[Gllug] WEP security experiences
Dylan
dylan at dylan.me.uk
Mon Jun 18 16:55:25 UTC 2007
Hello List
Well, I was asked recently how secure a friend's network was so I set about
learning to use kismet and aircrack just to find out ...
I broke his WEP key in 11 seconds - the only thing was, I needed to harvest
over 2 million packets with varying contents to do so. I set up a network
with three wireless machines + AP and set off various file transfers up to
the saturation point (managed to get over 50Mb/s throughput which I thought
was quite good) and after nearly an hour and a half I had gathered enough
packets on a separate machine to crack the encryption. I tried several
times - increasing the amount of bandwidth used and the number of packets
captured as I went and 2 million seems to be a cut off point for 128bit wep.
I also found that if there was only one wifi attached device, even 2 million
packets was not enough to crack the key.
So - is it reasonable to think that your average criminal is going to go to
that effort - waiting for two million packets to fly thru the ether (bearing
in mind that I've tried just collecting packets from neighbours (for purely
research purposes, of course) and can't even get a hundred thousand per hour
even when I know they are heavy web users.
Thoughts?
comments?
Dylan
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list