Re: WEP unsafe, shock horror

"mentalguy2004" <none@xxxxxxxx> wrote in
news:L64Si.92629$j16.68211@xxxxxxxxxxxxxxxxxxxx:

"Richard Perkin" <f000nurdle@xxxxxxxxxxx> wrote in message
news:5nron4FjqsuuU1@xxxxxxxxxxxxxxxxxxxxx
"mentalguy2004" <none@xxxxxxxx> wrote in
news:am1Si.28203$DB2.18652@xxxxxxxxxxxxxxxxxxxx:

I understood that router encryption (WEP, WPA etc) was designed
and used to stop people intercepting (sensitive) data between a
wireless PC and router, not to prevent other people using your
internet connection.
The requirement addressed by WEP, WPA and variants is for
*authentication* and *encryption*. Unfortunately, WEP is badly
designed and has serious weaknesses both in the authentication
mechanism and in encryption.

When a WEP-encrypted wireless network has been cracked, knowledge
of the WEP key allows an intruder to correctly authenticate and
associate with the access point, and with that to gain access to
other resources on the network. Where the network includes an
Internet connection (as it will do in the usual case of a
wireless router with a WAN connection to an ISP) then Internet
access is immediately available

OK, but with MAC filters in place, is it still the case that
someone can access the net through my wireless router, even if
they crack my WEP password?
Yes.
MAC address filtering is really useless - the MAC addresses of
devices on your network are present in every wireless transmission
to/from that device. They can be trivially read off the air. Once you
have a valid MAC address, you can set your PC (or whatever) to have
the same MAC address - that is, you can 'spoof' an allowed MAC
address. You can do this even under Windows - Google on "SMAC".

WEP is harder to crack, and provides a limited amount of protection.
It can however be readily cracked with readily available tools - see
the links in my previous post.

I was under the impression that *only* the PC's/laptops/PDA's that
I explicitly configure (by MAC address) in my router software, are
allowed to connect to my network/internet.
Correct. But discovering these MAC addresses is trivially easy, since
they are not encrypted - they are transmitted in the clear in every
frame. So it's a worthless technique.

I realise that if the
WEP is hacked, someone can intercept my uploads and downloads, but
I didn't think they could surf the net on my connection.
I think it's unlikely that someone will decrypt your traffic 'on the
fly' and intercept your data that way. It's much more likely that
they will use the ability to connect to your wireless router to gain
access to resources on your network. These include:
- 'free' Internet access
- access to shared files and indeed any system on your network. This
may require a little more cracking, but it's certainly possible.

Gaining 'free' Internet access is perhaps the most common use of
unauthorised access to an unsecured or weakly secured network.

The answer is to use a technique which provides strong authentication
and encryption. You should use the strongest technique available
across all devices on you network. On a home network, these are
likely to be:
- WPA2. Very strong, but not available on older hardware
- WPA-PSK. Very strong when used with a long (20+ character) non-
dictionary key.
- WEP. Weak, but better than nothing since it requires a deliberate
effort to crack it. It will prevent accidental connection. Use it
with the longest key length available across your devices, but only
when a stronger technique is not available.

Use the best of these which is available to you. Don't bother with
either MAC address filtering or with SSID 'hiding' - they really are
worthless. They may also give a dangerous false sense of security so
that you don't implement 'proper' security.

Hope this helps

--
Richard Perkin
To email me, change the <AT> in the address below
richard.perkin<AT>myrealbox.com

It's is not, it isn't ain't, and it's it's, not its, if you mean it
is. If you don't, it's its. Then too, it's hers. It isn't her's.
It isn't our's either. It's ours, and likewise yours and theirs.
-- Oxford University Press, Edpress News
.

Relevant Pages

  • RE: Multiple Connection Attempts to Home Wireless Network
    ... make connection attempts to any available wireless, ... Subject: Re: Multiple Connection Attempts to Home Wireless Network ... >Planning, Computer Emergency Response Teams, and Digital Investigations. ...
    (Security-Basics)
  • Re: Linksys WRT54G acts like a dumb hub, no DHCP or wireless capabilities
    ... laptop and the PC would lose connection with the router. ... Well, the results are the same: I can connect to the wireless network, ... but after about 10 minutes I will lose connection with the router. ...
    (alt.internet.wireless)
  • Re: Lan Wifi Network
    ... >knowledge of computer network... ... a wireless user has gone away. ... client software to do the job. ... connection which can be timed. ...
    (alt.internet.wireless)
  • Re: Wireless network, Bluetooth, and Home Networking
    ... notebook PC, together with a wireless network between the same ... connection to the PC, or loose the network connection PC to ... Your easiest bet is to purchase a wireless router - ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Activesync Kills Wireless
    ... Acer TravelMate 8104WLMi with Intel PRO/Wireless 2915ABG Network Adapter, ... NetGear RangeMax WMN802 Wireless Access Point ... I do have to repair the network connection as ... could install this driver. ...
    (microsoft.public.pocketpc.activesync)