Wireless Hackers

mikey76 · July 10th, 2002, 11:39 PM

I just read some stuff that really scares me. It appears if I use wireless to extend my internet and lan throughout my Apartment so I can use my laptop, then anyone with the right equipment driving in the apartment complex....or maybe just upstairs.... can break my encryption code.

Link removed by mikey

What encryption key do these wireless cards use anyway? 8 bit?

Not only can they read my stuff.....they can use my connection for illegal activities that I and we could become liable for.

Is Linksys and the other big manufactuers of wireless equipment doing something about this?

How an we protect ourselves from this?

Help!

mikey

DVNT1 · July 10th, 2002, 11:46 PM

The encryption key length depends on the hardware you buy. I typically use 128bit encryption cards.

I didn't read that article but there are some methods to make it fairly secure. The easiest I know if is requiring VPN for all wireless workstations. This way, regardless of seeing the network traffic, all data will still be encrypted and only those with the authenticated VPN client would be allowed through the VPN server/router.

mikey76 · July 11th, 2002, 12:45 AM

This is one of the systems they talk about:

XVXV is a wireless LAN (WLAN) tool which recovers encryption keys. XVXV operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.
802.11b, using the Wired Equivalent Protocol (WEP), is crippled with numerous security flaws. Most damning of these is the weakness described in "Weaknesses in the Key Scheduling Algorithm of RC4 " by Scott Fluhrer, Itsik Mantin and Adi Shamir. Adam Stubblefield was the first to implement this attack, but he has not made his software public. XVXV, along with JJJJ, which was released about the same time as XVXV, are the first publicly available implementaions of this attack.

XVXV requires approximately 100M-1GB of data to be gathered. Once enough packets have been gathered, XVXV can guess the encryption password in under a second. "

(Names of systems have been changed to XVXV and JJJJ)

This doesn't look good to me.

DVNT1 · July 11th, 2002, 12:51 AM

Actually I am aware of the wireless sniffers and have read a lot about the common insecurities with the WEP keys.

This is why I mention using VPN on the clients (totally seperate from the WEP encryption).

mikey76 · July 11th, 2002, 01:12 AM

Using Win98SE, how do I activate or make sure I have VPN configured properly to protect me?

And how does VPN protect....if it can be explained in one or two sentences

I guess these systems don't crack the 128 bit code. They crack an idividuals key to the cards that use that code. Is this true?

Thanks

mike

DVNT1 · July 11th, 2002, 01:19 AM

For the VPN you would need a VPN sever and you would need to make the wireless connection(s) on it's own segment. Much more than most home users would want to do.

For home use, change the key every few days to be the safest.

MDdan · July 11th, 2002, 01:25 AM

Humm...after all the stuff that was x'ed out, I went back and read the FAQs to make sure that I didn't violate any rules with my post.

Well, here goes...and please let me know if I'm not even allowed to talk about this stuff:

Netstumbler is a program that runs on Windows 2000 that allows people to sniff for wireless LANs. This product can be used to facilitate an attack or it can be used to audit wireless security, so I assume it is OK to talk about it. Basically, folks drive around with a laptop, perhaps a higher power antenna, and netstumbler running, and look for wireless LANs to access.

Airsnort is a linux program that is used to break WEP. As DVNT1 already suggested, you need to run a VPN because WEP is a joke. There's more to it than key length, the RC4 used by WEP isn't the problem, it's the way that WEP implements RC4. The blackhat briefings webpage has a good multimedia archive with some real media files describing the nature of the weakness in WEP.

To summarize: No key length is going to make a difference with WEP, the implementation is flawed. They're is no harm in using it, and it may deter someone using netstumbler who's looking for unencrypted LANs. But you need to run an encrypted VPN inside the WEP.

Basically, as sold, almost all of the 802.11b products are very poor from a security standpoint. You should also consider where you connect the access point to your network, it would not be good to stick it in the middle of your LAN.

I'm also eager to get a wireless setup going at home....laptop and wireless....woohoo!

mikey76 · July 11th, 2002, 01:36 AM

Laptop and wireless. Yep. Only way to fly!

But if someone outside or down the block can make my ISP think they are me, then lord knows what all they could do. I am more worried about the hackers using my identity to do bad things than monitoring what I do.

mikey76 · July 11th, 2002, 01:45 AM

Per MDdan:

"You should also consider where you connect the access point to your network, it would not be good to stick it in the middle of your LAN. "

I guess I need a picture. I am not sure what you mean by the middle of my LAN. Cable Modem goes to wireless router. Router feeds desktop. Got a network line on the printer. Wirless router is the access point for the laptop rf. Is this the "middle"

Hackers, virii, worms, ycch. "Why can't we just all get along?"

Oh, dan....you filled in the x'ed out spaces pretty well.

DVNT1 · July 11th, 2002, 08:02 AM

"middle of the LAN"....meaning connected to a hub/switch that is directly (as far as routers and firewalls go) connected to servers, workstations, and other less protected devices.

As for a relative picture....

wirelessComputer <--> AccessPoint<-->VPN server<--> LAN(all wired computers)

Therefore the wirelessComputers should be on thier own subnet too.