Wireless security, I want the real story

[toomanybytes]

I think that last article itself is pretty powerful evidence.

1. Pervs have admitted to wardriving so their illegal activity points to someone else.

2. Law enforcement have arrived on people's doorsteps looking for the owner of a particular IP address.

Has anyone ever been wrongly convicted based on an IP address alone? I hope not. But do you really want your driveway filled with police cars while the neighbours all gossip and all your computer equipment seized for a month while the police examine it? Have a few illegal MP3's on there? Oops! Maybe the police will be so ticked off at not finding the external hard drive they're convinced holds all your porn that they'll bust you for the illegal music.

 

[Protozoa]

2. Law enforcement have arrived on people's doorsteps looking for the owner of a particular IP address.

When?

Keep in mind that I'm asking for specific examples of when they have arrested someone or obtained a warrant based on an IP address alone.

You guys just keep piping up with this stuff, like it has happened. Well... let's see a link to a news story for Chrissakes!

 

[toomanybytes]

Quotes from the article mentioned above:
1. The person who downloaded the pornography is gone, and it is the registered owner of the wireless account who is left to answer police questions.
2. Technically, "the account holder is responsible for the crime,"
3. "The search warrant ends up at that house," he said.
4. It is not easy to detect someone piggybacking on your account, Watkins said. The service may be slower if the unauthorized user is downloading large files.
"Another way is if the feds knock on your door to see if the illegal activity is coming from your computer," Watkins said.

But that’s obviously not enough evidence for you so I’ll bite. I haven’t done a Google treasure hunt in a while.

Guy argues that police can’t prove he’s the scumbag because his wireless was unsecured. They still throw the book at him.
http://www.news.com/Police-blotter-Open-Wi-Fi-blamed-in-child-porn-case/2100-1036_3-6177095.html

Article discussing above case, and how some people intentionally leave their wireless unsecured in order to claim reasonable doubt, but the judges are calling BS on them. Article also mentioned the idea of making unsecured wireless illegal.
http://arstechnica.com/news.ars/pos...-that-an-open-wifi-network-is-no-defense.html

Police came pounding on little old lady’s door with a search warrant. Basically, if it had been a 30 year old man who still lives with his mother, wi-fi owner would have been in a heap ‘o ‘trouble. So unless you’re an innocent-looking little old lady…
http://www.washingtonpost.com/wp-dyn/content/article/2007/02/10/AR2007021001457.html


I didn’t take the time to read this whole page but shocking advice given in a case where neighbour had been using their wi-fi for illicit purposes and images were still available to view on their computer. Summary? Couple advised to not call the police and destroy the HD so nothing could ever be pinned on them. Sad that the people on the forum felt it was more important to avoid trouble than to stop scumbags from hurting kids.
http://64.233.169.104/search?q=cach...rrant+arrested+porn&hl=en&ct=clnk&cd=17&gl=ca

 

[Homenet]

Thanks toomanybytes, i was gonna hunt some down myself but im too lazy

 

[tlarkin]

Wow, this thread is ridiculous. Let me clarify a few things.

Sure, WEP has its vulnerabilities but most people who say that are just regurgitating what they read off slashdot. A brute force attack against a strong passwords takes a really long time, longer than most people think. Secondly, yes you can break WEP but it requires packet injection. Packet injection only works with a very limited number of WiFi cards because hardware developers do not release source code or specifications to the open source world, where all the hacking tools are developed in the first place. So, right there you are limited to someone who knows what they are doing to crack WEP, and on top of that have the hardware to do it. Then if you add in a set of passkeys that rotated you make it even harder for it work.

Also, recently there has been a technology developed to secure WEP, called chaff packets, google it and educate yourself. This works because all the wep hacking/cracking tools assume that every packet on a network is good, which is a flaw in the hacking tool.

If you run WEP on your home network I seriously doubt anyone would hack it or even really know how to hack it in the first place, or even have the proper software and hardware to do so. Obviously WPA is the better choice if you don't have any older wifi systems on your network because it is just as easy to set up and less vulnerabilities.

Now, once someone gains access to your private network and you are running windows they pretty much can access almost anything through basic mapping/pathing bugs in windows. They can have access to private information and use your bandwidth for bad things, hijack your system, add network active self propagating viruses, so on and so forth.

