily disable WPS after a certain number of failed authentications.
 
Dogs said:
That's not necessarily true. The reason WPS is vulnerable to attack is that the first four and last three digits of the WPS pin are authenticated separately. With a reasonably intelligent method of guessing (as in, just make sure the guesses are distinct and you'll be golden), it will only take 11,000 or fewer guesses to break the PIN.

However, that's assuming the router will always respond to validation attempts immediately and will never require any sort of cool-down after a sufficient number of bad attempts. All the router needs to do in order to cover up this hole left by poor design is to temporarily disable WPS after a certain number of failed authentications.
Click to expand...



You pretty much clarified what he said with regards to enabling WPS making the wireless router weaker. Out of 11,000 possible combinations the general rule of statistics and brute forcing is you'll likely find the right combination in half. So more realistically it's only 5,500 possible combinations, something that can and has been easily automated.

The system is so bad and broken that it's hardly in use anymore as a feature on the router, let alone companies wasting their time implementing a safe lockout period, which doesn't exist on a broken system. Doesn't matter if they limit the attempts, eventually they'll get in because it's such a tiny number of possibilities. Plus most cracking software is purely automated so it really is no bother to whomever is cracking it.


All Hail the Necromancer mewa!
 
This entire thread is full of misinformation and terrible advice.

Do not use WEP. Ever.
Do not use MAC filtering. It's useless if someone wants in, and it makes your life more difficult managing MAC addresses.
Non-broadcast SSIDs give you the semblance of security when it's just obscuring your SSID. Someone sniffing the frequencies will find your 'blank' SSID.

DO use WPA2 at the very least. Strong password. WPA if you *must*.
DO monitor your DHCP/ARP table to suspicious entries.
DO not listen to anyone who says anything less is 'fine'.
 
Dark Shade said:
This entire thread is full of misinformation and terrible advice.

Do not use WEP. Ever.
Do not use MAC filtering. It's useless if someone wants in, and it makes your life more difficult managing MAC addresses.
Non-broadcast SSIDs give you the semblance of security when it's just obscuring your SSID. Someone sniffing the frequencies will find your 'blank' SSID.

DO use WPA2 at the very least. Strong password. WPA if you *must*.
DO monitor your DHCP/ARP table to suspicious entries.
DO not listen to anyone who says anything less is 'fine'.
Click to expand...

6 years ago, when this thread was started, the advice in it was generally accepted as "ok".
 
Even 6 years ago, WEP was garbage. Even without WEP, the other advice was sketchy at best.
 
Dark Shade said:
DO use WPA2 at the very least. Strong password. WPA if you *must*.
Click to expand...

WPA1 is only 'theoretically' weak if used with TKIP. WPA1+AES is still completely unbreakable as far as I know. Haven't been keeping up on the latest info but i'm relatively certain that's still accurate.
 
Dark Shade said:
Even 6 years ago, WEP was garbage. Even without WEP, the other advice was sketchy at best.
Click to expand...



6 years ago WEP only routers and devices were heavily prevalent though, thus the advice was about as best as you could offer based off the first and second replies.
 
re-reading my post from 6 years ago made me chuckle a little bit.

There are still plenty of wep networks out there. I stumbled across this gem the other day...

0d1MZRz.jpg
 
BrainEater said:
I have not recently re-qualified on my WEP-smashing badge , but considering what I've seen recently , 30 seconds is probably slow.

:D
Click to expand...

I guess I am confused because unless it is an ultra small key, you still need to catch packets to get the password :D

Unless I am missing some super new utility in the world to hack WEP.
 
This thread is very relevant to SOHO info security today. My field is not networking but because of technical background I was asked as a favor to research on security measures a small non profit can implement (i.e. not costing $$), made a list of to do and now I am discovering some of the measures are actually irrelevant even counter productive.

The original question touched on was what can be lost after a breach through wireless (conditional exposure), and the OP concluded at the point all there is to lose after wireless encryption was cracked is the bandwidth, local assets cannot be compromised, given no unauthorized access on the boxes.

I am not sure if this is true because the breach was through wireless, or this is true for attacks through wired as well. In either case, the exposure would be considered small and not worthy of any security measures beyond a pro/consumer router.

But if it is not, what other measures that can be implemented to enhance wireless or general security.

So if no one is willing to discuss, I will just create a new thread. Thanks for all the valuable inputs.
 
Tee said:
I guess I am confused because unless it is an ultra small key, you still need to catch packets to get the password :D

Unless I am missing some super new utility in the world to hack WEP.
Click to expand...

