sorry Bit of subject- Hacking WIFI

Being new to Wifi i thought i would share some findings with those of you
who use WIFI

Little hacking experiment

Setup Home network
Netgear Wg602 wifi access point ( 54g)
Router with broadband connection 1 MB
P4
Encryption WEP 64 bit

Receiver laptop
ADVENT Amd 64
With own internal wifi card


Hacking laptop
As above but with DWL-AG650 wifi card.


Ok I have a wifi network at home and started to get a bit paranoid at the
security of WEP encryption so I got myself a new network card DWL-AG650
(Atheros chip set) for my laptop, downloaded the driver to put the card in
to monitor mode.

On my home wifi setup I logged on to P2P network and tagged about 100 mg of
files for download. another way is to run ICMP Ping Flood.

From my hacking laptop I then ran airodump to collect the traces of packets
flying through the air, being generated by my wifi network.
I left it running for approx 3 hours and collected approx 200000 class IV
packets.

Once completed dragged the file into aircrack, set fudge factor to 4,
encryption to 64 started it off, within less than 2 minutes it found the
key.

Conclusion

64 bit encryption not secure enough, I will try the same experiment with 128
encryption.
2-3 hours is not that long a time to sit out side someone's house or factory
( as long as there is a lot of wifi traffic).
From these findings I now unplug my wifi when doing internet banking etc. I
don't think I will drop the wifi as I find the flexibility very useful
accessing the net from anywhere in the house or garden, but will now look
into WPA.

Range rover 4.0SE
1972 Landy

"wps" <[email protected]> wrote in message
news:[email protected]...
> Being new to Wifi i thought i would share some findings with those of you
> who use WIFI
>
> Little hacking experiment
>
> Setup Home network
> Netgear Wg602 wifi access point ( 54g)
> Router with broadband connection 1 MB
> P4
> Encryption WEP 64 bit
>
> Receiver laptop
> ADVENT Amd 64
> With own internal wifi card
>
>
> Hacking laptop
> As above but with DWL-AG650 wifi card.
>
>
> Ok I have a wifi network at home and started to get a bit paranoid at the
> security of WEP encryption so I got myself a new network card DWL-AG650
> (Atheros chip set) for my laptop, downloaded the driver to put the card in
> to monitor mode.
>
> On my home wifi setup I logged on to P2P network and tagged about 100 mg
> of
> files for download. another way is to run ICMP Ping Flood.
>
> From my hacking laptop I then ran airodump to collect the traces of
> packets
> flying through the air, being generated by my wifi network.
> I left it running for approx 3 hours and collected approx 200000 class IV
> packets.
>
> Once completed dragged the file into aircrack, set fudge factor to 4,
> encryption to 64 started it off, within less than 2 minutes it found the
> key.
>
> Conclusion
>
> 64 bit encryption not secure enough, I will try the same experiment with
> 128
> encryption.
> 2-3 hours is not that long a time to sit out side someone's house or
> factory
> ( as long as there is a lot of wifi traffic).
> From these findings I now unplug my wifi when doing internet banking etc.
> I
> don't think I will drop the wifi as I find the flexibility very useful
> accessing the net from anywhere in the house or garden, but will now look
> into WPA.
>
> Range rover 4.0SE
> 1972 Landy
>
>

Very interesting, I use one at work & home & have always wondered about the
security aspect. The main redeeming feature of wifi is the very limited
range!

Nige

On Thu, 24 Feb 2005 21:44:37 -0000, /\\/ / & E wrote:

>> From these findings I now unplug my wifi when doing internet
>> banking etc.

Er why? The web link will be encrypted by your browser to a level that
the banks seem happy with, that is on top of the weak WiFi link
encryption.

Only stuff sent in plain text will be readable by those who can be
bothered. Reading your email will almost certainly send your id and
password in plain text...

> The main redeeming feature of wifi is the very limited range!

<cough> Try telling that to the 4.3 and 2.1 km links that are running
from here. Other links on this network are longer, much longer, like
20km long. All running the same power levels as ordinary WiFi stuff,
just using aerials better than a bit of dry string stuffed behind a
metal box...

--
Cheers [email protected]
Dave. pam is missing e-mail

Dave Liquorice wrote:

> <cough> Try telling that to the 4.3 and 2.1 km links that are running
> from here. Other links on this network are longer, much longer, like
> 20km long. All running the same power levels as ordinary WiFi stuff,
> just using aerials better than a bit of dry string stuffed behind a
> metal box...

Indeed - I'm sharing an ADSL connection with a mate who is 2.5km away
using low end 802.11g gear and a couple of home-made aerials. One of my
network admin friends looks after several 20km links again using
consumer grade products with decent aerials. Wardriving with a
high-gain directional antenna I can pick up some office & home networks
at >1.5km and the really scary bit is the number of them that are
totally unsecured.


