Wireless network (WEP security)
Emir
emir-rdkfGonbjUTTQjIoRn/dzw at public.gmane.org
Tue Sep 30 21:15:37 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 30/09/2003 13:44, Gardner Bell wrote:
| I've been considering moving to a wireless network system but after many
| articles I have read is it really worth it? One such article I read was on the
| WEP algorithm and numerous flaws found by the analysts, such as a
| dictionary-building attacks, active attack to inject new traffic from
| unauthorized mobile stations, etc. How easily could a
| hacker pull off this kind of attack on an 802.11 network?
| The initialization vector in WEP I have read is only 24-bit and is sent in
| the clear-text part of a message, with only a small amount of initialization
| vectors how often would the same key-stream be used on a rather small home
| network? A busy access point, which constantly sends 1500 byte packets at
| 11Mbps, will exhaust the space of IVs after 1500*8/(11*10^6)*2^24 = ~18000
| seconds, or 5 hours. Would the time increase or decrease using wireless with
| Roger's or does it all depend on how much traffic my machines are sending?
| What measures have others here taken to secure their wireless networks if any of
| you have them and what specific hardware would you recommend? Any other info
| that you could provide would be greatly beneficial.
As people already pointed out, there's a slew of "solutions"; I prefer to call
them "workarounds". As someone who's had a wireless network for a very long
time now (I was one of the co-founders of the now-defunct Toronto Wireless
Community Network), I can offer you the following advice: treat your wireless
network as the most hostile section of the Internet.
Don't rely on WEP by any means, in fact I'd suggest you turn it off because it
does nothing 'cept reducing throughput and causing silly disconnects. Your
real protection comes higher up on the TCP stack, as VPN, SSL, or SSH tunnel.
The moment you introduce wireless access on your network, all your computers
are exposed, which means don't rely on your Internet firewall, every machine
needs to firewall itself (you can still keep your Internet firewall as an
outer perimeter, but don't fall into false sense of security).
If you're unable or unwilling to expend the effort to protect each individual
machine on the network that is to be extended through wireless means, I
suggest you don't use wireless at all.
- --
Emir.
"The rancorous Supreme Court pronouncement on the 2000 Presidential election
~ ought to remind everyone that the US' legal system is at best a lottery,
~ and at worst, deeply swayed by human vices." -- Andrew Orlowski
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQE/efJ5uSy542G+Z7QRArFCAJ9t4oRe2UIt2MRSS8B1hUngvIJ83QCgoegS
tVOSSOzS1CUZymq33CmliAw=
=sgBm
-----END PGP SIGNATURE-----
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list