New? No.

aireplay
 
has anybody here actually tried to crack a 128-bit WEP key? using a key not generated by some crappy builtin generator that gens a key from a simple passphrase like the 'ol netgear/linksys used to have like 10 years ago?

i actually have... and because my router didn't take to packet injection too well, i would have basically had to transfer terabytes worth of data over my wifi for there to be enough data for a brute force... if somebody wants to log my traffic for weeks and weeks (honestly i dunno that i'd transfer a terabyte of data over wifi in a year...98% of my traffic at my house is through wires...)

then lol, go for it....


that said, i use WPA2 at the house, but honestly, a lot of the WEP hate is mostly fud and security drivel regurgitated over and over again, unless there's been another vulnerability found that i don't know about recently....

if you're really concerned about wireless security affecting your home network, you should really just run your wireless on another network without routes to your home network, or whichever firewall you're comfortable with using...
 
goodcooper said:
has anybody here actually tried to crack a 128-bit WEP key? using a key not generated by some crappy builtin generator that gens a key from a simple passphrase like the 'ol netgear/linksys used to have like 10 years ago?

i actually have... and because my router didn't take to packet injection too well, i would have basically had to transfer terabytes worth of data over my wifi for there to be enough data for a brute force... if somebody wants to log my traffic for weeks and weeks (honestly i dunno that i'd transfer a terabyte of data over wifi in a year...98% of my traffic at my house is through wires...)

then lol, go for it....


that said, i use WPA2 at the house, but honestly, a lot of the WEP hate is mostly fud and security drivel regurgitated over and over again, unless there's been another vulnerability found that i don't know about recently....

if you're really concerned about wireless security affecting your home network, you should really just run your wireless on another network without routes to your home network, or whichever firewall you're comfortable with using...
Click to expand...

You shouldn't comment about the security of WEP if you aren't up to date on the actual security involved. WEP encrypted networks can have their key compromised within minutes if not in under a minute by an experienced attacker, and you don't have to be transferring data for an attacker to get it.

There's a reason why a product can no longer have the 'WiFi' certified alliance sticker on it if it contains WEP or TKIP. It's not because of FUD as you suggest.

*EDIT*
just for giggles I did a quick 30 second google search. Here's WEP cracked in under a minute.....the year was 2007.

http://www.wi-fiplanet.com/news/article.php/3670601
 
Last edited:
mewa said:
This thread is very relevant to SOHO info security today. My field is not networking but because of technical background I was asked as a favor to research on security measures a small non profit can implement (i.e. not costing $$), made a list of to do and now I am discovering some of the measures are actually irrelevant even counter productive.

The original question touched on was what can be lost after a breach through wireless (conditional exposure), and the OP concluded at the point all there is to lose after wireless encryption was cracked is the bandwidth, local assets cannot be compromised, given no unauthorized access on the boxes.

I am not sure if this is true because the breach was through wireless, or this is true for attacks through wired as well. In either case, the exposure would be considered small and not worthy of any security measures beyond a pro/consumer router.

But if it is not, what other measures that can be implemented to enhance wireless or general security.

So if no one is willing to discuss, I will just create a new thread. Thanks for all the valuable inputs.
Click to expand...

If someone is on your network, they are on your network. They would then be free to attack other machines on your network, perform denial of service attacks against your network services, etc etc etc. If you wouldn't let a hacker plug his computer in to one of your network switches in your house, why would you want him on your wireless?

Unless you have your wireless network segmented by a firewall, being on wireless is the same as being on the wire as far as hacking goes.
 
Eickst said:
If someone is on your network, they are on your network. They would then be free to attack other machines on your network, perform denial of service attacks against your network services, etc etc etc. If you wouldn't let a hacker plug his computer in to one of your network switches in your house, why would you want him on your wireless?

Unless you have your wireless network segmented by a firewall, being on wireless is the same as being on the wire as far as hacking goes.
Click to expand...



WEP is easily crackable. Google cracking tools for WEP.... you'll probably have cracked the password 10 minutes later.

WPA is reasonably crackable if: The network was secured with a weak password or you have special GPU accellerated cracking tools. You need knowledge here to crack WPA. Instant tools..no brainer tools are not the norm for cracking WPA.

WPA2 when used with a 8+ Alpha,Numerical non dictionary passphrase is rather hard to crack. (probably impractical to crack) Installing a worm on the network is probably easier.
 
You must log in or register to reply here.
Back
Top