Jump to content
xisto Community
8ennett

Wireless Security (wep Vs Wpa)

Recommended Posts

Now when it comes to setting up the security encryption on your wireless router, it seems that most people are using WEP encryption to protect their network. That used to be sufficiant however now a days WEP encryption is easily broken. Using a piece of software called aircrack-ng and wireless drivers patched for injection it is possible for someone to break your encryption cypher with or without a client having succesfully handshaked with the network.The first method the attacker would use it to monitor the traffic between a connected client and the network. While monitoring the network the attacker will be looking for an ARP request (Address Resolution Protocol). Once the attacker has managed to capture one of these requests they will then be able to inject this request repeatedly in to the network. Caching the returned data, aircrack-ng will then be able to decrypt your WEP key and access your network.The next method is known as the Korel ChopChop attack, or also the fragmentation attack. This works by constructing an ARP request using fake authentication to obtain a PRGA (Psuedo Random Generation Algorithm). Using the PRGA the attacker can then construct an ARP using packetforge-ng. Once the ARP is constructed then the attack continues like the standard WEP attack above.Now aircrack-ng can break WPA encryption, however the only practical way of doing this is through a brute force attack. Using a dictionary file aircrack-ng runs through all the possible combinations contained within the dictionary file to find a working key. This can be extremely time consuming, and if the key is very well designed then it can literally take months to break the key. Here is an excellent method for ensuring your network stays safe. When creating your WPA key, ensure you use a combination of both letters and numbers including upper and lower case letters (LiverpooL185). Don't make this too complicated as you will need to remember it, just in case. Now it is possible that a dictionary file could contain this, so we need to diversify it a little by adding gibberish to either side of the password. ZxCvLiverpooL185VcXz. Still a rather simple password, but with alternating upper and lower case either side and the letters mirrored. Now we have a highly secure password, I really doubt anybody will be able to crack this, however if the attacker has constructed his/her own dictionary file using every possible permutation up to 100 characters, then they will also have this password in that list. What we can do is every four weeks, change the four letters on either side of the password. The first month our password is ZxCvLiverpooL185VcXz and the next month it is qWeRLiverpooL185rEwQ and so on. Now you have a WPA key system in place that cannot be cracked by anything. Due to the amount of time it takes to brute force a WPA key you should leave ample time before anyone has run through enough permutations to break your key.

Share this post


Link to post
Share on other sites

WPA is far more better than WEP because WEP is crackable with linux (BackTrack) and I have tested that and it's working. After some time and work on the BackTrack with tutorials and etc. I've managed to get my neighbors WEP password. Use WPA, there is no way to crack it except with wordlist password cracker. (software is trying words from a list to see if it's logging in to the wireless...) So use some better, improvised or randomly generated password and chill out. :)

Share this post


Link to post
Share on other sites

That's pretty much what I already said, and offered the solution to the problem of wordlist cracking on WPA using alternating permutations. Also, it's illegal to crack other peoples networks without their permission and criminal sentences have become much more severe over recent years for illegally using someone elses internet connection.Backtrack is a security exploit testing linux distro designed for testing security vulnerabilities in your own networks and systems and is not to be used illegally as is clearly stated in documentation provided with it, and is also used as training tool by the NSA.Don't be silly and admit to commiting crimes online, that's what amateurs do and amateurs get caught!

Share this post


Link to post
Share on other sites

I hope you're talking about WPA2 and not WPA because WPA is easily cracked as it was a quick fix of WEP. When companies started to realise that WEP was absolutely insecure, they needed to find a way to upgrade old hardware. However, the older access points did not have the headroom to allow more advanced and more computational expensive encryption methods and that's how WPA was formed. It's was designed to be harder to break, but it's cripled by the fact that it could only be 10% more computational expensive than WEP.

Share this post


Link to post
Share on other sites

I hope you're talking about WPA2 and not WPA because WPA is easily cracked

It makes no difference if it is WPA or WPA2, the methods of attack are identical and take the exact same amount of time. Did anybody even read this article before responding?

Share this post


Link to post
Share on other sites

I did read it, but what I try to say is that a strong password won't protect WEP or even WPA as there are other, faster methods to break them :)

Share this post


Link to post
Share on other sites

I did read it, but what I try to say is that a strong password won't protect WEP or even WPA as there are other, faster methods to break them :)

There's no other way to break WPA encryption (or WPA2) other than using a dictionary attack. WEP is the most unsecure form of encryption which is the whole point of the article, many routers only provide WPA and WPA2 in pre-shared key form which is what is vulnerable to dictionary attack.

If you are saying there is a faster method of breaking a pre-shared WPA key then please share this method.

Share this post


Link to post
Share on other sites

WEP is ridiculously easy to crack. WPA is a bit harder to crack but not impossible. A brute force attack could definitely work. I recommend you go with WPA2. While it is still "crackable", it will be harder and more time consuming.

Edited by vistz (see edit history)

Share this post


Link to post
Share on other sites

WPA (and WPA2) Keys should always be generated and retardedly difficult to remember. You only need to configure the network once, add computers sometimes, etc.

