Wardriving

Quote:

Originally posted by b3lha


Are you absolutely sure about this?

The WEP standard is a 40bit implementation of the RC4 encryption algorithm (although they call it 64bit). There is no doubt that it is severely flawed, but it should be a little more complex than you are describing.

Phil.

Unless WEP has changed somewhat recently, I'm quite sure that everything is hex-encoded. The last time I worked intensively with a wireless network was a little over half a year ago.

What also matters is the fact that even though it may be encrypted, it is still sent via... uhm... "plain hex text" would be the best way to put it. The equivalent of the letter "a" in hex is "61". Wireless networks broadcast the letter "a" as "61". Lots of a's would be broadcast as "61616161". If I watched your network and logged all the hex being broadcast, I could simply keep it in some kind of hex/binary editor and quickly find out what is real data and what is encrypted. Using a WEP decryption proggy (by either disclosing the encryption algorithm or using brute-force), I'm sure one could find out the real hex keys, which in my example would translate into the word "dogpoo".

I do think that CigarJohnny has it just about as secure as it can get. It may be a little paranoid, but secure nonetheless.

[CigarJohnny]

Quote:

Originally posted by deruvian

I do think that CigarJohnny has it just about as secure as it can get. It may be a little paranoid, but secure nonetheless.

I will take that as a compliment. Running shared drives off a WinME box is like having your balls hanging out for the world to kick. Better safe than sorry. Besides, anything worth doing is worth doing right.

Johnny

Quote:

Originally posted by CigarJohnny
I will take that as a compliment. Running shared drives off a WinME box is like having your balls hanging out for the world to kick. Better safe than sorry. Besides, anything worth doing is worth doing right.

Johnny

I do agree wit' dat! But had I known that it was an ME-box, I wouldn't have said "paranoid." I may have used "proper" instead.

[NikFu S.]

Leave it to me to think of missiles and chain guns mounted on an SVX.
I'm really behind in this computer stuff.

[b3lha]

Quote:

Originally posted by deruvian


Unless WEP has changed somewhat recently, I'm quite sure that everything is hex-encoded. The last time I worked intensively with a wireless network was a little over half a year ago.

What also matters is the fact that even though it may be encrypted, it is still sent via... uhm... "plain hex text" would be the best way to put it. The equivalent of the letter "a" in hex is "61". Wireless networks broadcast the letter "a" as "61". Lots of a's would be broadcast as "61616161". If I watched your network and logged all the hex being broadcast, I could simply keep it in some kind of hex/binary editor and quickly find out what is real data and what is encrypted. Using a WEP decryption proggy (by either disclosing the encryption algorithm or using brute-force), I'm sure one could find out the real hex keys, which in my example would translate into the word "dogpoo".

I do think that CigarJohnny has it just about as secure as it can get. It may be a little paranoid, but secure nonetheless.

All data that is held on a computer or sent over a network is encoded as BINARY. That's how computers work, there is no other way to do it. As you said, the ASCII code for "a" is 61 in hex and this is sent over the network as 01100001. If you use a packet sniffer then it will show you the hex value which you can easily translate back to "a".

But this encoding is NOT the same as encryption. When encryption is enabled, your "dogpoo" (646F67706F6F) password might be encrypted as "bE&abQ" (624526616251) in one packet and "Hfbew$" (486662657724) in the next. This is NOT plain-text as you originally suggested and loading it into a hex editor to look for recurring patterns will not help you.

It is true that there are programs which can exploit flaws in the WEP algorithm to crack the encryption in a matter of hours or maybe even minutes. Interestingly, due to a flaw in the design, 128bit is not significantly more secure than 64bit. But there are so many networks which don't even have encryption enabled that it hardly seems worth the effort to trying crack it.

Mohrds, Sonar and I have a far more secure configuration than "paranoid" CigarJonny. VPN tunnels add an extra layer of more secure encryption on top of the crappy WEP stuff and a firewall ensures that only VPN packets reach the rest of the network. IMPO this is the best way to implement wireless networking because it ensures that even if somebody breaks your WEP, they have no more access to your network than somebody coming in over the internet.

Phil.

Quote:

Originally posted by b3lha


All data that is held on a computer or sent over a network is encoded as BINARY. That's how computers work, there is no other way to do it. As you said, the ASCII code for "a" is 61 in hex and this is sent over the network as 01100001. If you use a packet sniffer then it will show you the hex value which you can easily translate back to "a".

I didn't intend to take it that far. Potential confusion was not my interest in this thread, so I decided to leave out the small details about binary. Any moderate hex editor can display/read both hex, ASCII, and binary.

But this encoding is NOT the same as encryption. When encryption is enabled, your "dogpoo" (646F67706F6F) password might be encrypted as "bE&abQ" (624526616251) in one packet and "Hfbew$" (486662657724) in the next. This is NOT plain-text as you originally suggested and loading it into a hex editor to look for recurring patterns will not help you.

While it would be encrypted, to my understanding the WEP encryption method does not change algorithms on the fly. Thusly yielding a pattern.

It is true that there are programs which can exploit flaws in the WEP algorithm to crack the encryption in a matter of hours or maybe even minutes. Interestingly, due to a flaw in the design, 128bit is not significantly more secure than 64bit. But there are so many networks which don't even have encryption enabled that it hardly seems worth the effort to trying crack it.

Mohrds, Sonar and I have a far more secure configuration than "paranoid" CigarJonny. VPN tunnels add an extra layer of more secure encryption on top of the crappy WEP stuff and a firewall ensures that only VPN packets reach the rest of the network. IMPO this is the best way to implement wireless networking because it ensures that even if somebody breaks your WEP, they have no more access to your network than somebody coming in over the internet.

Of course their are always going to be far more secure methods than the next. I'm glad that you at least agree with me on the point that WEP is crappy. VPN tunnels are a definite way to become more secure, but a VPN is not always for the faint of heart. And besides, you could always set up enough tunnels to the point of being ridiculous, thereby boring any interested hackers before they even get into your network.

[CigarJohnny]

I would definitely agree that setting up a VPN takes that extra step than what I do. Still, it amazes me how many so-called network admins, who make lots more $ than I do, use no security precautions what-so-ever. Absolutely AMAZES me!

Johnny

How do you think Im online right now? hehe, i got 4 wireless connections open i can get into from sitting in my bedroom with the laptop snooping around..