cracking WEP

Mirlyn

Mirlyn

Well-Known Member
Anyone done this?

I'm testing wireless security. I got a new linksys G router via RMA and everything is different (must be new firmware revisions, maybe reulting from the Cicso buyout?).

I've moved nearly 4.5 gigs of data over it in the past 36 hours (128-bit WEP on a Orinoco Gold B card) and I've found 10 weak pakets. Thats it. From what I've read, it takes about 15000 weak packets to get a good start on cracking WEP at 128-bit. Might try lowering the encryption and see what that does to my numbers.

Just thought I'd share.
 
rrfield

rrfield

New Member
Mirlyn said:
Anyone done this?

I'm testing wireless security. I got a new linksys G router via RMA and everything is different (must be new firmware revisions, maybe reulting from the Cicso buyout?).

I've moved nearly 4.5 gigs of data over it in the past 36 hours (128-bit WEP on a Orinoco Gold B card) and I've found 10 weak pakets. Thats it. From what I've read, it takes about 15000 weak packets to get a good start on cracking WEP at 128-bit. Might try lowering the encryption and see what that does to my numbers.

Just thought I'd share.
Click to expand...

Sweet. If it takes that much work to crack 128-bit WEP, I feel pretty good about the PPTP solution we use at work.
 
Mirlyn

Mirlyn

Well-Known Member
I just restarted it with another key. I read that a 128-bit alphanumeric key is so advanced that its improbable to crack due to the time needed to gather. Word-based are more vulnerable to brute-force/dictionary attacks, so I just changed mine to "car" and we'll see how long it'll take now.
 
rrfield

rrfield

New Member
Have you done much more with this project? I'm interested in yor results....what program are you using to sniff the wireless packets?

rrfield
 
Mirlyn

Mirlyn

Well-Known Member
I dont' know if its a bad compile of the program or what...but after this long of gathering, it still shows 10 weak packets. I tried gathering with Kismet for several hours (showed ~100 weak packets) but when I loaded the pcap file in airsnort, it still showed only 10 weak packets.

Using Airsnort 0.2.1 with an Orinoco silver card on Slackware 9.1. Silver shouldn't matter with the card being in promiscuous mode.....at least, thats what I would assume....

Just looked it up...need to check the firmware on that card when I get home. Looks like theres a known bug with the shmoo patch and a certain firmware on the Orinocos. I dont' think I updated that card, but I can't remember.

Damn these night classes....won't be home for another 7 hours before I can play with it.

I'll post an update either tonight or tomorrow after I investigate that potential problem. :)
 
Mirlyn

Mirlyn

Well-Known Member
Well, I guess I'm running into specific version conflicts. I must have a certain firmware with a certain pcmcia source with a specfic orinoco patch.

Firmware upgrades are a pain for me because my only other available pcmcia slot is on a Server 2003 machine, and my avaya card takes 2000 drivers while my avalon card takes XP drivers. Yet the orinocowireless.com firmwares (which go back into the 7.5x and the 6.xx's that I need) are specifically designed for a certain Driver/OS set, so it never finds the card because it sees 2000 or XP drivers and thinks it should require 2003 drivers (which don't exist). SO, I end up using Agere's firmware updates because they're more lax in requiring driversets, but I can only find the Agere firmwares for the 8.xx versions. Confused? I sometimes am. :p

I need a 98 or 2000 machine with a pcmcia slot....might just order a pci/pcmcia card and throw a desktop machine together quicklike so I can get this card flashed again to retry recompiling everything. All my laptops at work are on linux now. :(
 
tommyj27

tommyj27

Not really Banned
mockingbird said:
Are there any sniffers for Windows?
Click to expand...
i believe that there are, but i'm not sure the names :shrug:

hey mirlyn, did you ever crack your wep or did you give up on it?
 
Luis G

Luis G

<i><b>Problemator</b></i>
Staff member
I configured mine to do not use encryption.....to lazzy to bother with it.

If i need to transmit sensitive data it will be encrypted anyway, so it really doesn't matter wether someone else reads what i'm typing or not.
 
A.B.Normal

A.B.Normal

New Member
Luis G said:
I configured mine to do not use encryption.....to lazzy to bother with it.

If i need to transmit sensitive data it will be encrypted anyway, so it really doesn't matter wether someone else reads what i'm typing or not.
Click to expand...


Just guessing here ,but can't they also access your comp and do all kinds of NASTY stuff too viruses ,trojans etc...kinda like using Broadband without a firewall :crying4:
 
Luis G

Luis G

<i><b>Problemator</b></i>
Staff member
A.B.Normal said:
Just guessing here ,but can't they also access your comp and do all kinds of NASTY stuff too viruses ,trojans etc...kinda like using Broadband without a firewall :crying4:
Click to expand...

No, I configured the wireless access so that only my wireless card can connect to the router.
 
rrfield

rrfield

New Member
Luis G said:
No, I configured the wireless access so that only my wireless card can connect to the router.
Click to expand...

If you did this with a MAC Address list, you are only keeping amature hackers out. MAC Address lists are subject to brute-force attacks.

rrfield
 
Mirlyn

Mirlyn

Well-Known Member
tommyj27 said:
i believe that there are, but i'm not sure the names :shrug:

hey mirlyn, did you ever crack your wep or did you give up on it?
Click to expand...

Airsnort has a win32 port. Doesn't work very well at all though.

I pretty much gave up on it because I hit finals and lost time to play with it. :(
 
B

bigbob007

New Member
tommyj27 said:
i believe that there are, but i'm not sure the names :shrug:

hey mirlyn, did you ever crack your wep or did you give up on it?
Click to expand...
Packetyzer is a decent sniffer for windows... if you're still looking, a week later.
 
Luis G

Luis G

<i><b>Problemator</b></i>
Staff member
rrfield said:
If you did this with a MAC Address list, you are only keeping amature hackers out. MAC Address lists are subject to brute-force attacks.

rrfield
Click to expand...

I finally stopped being lazy and researched how to enable wep under linux, now my router is configured so that only my MAC address can connect to it plus 128-bit WEP, if someone steals my bandwidth they deserve it :D
 
rrfield

rrfield

New Member
Luis G said:
I finally stopped being lazy and researched how to enable wep under linux, now my router is configured so that only my MAC address can connect to it plus 128-bit WEP, if someone steals my bandwidth they deserve it :D
Click to expand...

This is how I do it at home as well. Not perfect, but good enough for home :)

rrfield
 
You must log in or register to reply here.
Top