WEP = pants ?

Snow-Munki · 23 Jan 2006 at 20:31

Hi,

trying to get an old laptop on the WLAN, however for some reason whenever i use WPA it is very flaky. Sometimes it connects but most of the time it just can't authicate, and says network cable unplugged ?? :confused:

With WEP everything works ok though.

I have disable SSID broadcast, MAC address filtering and disable DHCP server, should i still be 'worried'

or a dodgy wireless card ? its a D-link one which i'm borrowing, could always get a another one.

Thanks

benjo plz. · 23 Jan 2006 at 20:32

yep. Is pants. But WPA will make the hardware do more work, and will therefore cause it to dropout more.

OllyM · 23 Jan 2006 at 23:28

Disabling SSID broadcast is an absolute waste of time, as well as MAC address filtering.

If you remove the house number from your front door, does it stop you getting broken into?

It's actually a stupid thing to do - if your neighbour decides to set a WiFi network up, it at least gives them a chance to easily see what channel you are using, and pick one that won't intefere.

mattbrown91 · 24 Jan 2006 at 07:28

why is MAC filtering a waste of time?

I use it and its great, i also disable SSID broadcast

tolien · 24 Jan 2006 at 08:23

mattbrown91 said:
why is MAC filtering a waste of time?

I use it and its great, i also disable SSID broadcast

Because it's pretty trivial to pull a valid MAC out of the packets and use that if you aren't using a decent encryption arrangement.

Snow-Munki · 24 Jan 2006 at 09:15

so i should consider trying / getting another WLAN card as the current d-link ones doesn't always seem to connect using WPA.

then again just thinking where i live, ppl don't even have PC's let alone wireless networks ( i think

)

wesley · 24 Jan 2006 at 09:35

so what's the best way to secure my home wireless network?

using DG834GT, WG111T USB dougle and laptop got intel pro wifi

Mr Blonde · 24 Jan 2006 at 11:59

One simple way if your router can do it, is to turn down the power output of it so as to only cover your network but not next door/the street as well.

One thing to try in regards to getting WPA working...try it on either channel 1, 6 or 11.
You could also try newer firmware - http://kbserver.netgear.com/products/dg834gt.asp

Snow-Munki · 24 Jan 2006 at 12:38

thanks, i've tried 11.

will try 6 and 1 tonight with WPA.

Skilldibop · 24 Jan 2006 at 15:00

wesley said:
so what's the best way to secure my home wireless network?

using DG834GT, WG111T USB dougle and laptop got intel pro wifi

WPA personal- TKIP works fine on mine.

tolien said:
Because it's pretty trivial to pull a valid MAC out of the packets and use that if you aren't using a decent encryption arrangement.

What comes out can just as easily be put back in. MAC Filtering is fine for restricting access among users, but it also needs securing with encryption to keep out "non-users".

sniper007 · 24 Jan 2006 at 15:06

Many people seem to be in agreement that WEP is rubbish and can easily be hacked. Ive googled for such software and tried "hacking" my own network but could not figure out how to even use the software due to poorly written help/readme files. TBH, Id like to see someone hack my network...no really I would be very interested in how they did it. Ive got a ridiculously long WEP key, mac filering and broadcast SSID off. I disagree that broadcast SSID is a waist of time turning it off. OK Yes it can still be hacked of course by people in the know but at the end of the day its always going to help a little not being able to "see" a network in the first place via "usual" methods.

Skilldibop · 24 Jan 2006 at 15:12

Many people seem to be in agreement that WEP is rubbish and can easily be hacked. Ive googled for such software and tried "hacking" my own network but could not figure out how to even use the software due to poorly written help/readme files. TBH, Id like to see someone hack my network...no really I would be very interested in how they did it. Ive got a ridiculously long WEP key, mac filering and broadcast SSID off. I disagree that broadcast SSID is a waist of time turning it off. OK Yes it can still be hacked of course by people in the know but at the end of the day its always going to help a little not being able to "see" a network in the first place via "usual" methods.

SSID braodcast disable can be easily countered by packet sniffing. Not to mention the fact you can always try and bluff by connectiong to a target that is a factory default SSID. Once you have the SSID and the network it's just a case of breaking the encryption. 128bit won't take long if you capture a packet and just set a decryp running a couple of hours.

Might seem a lot of work to you but how much do you pay for your internet per year?? Then think how much effort someone might expend to save that much.

OllyM · 24 Jan 2006 at 16:57

sniper007 said:
Ive got a ridiculously long WEP key

How can it be rediculously long when it's fixed length? The phrase you used to generate the WEP key HEX will be long, but that obviously isn't long...

mattbrown91 · 24 Jan 2006 at 17:36

i have also got encryption

benjo plz. · 24 Jan 2006 at 17:40

sniper007 said:
its always going to help a little not being able to "see" a network in the first place via "usual" methods.

Not at all. Hiding the SSID makes network no more invisible than it is with SSID broadcast enabled. Not sure what methods you're using. But it won't hide it from anything half decent like NetStumbler, Kismet, etc.

Skilldibop said:
SSID braodcast disable can be easily countered by packet sniffing. Not to mention the fact you can always try and bluff by connectiong to a target that is a factory default SSID. Once you have the SSID and the network it's just a case of breaking the encryption. 128bit won't take long if you capture a packet and just set a decryp running a couple of hours.

You can get the SSID easily, you force a client to disconnect, then while the client is reconnecting a packet is sent which contains the SSID in plaintext. So as you say, it can be sniffed. As for breaking WEP, 3 min minimum, 11 tops, and you don't decrypt a single packet, you decrypt IVs, and millions of them.

sniper007 · 24 Jan 2006 at 17:59

Phnom_Penh said:
But it won't hide it from anything half decent like NetStumbler, Kismet, etc.

By "usual" methods, I meant by for example Windows XP scouting around for wireless networks to connect to. Its not like a vast amount of people use such wireless sniffing software on a daily basis is it? So because of this I meant that disabling SSID is atleast helpful in this respect but yes I agree its nothing to the hacker.

benjo plz. · 24 Jan 2006 at 18:01

Windows XP inbuilt finder is pants. Anyway nobody who would want to get onto your wireless would consider using it. NetStumbler is most common as it can be run fine by windows.

MAllen · 24 Jan 2006 at 18:29

Best security you can have? Turn the Access Point off at the mains when you are not using it. Then it can only be "hacked" while you are connected.

Main thing is to keep your neighbours off your WiFi. As long as you know you have decent neighbours, you'll be fine. It will only be trouble if your neighbour is an IT geek and wants to "borrow" your WiFi to download his pr0n. (I know a few people in Brighton who do exactly that.....

)