[Cialug] DI-634M

Edward Meacham ed at edmeacham.com
Wed Jun 9 22:11:08 CDT 2010


Josh++

He's right - WEP is stupid simple to crack now days... open a program, pick
a wifinet, and wait. Scary sometimes how fast it can be done, too; a few
hours... sometimes less. Regardless, if you're not worried about it, and
they aren't worried about, then okay; you have the right to know I think is
all Josh is getting at. (and judging by his sig, I think his advice is
qualified) :)

If your friend's heart is set on wireless, they should probably swing for a
better card. A decent card might set them back $50-$100, but that's
minuscule in comparison to what could be spent on a lawyer and/or fines if
someone were to gain access to and use the service for dirty deeds. <DONE
DIRT CHEAP />



On Wed, Jun 9, 2010 at 4:07 PM, Josh More <MoreJ at alliancetechnologies.net>wrote:

> They can crack the key.  That means that they can read all non-encrypted
> traffic (i.e., HTTP is readable, HTTPS is not).  They can also authenticate
> to the WAP (by providing the key) and be on your network.  From there it
> depends on network design.
>
> If you're using MAC filtering, they can usually bypass it.  If you're using
> DHCP, they can usually statically assign something in that range and have it
> work.  None of this, of course, matters much if your wireless traffic goes
> to a DMZ and then out to the Internet*... especially if you're doing egress
> filtering.  However, if you're like most people and just slap a WAP on your
> internal network and trust WEP with a key of "Password123" to keep your
> stuff secure, you have a problem.
>
> Not as big a problem as running a node of the Global Linksys Mesh Network,
> but a problem nonetheless.
>
> * Unless you're being targeted by someone who downloads illegal stuff using
> your wifi to get you into trouble with the authorities.
>
>
> -Josh More, CISSP, GIAC-GSLC, GIAC-GCIH, RHCE, NCLP
> morej at alliancetechnologies.net
> 515-245-7701
>
> ________________________________________
> From: cialug-bounces at cialug.org [cialug-bounces at cialug.org] on behalf of
> Todd Walton [tdwalton at gmail.com]
> Sent: Wednesday, June 09, 2010 16:02
> To: Central Iowa Linux Users Group
> Subject: Re: [Cialug] DI-634M
>
> On Wed, Jun 9, 2010 at 3:55 PM, Josh More
> <MoreJ at alliancetechnologies.net> wrote:
> > 1) WEP can be cracked easily these days.
>
> Question: What exactly is cracked?  Is it just that a person will be
> able to read traffic to and from the router?  Or could they also
> connect to the router and get Internet access by cracking WEP?
>
> --
> Todd
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>



-- 
EdwardMeacham - www.edmeacham.com
AIM: E472155 GoogleTalk: emeacham at gmail.com
ph. 641.744.2069 c. 515.480.5033
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cialug.org/pipermail/cialug/attachments/20100609/3dd24704/attachment.htm 


More information about the Cialug mailing list