I have heard that WEP is exploitable but WPA is not, is this true? A coworker claims regardless of what bit security a WEP device has, his linux box can "tap into it".
Printable View
I have heard that WEP is exploitable but WPA is not, is this true? A coworker claims regardless of what bit security a WEP device has, his linux box can "tap into it".
If you can support WPA, you should use it as WEP is trivial to break with enough time to
gather enough packets for a proper guess.
WPA is still in interim status while a better methodology is developed. AFAIK
Also keep in mind, WPA implementations are not all the same and some devices can
have a hard time talking to other WPA devices. I have not experienced any problems but
have read about several.
With wireless, I don't consider any secure enough not to worry.
Consider adding a VPN tunnel to your wifi if you are a privacy freak.
wildred, good question. I'm just getting into wireless routers myself and in looking for an answer for you, I got some answers myself :D . Anyways, here's a link that explains in depth the differences between WEP and WPA. Check it out, see if it answers your question.
http://www.nwfusion.com/columnists/2...19wizards.html
WPA is *much* better than WEP because (at least with Cisco gear using their ACS device) you can configure a dynamic key exchange to take place every 15 seconds or so. You'll never be able to break that. Then we use AD on the backend to do the authorization. You can use RADIUS or other auth servers but you get the idea. The frontend authentication and key exchange process which happens between the host and the WAP of course happens first. This is a two-way authentication process. Thus far, we've been unable to interfere with this architecture but we're far from giving up. So you see, a simple WEP key setup vs a robust WPA setup (Cisco EAP-FAST in my case) can't compare.
Anyway, FWIW.
--TH13
Wow 15 seconds, very cool.Quote:
Originally posted here by thehorse13
Then we use AD on the backend to do the authorization. You can use RADIUS or other auth servers but you get the idea.
--TH13
Hey do you use IAS for the auth to AD or another tool?
Good Day All,
I was just reading up on WEP the other day and the run-of-the-mill WEP allows 10,000 packets to pass before any key exchange. The TH13's 15 seconds for WPA would definitely be the way to go.
cheers
We have the Cisco ACS unit handle the authorization interface with AD. IAS was evaluated but the Cisco device was selected for continuity of design (not to mention it's bulletproof).Quote:
Wow 15 seconds, very cool.
Hey do you use IAS for the auth to AD or another tool?
have a look at this one. might help answer some stuff.
Dispelling the Myth of Wireless Security
http://www.oreillynet.com/pub/a/wire...ap1/index.html
Can you throw a model number out there so I can check it out.Quote:
Originally posted here by thehorse13
We have the Cisco ACS unit handle the authorization interface with AD. IAS was evaluated but the Cisco device was selected for continuity of design (not to mention it's bulletproof).
Love to bring one in to review.
Sure, I have 1200 series (and a few shitty 340s) WAPS all managed by this:
http://www.cisco.com/en/US/products/sw/cscowork/ps3915/
This includes batch IOS updates, dynamic ACL changes in the event of a threat, system and WAP infoz, etc.
The actual auth component is this:
http://www.cisco.com/en/US/products/...338/index.html
It talks to AD and decides what boxes/networks you can get to.
That should keep ya busy for a while. ;)
yea def agree that wep is alot more insecure than wap, i like your setup there horse with the cisco gear, wep you can defeat actaulty very quickly, ive done it on my laptop, when a computer wants to associate with a router it sends an associate frame to it, when it wants to disassociate it sends a disassociate frame, you can actually steal a wep key by sending disassociate frame from the your wardriving laptop and then send a associate frame and you got yourself a wep key, if that doesnt work then you gotta sit around for a couple days and wait for enough packets, i tested and got it to work with airsnort but the file was 20mb of packets, the tool described above i believe is monkey jack, it was quite hard to get it to configure with my laptop (alot of editing and frustration) there is also a perl script out there called wepcrack.
Yes, there are many, many toolz out there of similar capabilities. This was the driving force to switch to a far superior auth scheme than WEP. We showed that we could get onto any WAP in a matter of minutes using the technique you have described (disassociate frame attack).
If I happen to be wrong please correct me, but to my knowledge there still is not a WPA cracking tool available for download.
Merlin
I haven't seen one that is legit.
i have to find a tool to crack wap either, but then again there is always the tool of social engineering :D the weakest link is the human
isn't the big issue with cracking WEP that you need to capture and collect a lot of packets. people tend to notice when you are parked in front of thier house for 3 days straight.
That is one way to do it. There is a much more efficient way (that came about later) to get the WEP key without sitting there with airsnort for days - disassociate frame attacks.
yea that is true, waiting for like three days is pretty obvious, what i was just talking about the disassociate and associate attacks are much faster, if not that then maybe if you could close enoug h to the target, such as here i have three wireless ap's outside my window, so its easy to get packets with no problem minus the obviousness
i wonder is there are apps out there that can detect W-NIC's opearting in promicuous mode.???
yea there are programs to detect nics in prom mode. effective way of keeping people out is also mac filter, but this depends, if the attacker can mac clone and get the mac of your ap and clone to that ap's mac and still gain access, this just adds another step to trying to get in. unless he/she is determined.
I did'nt quite get the hang of what wpa actually was however i do know that virtually every wep protected network can be "cracked" with a little time and a computer. It doesent matter if its a 64 bit encryption or a 256 bit, Since most wep crackers out there today scan for packages wich are weak. In other words they sort out packets leaking info about the wep key. Even the slightest bit of info about the wep key will speed up the "cracking" process. With own experience i can say it's not easy but it's possible. Anyone who really wants to acess a wep protected network can do so with minimal effort. It's just to wait for the gathering of the packages to finish and then start cracking them. Time is the answer to this question.