StarDestroyer.Net BBS

Get your fill of sci-fi, science, and mockery of stupid ideas
http://stardestroyer.dyndns-home.com/

New Wireless card and Ethics.

http://stardestroyer.dyndns-home.com/viewtopic.php?t=66075

Page 2 of 2

Posted: 2005-04-07 09:41pm
by Spacebeard
Arrow Mk84 wrote:
I tracked down my coworker (who's now with another company) and had him comment on my post and yours. His reply:
He is more or less correct. The amount of time that passes is not correct. And all IV’s are weak. They are just too few bits. And once you have two of the same IV’s you also have user-defined part of WEP, since the user-defined part of WEP never changes. WEP key is both the IV and the user side.
That's correct. However, there are some IVs which are weaker than others and subject the RC4 cipher to various attacks which make it easier to recover the static key.

See here, for example.

So, yes, my statement was oversimplified, but its not going to take days to break into a wireless network.
Your information is completely consistent with what I said, which was "from hours to days, depending on the amount of traffic". Note the sentence below:
A busy access point, which constantly sends 1500 byte packets at 11Mbps, will exhaust the space of IVs after 1500*8/(11*10^6)*2^24 = ~18000 seconds, or 5 hours. (The amount of time may be even smaller, since many packets are smaller than 1500 bytes.)
It might be better to express this in terms of a number of packets you must collect. Assuming that the implementation chooses a new IV after every packet, as it should, then the upper limit for the packets you need to collect is 2^24. The quotation above tells us that this will take at most five hours on a fully utilized network. If the network has very little traffic, then you will need to wait longer to collect enough packets. In the paper I cited, the author reports needing between 500,000 and 2,000,000 packets to crack WEP.

Posted: 2005-04-08 02:01am
by InnocentBystander
Dahak wrote:
InnocentBystander wrote:Personally, if they are transmitting openly, and I need a connection, I'll leech, but you know, just be nice and don't download a lot of stuff or poke around on their network. I like to leave my wireless router free, even if there were people close enough, it's a nice service to offer others at no cost to you. As long as no one is harmed, everything is cool. I'll be glad to sacrifice a small precentage of my connection so someone visiting can browse the web or play an online game while they are around. Even if someone wanted to use my connection, rather than pay for their own service, I really don't see the harm unless I'm seriously impacted.
It would bring you in a bit of legal stress if someone were using your net to do illegal stuff, wouldn't it?
I guess it's possible, but I think you are more likely to die in a plane crash, than run into troubles because someone was doing something very illegal while leeching off your wireless access point.

Posted: 2005-04-08 07:16am
by Spacebeard
InnocentBystander wrote:
Dahak wrote:
InnocentBystander wrote:Personally, if they are transmitting openly, and I need a connection, I'll leech, but you know, just be nice and don't download a lot of stuff or poke around on their network. I like to leave my wireless router free, even if there were people close enough, it's a nice service to offer others at no cost to you. As long as no one is harmed, everything is cool. I'll be glad to sacrifice a small precentage of my connection so someone visiting can browse the web or play an online game while they are around. Even if someone wanted to use my connection, rather than pay for their own service, I really don't see the harm unless I'm seriously impacted.
It would bring you in a bit of legal stress if someone were using your net to do illegal stuff, wouldn't it?
I guess it's possible, but I think you are more likely to die in a plane crash, than run into troubles because someone was doing something very illegal while leeching off your wireless access point.
It depends on what you mean by "trouble". You could easily have your account terminate by your ISP if someone sends spam through your network, for example.

Posted: 2005-04-08 10:00am
by Stark
Woo! With my newfound knowledge of cryptography, the weaknesses of WEP are pretty critical. Depending on what cipher they use, getting the key wouldn't take too long if you really wanted, and further captures just make it easier.

Who thought I'd learn anything new at university? :)

Posted: 2005-04-08 12:15pm
by InnocentBystander
Spacebeard wrote:
InnocentBystander wrote:
Dahak wrote: It would bring you in a bit of legal stress if someone were using your net to do illegal stuff, wouldn't it?
I guess it's possible, but I think you are more likely to die in a plane crash, than run into troubles because someone was doing something very illegal while leeching off your wireless access point.
It depends on what you mean by "trouble". You could easily have your account terminate by your ISP if someone sends spam through your network, for example.
I had something like that happen acutally, I was playing around with a linux machine acting as server and during a vacation someone had hijacked it and was using it to send out spam. My ISP told me about it, I put a stop to it and everything was cool.

Posted: 2005-04-08 02:34pm
by Spacebeard
Stark wrote:Woo! With my newfound knowledge of cryptography, the weaknesses of WEP are pretty critical. Depending on what cipher they use, getting the key wouldn't take too long if you really wanted, and further captures just make it easier.

Who thought I'd learn anything new at university? :)
The cipher is RC4.

Posted: 2005-04-08 07:12pm
by althornin
Pu-239 wrote:
althornin wrote:
Pu-239 wrote:I hope those of you leaving your network open are using IPSEC...
Bah.
I just have a captive portal page, with terms, and they are bandwidth limited and can only use a few ports.
Free to all, but heavily restricted. And firewalled off from my lan - getting to my lan from my wireless is the same as getting to my lan from the internet. VPN, or nothing :)
IPSEC==VPN
not really. IPSEC can be used in a vpn, but they are not equal (i interprett "==" as "identical", where VPN has many possible technology methods, from OpenVPN using SSL to MS PPTP, or whatever...). Anyways, i know that. My "Bah" was directed at you because i felt you were saying that ALL you need is VPN...

But just using a vpn won't save you from all the problems.
you need a legal recourse for illegal network use, just in case (hence captive portal with TOS) and you need to make sure your wireless is firewalled off from your regular network.

Sorry if i wasn't clear...

Posted: 2005-04-08 11:41pm
by Laird
Update: I got two of my neighbours to lock down their routers; however, one says I'm being paranoid.

Image

Posted: 2005-04-09 02:38am
by Faram
Laird wrote:Update: I got two of my neighbours to lock down their routers; however, one says I'm being paranoid.
Not that I recomend that you do anything illegal, but here is some nice tools for all sorts of network woodoo.

http://www.gfi.com/lannetscan/
Kickass network scanner

http://www.netstumbler.com/
Much better wireless network analyzer that than netgearthingy.

http://www.ethereal.com/
Ethereal the ultimate network protocol analyzer, if you don't know wthat that is don't bother with this one.
All times are UTC-04:00
Page 2 of 2

Powered by phpBB® Forum Software © phpBB Limited