 

Most Linksys routers and many other routers I've seen allow you to access the key through administration (which should only be accessible from a physically connected computer, check your settings), so you could retrieve it in the case of a new computer on the network, or a similar occasion.

 

WPA2 with a PSK encrypted via AES has only two attack vectors:

 

* Intercepting the handshake (nearly friggin impossible [so much so that it's essentially only theoretical]).

 

and

 

* Dictionary attacking the PSK.

 

Regardless, you should always use the absolute strongest key you can, such as one from https://www.grc.com/passwords.htm or a similar generator site. You then configure all of your computers, add AP Isolation if you don't plan to use file/printer sharing, and MAC Address Filtering for a final layer of security.

 

After all of this, you disable SSID Broadcast (make sure to use a complicated SSID as well, it factors into overall security, though I'm a huge fan of 'BDSM Image Host' just to freak out the snoops), use a spectrum analyzer to verify that you are on the channel with the lowest average amount of traffic, and Ta-da, you now have the most secure network you can manage without implementing a RADIUS key-exchange system.

 

This is one of those moments where one could say, "And that's how it's done."

 

:P

-JD

Edited by John_Doe (see edit history)

Share this post


Link to post
Share on other sites

Here is a story to add to the conversation: âAmazon Cloud Power Used To Break Network Passwordsâ (http://forums.xisto.com/no_longer_exists/). Thomas Roth, a security researcher, used Amazonâs Elastic Cloud Computing (EC2) service to brute force wireless passwords. The EC2 service is basically a supercomputer that you can rent for 28 cents a minute. Rothâs average cost was $2 per password. Any wireless protocol (including WPA-PSK) that uses a pre-shared key is open to attack. Apparently this attack can only find matches based on a dictionary list.So back to the original question of WEP Vs WPA? I choose neither for my home network and decided to run completely unencrypted. Anyone can connect and the access point ID is âOPENâ. I didnât do this out of laziness but out of an informed discussion to be nice to my neighbors.I live in a fairly rural area were maybe 5-6 people can even see my wireless connection. I trust most of my neighbors and I have weighed the discussion to be open with being secure. This doesnât mean that all my banking information and such is open to anyone walking or driving by. Being nice to my neighbor doesnât mean being stupid either. I have been in several situations where I needed Internet access away from home and occasionally I get lucky and find an open access point. The access points in question may or may not be left open on purpose but I am still grateful to find one. Perhaps I can be nice to someone else in their time of need.I have setup my network in a very particular way as to offer open wireless and still keep myself safe. All of my internal computers are hardwired 1 Gbit Ethernet so there is no need for wireless. The wireless network is segregated behind two routers not including the main Linux router that feeds from my ISP connection. The two routers are in series which prevents APR spoofing onto my hardwired network as ARP does not pass through a router. There are some tricks to get past one router but to my knowledge there is no way to play ARP games with two routers. Secondly, both the wireless and hardwired internal network has the same subnet addresses. This means that even if someone on the wireless knew an internal IP address, it would route to the wireless subnet and never make it past the first router. As a finishing touch, the main Linux router has some nasty rules in place to prevent ANY traffic from passing from the internal to the wireless network and vice versa.The only time I ever use the wireless network is if someone visits my house and needs to use the Internet. If they want to access any of my internal computers or the network printer then I have to tell them to get out their Ethernet cable because it simply isnât possible from the wireless network. I do realize that some bad things can happen on an open wireless access point but I am willing to take the chance and fight the fight if needed. If laws are broken then it is up to the person breaking the law to go to jail and not me. The law is certainly still in flux on this matter but I will fight for my right to provide an open access point if needed.There are currently several organizations with the goal of providing free wireless to anyone who wants it (https://en.wikipedia.org/wiki/Wireless_community_network) (https://en.wikipedia.org/wiki/List_of_wireless_community_networks_by_region). These groups usually just make their current access point open with perhaps a customized login screen or user agreement. There is no such group in my area and I donât see it as being very practical given my rural location. If something does come along I may make my wireless niceness a little more formal.

Share this post


Link to post
Share on other sites

Here is a story to add to the conversation ... a little more formal.

Nice. I could have done something similar at my most recent residence, but alas, the apartment complex was filled with trolls and rejects who felt that 16 clients torrenting over my Comcast Business Class was just being neighborly. My connection frequently exploded, and eventually I just said screw it and secured the whole shebang.

So in essence, yes, in some environments it is possible to provide a free and open access point for random passerby, but in densely populated, somewhat malignant locations, a bit of strategy is required, even though you kind of went over the top to create a bulletproof rural wireless network.

Anyhow, see you all tomorrow.

:P
-JD

Share this post


Link to post
Share on other sites

I hope I never get to the point where I have to put restrictions on my access point but if I do, I still have the tools to do it. The main Linux router has Astaro (https://www.sophos.com/en-us/products/unified-threat-management.aspx) installed so I can limit the wireless network any way I need to. This is usually not possible with the comity home routers but I can control the type, amount, and time window of bandwidth. If anyone else is interested, Astaro is free for home use and just needs two network adaptors on a discarded (but working) spare computer (https://www.sophos.com/en-us/products/unified-threat-management.aspx).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.