Re: Intruder in my wireless network? / intrusion detection programs

[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

In <da3dj3-t27.ln1@xxxxxxxxxxxxxxxxxxx> on Thu, 11 May 2006 22:00:28 -0300,
Derek Broughton <news@xxxxxxxxxxxxxx> wrote:

Rico wrote:

The sun could explode also, what are you doing about that?

That's somewhat like saying, we're all going to die anyway, and the risk is
low, so why not smoke? Or not wear a seatbelt.

Let's leave off the logical fallacies. I can't do anything about the sun
exploding (though there is a prof. in California who's working on the
problem) while I _can_ do something about wireless network hacking.

Indeed, and it's not terribly hard, so not doing it makes no sense.

And yet, you can't show wher ethis has ever happened can you. Using the
dogs name or the word cat or even a single letter.

Actually, (a) you never asked for examples where it had happened to me or
anyone else on the group, and (b) you didn't ask _me_ to provide
citations - you asked John. I can, in fact, say it _hasn't_ happened to me.

That's hard, if not impossible, to say with any real certainty -- experts
agree that the great majority of intrusions go undetected. Even though my own
security is very robust, I would only say that I don't *think* it's ever
happened to me.

I'm not even very concerned that it _will_ happen to me.

Likewise, but only because I have very robust security.

It's just plain
insane not to take basic precautions - which means a reasonable secure,
non-dictionary, password if you use WPA. I agree that you _don't_ need to
go so far

Since WEP is pretty much worthless, I personally think WPA should always be
used with a strong passphrase. Since takes only a small amount of effort to
generate and use a truly strong passphrase (e.g., seven or more diceware
words), it makes no sense to set the bar lower ("reasonable secure").

Back this up with a single documented instance of even minimal security
being applied to a home network and it being hacked. Not asking for two,
just a single one. The boogie man is not hidden behid the tree in your
back yard.

<http://www.lanarchitect.net/Articles/Wireless/SecurityRating/>:

Level 1: Home and SOHO WLAN security

Unfortunately, many home users are either using some old equipment,
old drivers, or older operating systems that don't natively support
WPA so they are still using WEP if anything at all. WEP encryption
was thought to be good for a week for most light traffic home
wireless networks because the older WEP cracking tools needed 5 to 10
million packets to recover a WEP key, but the newest WEP cracking
techniques can break WEP in minutes. Even if there isn't that much
traffic, the attacker now has ways to artificially generate traffic
and accelerate WEP cracking. Because of this, consumers should avoid
any product that doesn't support WPA TKIP mode at a minimum but
preferably WPA AES capable or WPA2 certified devices. If they have
WEP only devices, check with the vendor to see if there are any
firmware and/or driver updates that will upgrade the device to WPA
mode. If not, anyone who cares about privacy should throw out those
devices. As harsh as that may sound, it is comforting to know that
newer Access Points and Client Adapters that do support WPA can be
purchased for as little as $30. Client side Wireless LAN software
(officially known as Supplicants) also need to be updated to support
WPA or WPA2. Windows XP SP1 with the WPA patch can suffice, but
Windows XP SP2 is highly recommended.

--
Best regards, SEE THE FAQ FOR ALT.INTERNET.WIRELESS AT
John Navas <http://en.wikibooks.org/wiki/FAQ_for_alt.internet.wireless>
.

Relevant Pages

  • Re: Intruder in my wireless network? / intrusion detection programs
    ... a modicome of security enabled. ... Since WEP is pretty much worthless, I personally think WPA should always be ... WPA so they are still using WEP if anything at all. ... newer Access Points and Client Adapters that do support WPA can be ...
    (alt.internet.wireless)
  • RE: Cracking WEP and WPA keys
    ... Has anyone tried cracking WEP with a Cisco 1200AP? ... Subject: Re: Cracking WEP and WPA keys ... >Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, ...
    (Pen-Test)
  • Re: Very simple request on Linksys.
    ... telling me that WEP is more secure than WPA? ... > your house with a lab environment just to break your encryption? ... >>I looked up your router, and it supports 128 bit WEP, not WPA. ...
    (comp.security.firewalls)
  • Re: Safe to use https over unsecured wifi hotspot?
    ... Both WEP and SSL uses the RC4 encryption algorithm.. ... shared secret session key and sends tot he server encrypted withe the ... server's public key obrtained from the certificate - as long as the ... known feasible attack is when using WPA with a PreShared key - it is ...
    (alt.internet.wireless)
  • Re: Very simple request on Linksys.
    ... telling me that WEP is more secure than WPA? ... Why not do it with WPA? ... > as WPA encryption. ... >>I looked up your router, and it supports 128 bit WEP, not WPA. ...
    (comp.security.firewalls)
Loading