--
EMB

In article <[email protected]>, EMB wrote:
>
> Indeed - I'm sharing an ADSL connection with a mate who is 2.5km away
> using low end 802.11g gear and a couple of home-made aerials. One of my
> network admin friends looks after several 20km links again using
> consumer grade products with decent aerials. Wardriving with a
> high-gain directional antenna I can pick up some office & home networks
> at >1.5km and the really scary bit is the number of them that are
> totally unsecured.
>

Where does one find these aerials? I'm experimenting with setting up a
building to building link and if I could make it directional I'd be
much happier. I'm using a couple of Netgear 602's with the supplied
aerials at the moment in bridging mode.


--
simon at sbarr dot demon dot co dot uk
Simon Barr.
'97 110 300Tdi.

>> Once completed dragged the file into aircrack, set fudge factor
>> to 4, encryption to 64 started it off, within less than 2
>> minutes it found the key.

Sounds about right. 128bit should give you 10-20 minutes on a busy
network.

Newer APs and cards can do something called WPA/TKIP which changes the
key faster than it can be cracked (256 bit key, changed every minute).

The important concept to understand is that aircrack doesn't break the
key, it breaks the initialisation process - so that doesn't mean that
"128 bit encryption can be cracked in 10 minutes", just that the poor
implementation in WEP can be.

>> From these findings I now
>> unplug my wifi when doing internet banking etc.

Why? That's got it's own 128 bit encryption (which is properly
implemented, though the early versions of SSL made the same mistakes
as WEP). And there's nothing to stop someone uploading a key-logging
trojan that reports back.

You have two main risks for a home wireless connection: bandwidth
theft and hacking into the PCs/sniffing traffic.

MAC Address security is fairly effective against casual attempts at
this. Otherwise, I always recommend disabling the Browser,
Workstation, Server and Messenger services on WinXP/2000 which will
prevent most types of attack. These services are only needed if you
are going to share files between computers on your network (Mapped
Network drives).

Oh, in case anyone was wondering, Computer Security is my "Day Job".

Andy

--
Andy Cunningham -- www.vehicle-diagnostics.co.uk
The brain is as much a model for the computer as the computer is a
model for the brain. -- Michael Crichton, _The Terminal Man_

"wps" <[email protected]> wrote:

>Once completed dragged the file into aircrack, set fudge factor to 4,
>encryption to 64 started it off, within less than 2 minutes it found the
>key.

Here it took me 2 seconds with 500000 IVs. Now I use WPA



regards - Ralph

--

Want to get in touch? http://www.radio-link.net/whereisralph.txt

In message <[email protected]>, Simon Barr <[email protected]>
writes
>In article <[email protected]>, EMB wrote:
>>
>> Indeed - I'm sharing an ADSL connection with a mate who is 2.5km away
>> using low end 802.11g gear and a couple of home-made aerials. One of my
>> network admin friends looks after several 20km links again using
>> consumer grade products with decent aerials. Wardriving with a
>> high-gain directional antenna I can pick up some office & home networks
>> at >1.5km and the really scary bit is the number of them that are
>> totally unsecured.
>>
>
>Where does one find these aerials? I'm experimenting with setting up a
>building to building link and if I could make it directional I'd be
>much happier. I'm using a couple of Netgear 602's with the supplied
>aerials at the moment in bridging mode.
>
>
Try <http://www.computerguy.co.uk> - that's where we get hi-gain
directional yagi antennae from for work.

HTH

Will
--
lancre.net - The personal domain of Will and Cath Wilkinson.
Send e-mail to news dot will at lancre dot net

PGP Fingerprint E089 1736 A023 9E5C AFA3 0B40 E5DC D80A 9E1F D521
Public key can be obtained from ldap://certserver.pgp.com

In article <[email protected]>, Will Wilkinson wrote:
>
> Try <http://www.computerguy.co.uk> - that's where we get hi-gain
> directional yagi antennae from for work.
>
> HTH
>
> Will

cheers, I'll take a look.

--
simon at sbarr dot demon dot co dot uk
Simon Barr.
'97 110 300Tdi.

As others have said, change to WPA and implement MAC filtering unless
you have a steady flow of different hardware coming and going on your
LAN.


--

Tim Hobbs

'58 Series 2 88" aka "Stig"
'77 101FC Ambulance aka "Burrt"
'03 Volvo V70

My Landies? http://www.seriesii.co.uk
Barcoding? http://www.bartec-systems.com
Tony Luckwill web archive at http://www.luckwill.com