If all you can use is WEP in a neighborhood you are most likely fine, just use a secure passkey. Like, don't use PasSword for your password.

 

[Protozoa]

Quotes from the article mentioned above:

Above where?

Guy argues that police can’t prove he’s the scumbag because...

The first two links have to do with a guy who was "convicted of possession of child pornography" (who had also apparently been under investigation by Yahoo). The fourth link had nothing to do with police action.

The third link didn't involve any sort of arrest, although it did say that the police had a warrant. Sounded a little fishy to me. The cops went to the trouble of tracking down what physical address was supposedly associated with the IP, but they were surprised by who answered the door? Seems like that would have been a detail they would have figured out in advance.

Shrug. Does this prove your case? I don't know. It's close enough. Thanks for the info.

 

[toomanybytes]

Above where?

http://www.philly.com/philly/hp/news.../15391047.html
Homenet listed it on page 4 of this thread. Well, that explains why you were still asking for proof when I felt it had already been given.

Above where?
The fourth link had nothing to do with police action.

I know. I just thought it was creepy.

 

[toomanybytes]

Thanks toomanybytes, i was gonna hunt some down myself but im too lazy

Every once in a while I have to flex the Google muscle.

 

[Protozoa]

http://www.philly.com/philly/hp/news.../15391047.html

Comes up with page not found.

I went back and it works where Homenet posted it.

Based on how often people glom off of other people's networks, a judge would have to be an idiot to issue a warrant based on an IP. I guess there are idiot judges.

 

[Homenet]

Wow, this thread is ridiculous. Let me clarify a few things.

Sure, WEP has its vulnerabilities but most people who say that are just regurgitating what they read off slashdot. A brute force attack against a strong passwords takes a really long time, longer than most people think. Secondly, yes you can break WEP but it requires packet injection. Packet injection only works with a very limited number of WiFi cards because hardware developers do not release source code or specifications to the open source world, where all the hacking tools are developed in the first place. So, right there you are limited to someone who knows what they are doing to crack WEP, and on top of that have the hardware to do it. Then if you add in a set of passkeys that rotated you make it even harder for it work.

Also, recently there has been a technology developed to secure WEP, called chaff packets, google it and educate yourself. This works because all the wep hacking/cracking tools assume that every packet on a network is good, which is a flaw in the hacking tool.

If you run WEP on your home network I seriously doubt anyone would hack it or even really know how to hack it in the first place, or even have the proper software and hardware to do so. Obviously WPA is the better choice if you don't have any older wifi systems on your network because it is just as easy to set up and less vulnerabilities.

Now, once someone gains access to your private network and you are running windows they pretty much can access almost anything through basic mapping/pathing bugs in windows. They can have access to private information and use your bandwidth for bad things, hijack your system, add network active self propagating viruses, so on and so forth.

If all you can use is WEP in a neighborhood you are most likely fine, just use a secure passkey. Like, don't use PasSword for your password.

I disagree strongly, if you think that WEP has any kind of security whatsoever your kidding yourself completely, WEP is redundant, and you do not peform a brute force attack against WEP, once enough packets are collected that contact the initialisation vectors (usually from arp requests) a statistatical attack is made on the packet file.

For starters you password you use makes no difference whatsoever because it is always in hexadecimal format and of fixed length, either 64bit (technically 40bit) or 128bit. The key that you use makes absoutely zero difference in strengthing the protection, 128bit is slightly more secure however it just requires double the amount of packets to be collected for a succesful attack.

An attacker needs a little bit of experience, an atheros or prism based WLAN card (netgear do several in the £20 - 50 region) and a copy of backtrack. Once they know what there doing with it, providing they have a good signal to your wireless network they can crack your wep key in as little as 5 minutes. It has been proven time and time again that wep is useless and requires only a little bit of research and patience to crack.

 

[tlarkin]

I disagree strongly, if you think that WEP has any kind of security whatsoever your kidding yourself completely, WEP is redundant, and you do not peform a brute force attack against WEP, once enough packets are collected that contact the initialisation vectors (usually from arp requests) a statistatical attack is made on the packet file.

