Home: www.packetnexus.com
Abstract: This aims to provide a detailed security howto for wireless networks.. Why wireless is an insecure medium inherently (broadcast nature) "15-mile sniff" example of San Francisco to Berkeley (Peter Shipley example) Peter Shipley conducted a proof of concept of associating with a standard desktop access point over 15 miles away across the SF bay, with a 24 dBi parabolic grid, and a powerful amplifier. Why people should be using these security measures on their wired networks and on the wired internet, and not just the wireless networks. Simple explanation of WEP problems (not the purpose of this text) Brute Force ~200 days on a laptop for 40bit WEP, and 10^19 years for 104-bit WEP Using vulnerabilities in the implementation of RC4 in WEP you need to collect a lot of packets to complete this crack. ~6 million to 10 million. For a normal home user this is over 1 month of activity. For a corporate wireless lan this is over a week (unless someone is doing some high traffic activity such as backups across the wireless lan). Using ping flooding to artifically generate more traffic (1 data byte ping packets) you can generate enough traffic in over an hour. This attack can be a completely passive attack. For tools search for AirSnort or WEPCrack on google or freshmeat. 40-bit WEP becomes 21-bit wep when using generated pass phrases. Tim Newsham's crack on passphrase generate WEP keys. Capture 20 packets, analyze for a couple of minutes, and you have the WEP key. The passphrase generated WEP keys are uses by vendors such as Linksys and DLink. Works on 128/104 and 64/40 bit WEP. (2^21 vs 2^40 = 2097152 possible combinations vs 1099511627776 possible combinations) http://www.lava.net/~newsham/wlan/ 40-bit WEP becomes less when using ASCII password (~62^5 vs 2^40 = 916132832 vs 1099511627776) http://www.cranite.com/wireless_card_install.htm for a list of the ASCII to hexadecimal conversion. Why you wouldn't use WEP in a public network. --Adam Shand the security implications of 802.11b are basically not an issue for what we're doing. i'm not sure how much detail you want on it but here's the real basics and feel free to ask for more detail. 802.11b has a protocol called WEP (which stands for wired equivlent privacy). wep was intended to give a wireless connection as much security as a normal wired (like traditial ethernet) connection. so basically you can control who connects, at a physical level, to your network. wep has been widely used by corporations to deploy access points in their corporate networks. this way you could deploy an access point inside your firewall without fear of someone sitting in the parking lot using it. the problem is that wep is an awfully written protocol. technically it has more holes in it then a seive and an hostile attacker can circumvent it on less then an hour with publically available tools. this really sucks for corporations who have deployed access points in this way because now they have a glaring security problem in the soft insecure part of their network. ... now, why don't i care? because we were never using wep. from a community networking point of view wep is useless, it uses a shared password so anyone who you want to give access to has to know the password, if you now want to revoke access from someone (lets say cause they did something bad on the network) you can do that without changing the password, which means that you break everyone else ... and all your ot