Re: Vendors convert mnemonic WEP numeric key differently?

On 22 Jul 2005 21:33:40 -0700, "Ken" <kenandeva@xxxxxxxxx> wrote:

>Hi. I have a Westell 327W modem router. It works fine with the
>computer that is wired directly into it. I just bought a Linksys
>wireless usb adapter for another computer in our house. That worked
>fine, too. That is until I enabled WEP on the Westell. When I
>reconnected with the Linksys wireless and entered the WEP pass code,
>the access point was found with a strong signal, but it told me that I
>couldn't get access to the Internet connection.
>
>The Linksys phone help guy was very helpful and patient, but in the
>end, we couldn't figure out the problem. He speculated that maybe
>Westell and Linksys convert the mnemonic WEP passcode into a WEP
>numeric key differently. I couldn't figure out how to find the numeric
>key on the Westell, so this could not be verified. Has anyone ever
>heard of this being a problem?
>
>By the way, my work around fix was to just disable WEP and use MAC
>filtering instead, only allowing my Linksys wireless to use the Westell
>router. Does that still seem safe?

BAD IDEA. Spoofing MAC addresses is trival. All I need to do is
sniff your traffic, extract a valid MAC address, spoof it, and I'm on.

The problem with ASCII to Hex conversion has been discussed numerous
times in this newsgroup. The basic problem is that there are two
methods of converting from ASCII to Hex. In addition, since WPA keys
support unicode, some vendors have also added unicode support to WEP
using yet another alogrithm. Microsloth XP SP2 Wireless Zero Config
only supports one conversion routine. As a result, XP SP2 WZC will
sometimes fail to associate with an ASCII key. If you use a Hex key,
it will work every time. (Yeah, I know it's long and ugly).

Part of the problem is also that XP SP2 WZC does not properly report
the failure mode. It proclaims "connected", followed by "Aquiring IP
Address (or something like that). It sits there for about 45 seconds
doing nothing, and finally barfs a "Limited Connectivity..." error
message. None of the aformentioned offer a clue that a WEP encryption
key exchange has failed. Of course, there are no useful diagnostics
or logging. Idiots.



--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831.336.2558 voice http://www.LearnByDestroying.com
# jeffl@xxxxxxxxxxxxxxxxxxxxxx
# jeffl@xxxxxxxxxx AE6KS
.

Relevant Pages

  • Vendors convert mnemonic WEP numeric key differently?
    ... I just bought a Linksys ... wireless usb adapter for another computer in our house. ... That is until I enabled WEP on the Westell. ...
    (alt.internet.wireless)
  • Re: SBS2K and Wi-Fi
    ... Dlink and SMC were MUCH better than Linksys. ... RADIUS and VPN in lieu of WEP and actually get better security....setting ... > I cannot say I have any experience with Linksys wireless. ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: Netstumbler no wireless adapter found (again)
    ... I'm not using WEP, but WPA with a non-shared key, and I'm not broadcasting ... as long as I use the Linksys ... software to temporarily connect to a non-existent network with a blank SSID. ... PDA also on the wireless only does wep).. ...
    (alt.internet.wireless)
  • Re: Choice of wireless adapter: Netgear or Linksys, USB or PCI, security?
    ... > with my new housemates (previously, I just had a Linksys wireless router ... > 1) Linksys or Netgear? ... > should I tell them to enable WEP anyway? ...
    (alt.internet.wireless)
  • Re: SBS2K and Wi-Fi
    ... > Dlink and SMC were MUCH better than Linksys. ... > RADIUS and VPN in lieu of WEP and actually get better security....setting ... >> I cannot say I have any experience with Linksys wireless. ...
    (microsoft.public.backoffice.smallbiz2000)