For starters you password you use makes no difference whatsoever because it is always in hexadecimal format and of fixed length, either 64bit (technically 40bit) or 128bit. The key that you use makes absoutely zero difference in strengthing the protection, 128bit is slightly more secure however it just requires double the amount of packets to be collected for a succesful attack.

An attacker needs a little bit of experience, an atheros or prism based WLAN card (netgear do several in the £20 - 50 region) and a copy of backtrack. Once they know what there doing with it, providing they have a good signal to your wireless network they can crack your wep key in as little as 5 minutes. It has been proven time and time again that wep is useless and requires only a little bit of research and patience to crack.

*sigh*

Your average user can't remember a password, can't install a stick of RAM, doesn't know the difference between bit and byte, how do you expect them to use a distro of Linux, and use it effectively?

WEP is fine for home security because no one is going to take the time to learn everything to crack your WEP and gain access to a home network with limited bandwidth and no valuable data.

It is also not quite as easy as you say, you are giving me text book answers, have you ever cracked a WEP key before? Packet injection can take up to 1 million packets to be successful.

 

[Homenet]

*sigh* yourself, do you know how easy linux distros can be nowadays? backtrack is a live cd, you burn the iso and boot and off you go, im not saying a complete idiot can do it, but someone with a bit of experience and know how can achieve it easily, there are step by step guides all over the internet for such a thing.

Yes, ive cracked several WEP keys, ive tested it out on 2 wireless routers of my own, and several friends and neighbours, also a works wireless LAN who thought (just like you) that WEP was secure. you do NOT require a million packets, you can use aircrack-ptw that requires on average 20,000 for 64bit and 40,000 for 128bit. these are NOT text book answers im given you, these are proven concepts that I myself have used and tried to prove too many people that WEP is useless. I have to say you are very misinformed about the subject.

 

[tlarkin]

*sigh* yourself, do you know how easy linux distros can be nowadays? backtrack is a live cd, you burn the iso and boot and off you go, im not saying a complete idiot can do it, but someone with a bit of experience and know how can achieve it easily, there are step by step guides all over the internet for such a thing.

Yes, ive cracked several WEP keys, ive tested it out on 2 wireless routers of my own, and several friends and neighbours, also a works wireless LAN who thought (just like you) that WEP was secure. you do NOT require a million packets, you can use aircrack-ptw that requires on average 20,000 for 64bit and 40,000 for 128bit. these are NOT text book answers im given you, these are proven concepts that I myself have used and tried to prove too many people that WEP is useless. I have to say you are very misinformed about the subject.

I know what backrack is, I used it back when it was auditor, thanks though.

OK, OK, you are right, I only have about 500 cicso APs at work here running a rotating WEP key with cloaking, and you can crack it very easily with backtrack, just takes a few clicks.

I said it can take up to a million packets to gain access. Nothing is fool proof and WEP will be gone in a few years from now after legacy support is no longer needed. However, I will say this again, for your average home user it is fine if you need it. You aren't listening to a word I am saying, you are just wanting to argue how much you know how busted WEP is. WEP is only needed for legacy devices, so like I said earlier, if you need to run it (like for your nintendo DS, which only supports WEP) you will be fine at home.

I bet most people on this forum couldn't download backtrack and crack WEP with out learning how Linux works at a basic level, which takes more than a few hours let alone a few weeks.

 

[Homenet]

Heh, right ok whatever, I havent been listening to what you've been saying, but i've been reading it instead Anyway you keep using WEP and giving yourself a false sense of security, good luck.

 

[tlarkin]

Heh, right ok whatever, I havent been listening to what you've been saying, but i've been reading it instead Anyway you keep using WEP and giving yourself a false sense of security, good luck.

man you must have poor reading comprehension. I never said I chose to use WEP, I said legacy devices (aka technologies that do not support WPA) are the only thing keeping WEP alive, and there are plenty of security measures to make all your zero config hacking tools not as effective.

I never once said:

-It was better than WPA
-It was fool proof
-or it was preferred over WPA

I have to run WEP at work because a small percentage of old technology does not support WPA. Trust me, this summer when we get rid of the last of legacy stuff I will switch over everything to WPA.

My original point is, no one is going to take the time to randomly hack a private WEP network its not worth the time. Your average user will not even know things like backtrack exist, nor even know what hardware supports packet injection.

Go check out airtightnetworks.com they have a lot to say about WEP and have done a lot to make it harder to crack. Its still not as secure as WPA, but like I said in my original point to the original poster for what they are doing WEP will probably be fine, because just as a deterrent people won't fuss with it or his word document called, "A letter to grand ma." I also clearly said, if you have no need for WEP support then just use WPA because it takes the same time and effort to set up as WEP, so why not use the more secure.

 

[Homenet]

I dont have poor reading comprehension, to be honest your knowledge is clearly lacking on the subject if you think that obtaining a WEP key is done via a brute force attack, yet you seem to think that average home users are secure using a redudant technology you obviously know very little about

Ask yourself this, do you know everybody who lives down your street and is within range of your AP? the answer is no, and nor do 99% of other home users. so how the hell do you know there isnt some kid 2 doors down who knows what hes doing? were not talking about "a letter to grandma" being at stake here, its your confidential details that you take for granted and send through the internet everybody, your paypal passwords, your online banking details etc etc, all these can be stolen via methods ive already described, so why the hell would you even risk it? Yeh ok.. if you've got absolutely no other means of security than WEP because you've got an old card that doesnt support WPA then yes, use WEP, but at least implement some kind of Mac filtering and SSID cloaking, but also remember that your living on a very redudant technology and by no means should consider your network secure.

 

[tlarkin]

I dont have poor reading comprehension, to be honest your knowledge is clearly lacking on the subject if you think that obtaining a WEP key is done via a brute force attack, yet you seem to think that average home users are secure using a redudant technology you obviously know very little about

This will be my last post on this subject, and just to let you know I admit I do not know everything there is to know about everything, no one does. However, I have been in the IT field for 9 years now, have administered Novell, Windows, Linux, OS X and Unix servers, have supported up to 10,000 clients at one time, and right now, I support over 5500+ laptops in a huge wireless network. We are most likely going to go Radius or WPA once we get rid of the legacy devices that are holding us back. I hold certs with Microsoft, Apple, Prometric, HP/Compaq, Gateway, and a few others I forget I even have. This is my background and qualifications for what I know, what are yours?

Ask yourself this, do you know everybody who lives down your street and is within range of your AP? the answer is no, and nor do 99% of other home users. so how the hell do you know there isnt some kid 2 doors down who knows what hes doing? were not talking about "a letter to grandma" being at stake here, its your confidential details that you take for granted and send through the internet everybody, your paypal passwords, your online banking details etc etc, all these can be stolen via methods ive already described, so why the hell would you even risk it? Yeh ok.. if you've got absolutely no other means of security than WEP because you've got an old card that doesnt support WPA then yes, use WEP, but at least implement some kind of Mac filtering and SSID cloaking, but also remember that your living on a very redudant technology and by no means should consider your network secure.

Supporting 25,000 users right now I know that your average user can't remember a password. At some points in my work not a day goes by I don't have to get into the directory and reset a password for a user who can't remember it. You are forgetting YOU are not the average user or even close to it. You assume everyone is going to know about backtrack and going to hack your network. I make the same assumptions sometime, and have to remind myself I am not anywhere near the average user.

I already mentioned cloaking, scroll back up. We also use rotating wep keys, and don't even bother with mac filtering - mainly because it is kind of pointless if wep is broken anyway and no one wants to manage 10 to 12 thousand MAC addresses on our network.

Also, we run a Unix back bone and have a 90% Macintosh population on our network, which by design is way more secure than windows. We also secure everything at the router level, which again is more secure, we also use private IPs which again is more secure. Trust me, I know that network security is not one definitive thing or another, it is layered. We get pegged from China all the time, because over in China they censor the internet, and people try to hack into us all the time to get past their web filters, so we switched over to a software based web filter, which is better.


Now that we have switched primarily to a mac network and all hardware supports WPA2 or greater we will be switching to either RADIUS and require authentication to even gain access to the network, or WPA. Since I work for the government and I am not the IT director I don't make the calls, all I get to do is put my 2 cents in.

 

[Homenet]

This will be my last post on this subject, and just to let you know I admit I do not know everything there is to know about everything, no one does. However, I have been in the IT field for 9 years now, have administered Novell, Windows, Linux, OS X and Unix servers, have supported up to 10,000 clients at one time, and right now, I support over 5500+ laptops in a huge wireless network. We are most likely going to go Radius or WPA once we get rid of the legacy devices that are holding us back. I hold certs with Microsoft, Apple, Prometric, HP/Compaq, Gateway, and a few others I forget I even have. This is my background and qualifications for what I know, what are yours?

Ok fair enough, you obviously have a lot of experience in IT and that I admire. Im guessing im a fair bit younger, Ive studied internet technology for several years, am Cisco certified and work as an IT analyst. However I like to think ive gained quite a lot of practical experience in various fields from personal research.

Supporting 25,000 users right now I know that your average user can't remember a password. At some points in my work not a day goes by I don't have to get into the directory and reset a password for a user who can't remember it. You are forgetting YOU are not the average user or even close to it. You assume everyone is going to know about backtrack and going to hack your network. I make the same assumptions sometime, and have to remind myself I am not anywhere near the average user.

Fair point, however what I was saying before was that people dont know who is living in their street, they dont know who is in the range of their AP, and this is the problem. If you assume everyone living down your street is a technical newbie then yes, WEP is probably safe for you, but you should never assume this because you just dont know! in my opinion even an intermediate IT user with a little bit of knowledge on linux could theoretically crack a WEP key in a short amount of time.

I already mentioned cloaking, scroll back up. We also use rotating wep keys, and don't even bother with mac filtering - mainly because it is kind of pointless if wep is broken anyway and no one wants to manage 10 to 12 thousand MAC addresses on our network.

Yes, dont worry I did read it before however I thought we were talking about home users, in which case i would advise MAC filtering if WEP is their only option, obviously its very impractical for a large scale network such as yours. As a note your description of your network looks very secure and even an experienced hacker would have trouble gaining acces. Home users on the other end are unlikely to be using Cisco AP's. Most home broadband routers have very few wireless security features except for MAC filtering and cloaking, im not aware of any that are able to rotate WEP keys dynamically.

Also, we run a Unix back bone and have a 90% Macintosh population on our network, which by design is way more secure than windows. We also secure everything at the router level, which again is more secure, we also use private IPs which again is more secure. Trust me, I know that network security is not one definitive thing or another, it is layered. We get pegged from China all the time, because over in China they censor the internet, and people try to hack into us all the time to get past their web filters, so we switched over to a software based web filter, which is better.


Now that we have switched primarily to a mac network and all hardware supports WPA2 or greater we will be switching to either RADIUS and require authentication to even gain access to the network, or WPA. Since I work for the government and I am not the IT director I don't make the calls, all I get to do is put my 2 cents in.

I dont want to get into a heated argument and its clear that your experienced in networking, however in this instance I have seen first hand how insecure WEP is and was quite shocked at how quickly and easily it can be broken, and because of this I would always recomend that even home users avoid it unless absolutely neccesary. Personally when it comes to wirless security I just think it is better for people to be safe than sorry, and that it seems silly to risk your privacy like you would be doing using WEP.

Good day to you sir

 

[tlarkin]

We agree don't worry about it, I just wanted to point out most likely if you are running WEP on a private home network no one is going to mess with it, especially when there are already tons of non secure WiFi in your neighborhood to connect to. I agree that WPA is just as easy and more secure, so why not use it? Well, because some people want to use their DS, which only supports WEP (unless they updated it?) or you are using some older technology that doesn't support it. We still have a few windows 2000 machines running around which do not support WPA (at least I don't think so could be wrong) and windows XP itself didn't support WPA until SP2.

Hell I had a windows box running DMZ for 2 months just to see if it would catch a virus or get hacked, no one even touched it.

I don't deal with switches and routers directly, we have a cisco guy that does all of that, and manages all the VLANs, but I have worked with it enough to know basics. I also know that cisco switches are really easy to set up these days and think i could most likely handle it. However, my duties right now is supporting users, maintaining our 20 xserves and the open directory and the LDAP, creating new images, deploying software, creating network policies, writing shell scripts to automate everything, and I do everything over ssh to my mac clients so its secure and encrypted, managing network accounts, and when @%$# hits the fan I am the go to guy for all Mac/Unix issues. In the last month I have probably written over 20 scripts and pushed out 10 packages to end uers over wifi, over ssh with out them even knowing it.