1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WEP = pants ?

Discussion in 'Networks & Internet Connectivity' started by Snow-Munki, 23 Jan 2006.

  1. Snow-Munki

    Capodecina

    Joined: 18 Oct 2002

    Posts: 10,041

    Location: At home

    Hi,

    trying to get an old laptop on the WLAN, however for some reason whenever i use WPA it is very flaky. Sometimes it connects but most of the time it just can't authicate, and says network cable unplugged ?? :confused:

    With WEP everything works ok though.

    I have disable SSID broadcast, MAC address filtering and disable DHCP server, should i still be 'worried'

    or a dodgy wireless card ? its a D-link one which i'm borrowing, could always get a another one.

    Thanks
     
  2. benjo plz.

    Capodecina

    Joined: 15 Jan 2004

    Posts: 14,208

    Location: Hall

    yep. Is pants. But WPA will make the hardware do more work, and will therefore cause it to dropout more.
     
  3. OllyM

    Soldato

    Joined: 16 Aug 2004

    Posts: 6,192

    Location: New Jersey, USA

    Disabling SSID broadcast is an absolute waste of time, as well as MAC address filtering.

    If you remove the house number from your front door, does it stop you getting broken into?

    It's actually a stupid thing to do - if your neighbour decides to set a WiFi network up, it at least gives them a chance to easily see what channel you are using, and pick one that won't intefere.
     
  4. mattbrown91

    Wise Guy

    Joined: 27 Sep 2004

    Posts: 2,328

    Location: Ilkley / London

    why is MAC filtering a waste of time?

    I use it and its great, i also disable SSID broadcast
     
  5. tolien

    Caporegime

    Joined: 16 May 2003

    Posts: 25,368

    Location: ::1

    Because it's pretty trivial to pull a valid MAC out of the packets and use that if you aren't using a decent encryption arrangement.
     
  6. Snow-Munki

    Capodecina

    Joined: 18 Oct 2002

    Posts: 10,041

    Location: At home

    so i should consider trying / getting another WLAN card as the current d-link ones doesn't always seem to connect using WPA.

    then again just thinking where i live, ppl don't even have PC's let alone wireless networks ( i think :p )
     
  7. wesley

    Soldato

    Joined: 29 Jul 2003

    Posts: 7,358

    so what's the best way to secure my home wireless network?

    using DG834GT, WG111T USB dougle and laptop got intel pro wifi
     
  8. Mr Blonde

    Caporegime

    Joined: 18 Oct 2002

    Posts: 30,872

    Location: Liverpool -> London

    One simple way if your router can do it, is to turn down the power output of it so as to only cover your network but not next door/the street as well.

    One thing to try in regards to getting WPA working...try it on either channel 1, 6 or 11.
    You could also try newer firmware - http://kbserver.netgear.com/products/dg834gt.asp
     
  9. Snow-Munki

    Capodecina

    Joined: 18 Oct 2002

    Posts: 10,041

    Location: At home

    thanks, i've tried 11.

    will try 6 and 1 tonight with WPA.
     
  10. Skilldibop

    Wise Guy

    Joined: 28 Sep 2005

    Posts: 1,284

    Location: London

    WPA personal- TKIP works fine on mine.

    What comes out can just as easily be put back in. MAC Filtering is fine for restricting access among users, but it also needs securing with encryption to keep out "non-users".
     
  11. sniper007

    PermaBanned

    Joined: 18 Jan 2005

    Posts: 1,110

    Many people seem to be in agreement that WEP is rubbish and can easily be hacked. Ive googled for such software and tried "hacking" my own network but could not figure out how to even use the software due to poorly written help/readme files. TBH, Id like to see someone hack my network...no really I would be very interested in how they did it. Ive got a ridiculously long WEP key, mac filering and broadcast SSID off. I disagree that broadcast SSID is a waist of time turning it off. OK Yes it can still be hacked of course by people in the know but at the end of the day its always going to help a little not being able to "see" a network in the first place via "usual" methods.
     
  12. Skilldibop

    Wise Guy

    Joined: 28 Sep 2005

    Posts: 1,284

    Location: London

    SSID braodcast disable can be easily countered by packet sniffing. Not to mention the fact you can always try and bluff by connectiong to a target that is a factory default SSID. Once you have the SSID and the network it's just a case of breaking the encryption. 128bit won't take long if you capture a packet and just set a decryp running a couple of hours.

    Might seem a lot of work to you but how much do you pay for your internet per year?? Then think how much effort someone might expend to save that much.
     
  13. OllyM

    Soldato

    Joined: 16 Aug 2004

    Posts: 6,192

    Location: New Jersey, USA

    How can it be rediculously long when it's fixed length? The phrase you used to generate the WEP key HEX will be long, but that obviously isn't long...
     
  14. mattbrown91

    Wise Guy

    Joined: 27 Sep 2004

    Posts: 2,328

    Location: Ilkley / London

    i have also got encryption
     
  15. benjo plz.

    Capodecina

    Joined: 15 Jan 2004

    Posts: 14,208

    Location: Hall

    Not at all. Hiding the SSID makes network no more invisible than it is with SSID broadcast enabled. Not sure what methods you're using. But it won't hide it from anything half decent like NetStumbler, Kismet, etc.

    You can get the SSID easily, you force a client to disconnect, then while the client is reconnecting a packet is sent which contains the SSID in plaintext. So as you say, it can be sniffed. As for breaking WEP, 3 min minimum, 11 tops, and you don't decrypt a single packet, you decrypt IVs, and millions of them.
     
    Last edited: 24 Jan 2006
  16. sniper007

    PermaBanned

    Joined: 18 Jan 2005

    Posts: 1,110

    By "usual" methods, I meant by for example Windows XP scouting around for wireless networks to connect to. Its not like a vast amount of people use such wireless sniffing software on a daily basis is it? So because of this I meant that disabling SSID is atleast helpful in this respect but yes I agree its nothing to the hacker.
     
  17. benjo plz.

    Capodecina

    Joined: 15 Jan 2004

    Posts: 14,208

    Location: Hall

    Windows XP inbuilt finder is pants. Anyway nobody who would want to get onto your wireless would consider using it. NetStumbler is most common as it can be run fine by windows.
     
  18. MAllen

    Wise Guy

    Joined: 24 Feb 2003

    Posts: 2,236

    Location: Brighton, UK

    Best security you can have? Turn the Access Point off at the mains when you are not using it. Then it can only be "hacked" while you are connected.

    Main thing is to keep your neighbours off your WiFi. As long as you know you have decent neighbours, you'll be fine. It will only be trouble if your neighbour is an IT geek and wants to "borrow" your WiFi to download his pr0n. (I know a few people in Brighton who do exactly that.....:()