[Gllug] WEP security experiences

[Tom Weissmann]

Dylan wrote:

> So - is it reasonable to think that your average criminal is going to go to 
> that effort - waiting for two million packets to fly thru the ether (bearing 
> in mind that I've tried just collecting packets from neighbours (for purely 
> research purposes, of course) and can't even get a hundred thousand per hour 
> even when I know they are heavy web users.

We manage to pick up free wireless here in Lisbon thanks to free wifi in 
public parks and a good antenna. I noticed two things when I was trying 
to get a good signal. One is that Windows announces every essid it's 
prepared to associate with by continually probing for them.

The other is that every network I saw was accompanied by a client trying 
to associate with it, and that these clients all had very similar MAC 
addresses, making me wonder if someone has a) lots of wireless cards or 
b) a device that can scan lots of APs on lots of channels 
simultaneously. With a device like b) and the right software, your 
"average criminal" could get on with doing criminal things, or just 
watching TV, while a box on the windowsill harvested data from any 
vulnerable network in range.

Use WPA...
Regards,
Tom SW
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug