for research purpouses of course, i cracked a 40 bit key over the suimmer, and it was really easy. i just captured packets for about 30 minutes, and then ran a newshams crack or something against it to extract the key, but have no experience with 120 bit.
soon, though, i might have a spare wireless network to play with around the house here, and might see if i can crack it at the higher level ~ian On Tue, 24 Aug 2004 16:09:11 -0400, Aaron S. Joyner <[EMAIL PROTECTED]> wrote: > Jim Thompson wrote: > > >Hi all, > > > >I've seen several posts to the effect of "never use WEP because it's > >incredibly easy to break". To test this, I've been using Airsnort to > >monitor my own 128-WEP network at home. I've been capturing packets > >for awhile now and have only one "interesting" packet. This link: > > > >http://www.knoppix-std.org/forum/viewtopic.php?t=1714 > > > >seems to say similar things: guy captures millions of packets and gets > >only one "interesting" one. Has anyone actually *used* Airsnort or > >some other sniffing tool to successfully crack a 128bit WEP-enabled > >wireless link before (and not just "I've heard it's really easy to > >kr4ck LOL")? How long is a practical window on a home connection > >before enough "interesting" packets get collected (even assuming that > >the network is relatively busy instead of idle most of the time)? Is > >the risk of a neighbor cracking your WEP really practical? Certainly, > >if it takes days or weeks to get enough packets, that sort of rules > >out the casual wardriver, right? > > > > > First off, Kudos to you for not taking the parrot's word for it, and > testing the methods yourself. This is the right way to look at the > world, in my humble (yet accurate) opinion. Having done the same thing > myself in the past, I can say that your initial assertions are correct - > on your average residential network, with passive methods, it can take a > long time to crack a WEP key. On the other hand, on a very busy > network, or if you consider the possibility of injection, things change > very quickly. > > I have tinkered with this method under KisMac, for OS X, and it requires > two wireless NICs in the same box. I haven't tried it under Linux with > AirSnort, but I'd be really surprised if AirSnort didn't support > something along the same lines in terms of functionality. Here's an > excerpt from the KisMac docs that describes how it works: > > > Packet reinjection is a very advanced WEP cracking technique. Be aware > > that this is the bleeding edge of technology, so it might not be > > working right away. When you use this attack, KisMAC will try to find > > packets, that cause another computer to respond. The program will now > > send these packets over and over again. If KisMAC detects answers, it > > will go into injection mode. Now the network will generate huge > > amounts of traffic, and more weak frames will be generated. Wireless > > networks with WEP can be broken within an hour. > > Please be aware that all detections are of a heurisitic nature, > > therefore it might not always be working. > > > > *Note: Packet re-injection requires a PrismII as well as a Apple > > Airport card. Make sure that the PrismII card uses the latest > > firmware. Please select the Viha Driver in the preferences, the > > MACJack driver will be loaded automatically. Also make sure that you > > do not use channel hopping.* > > > I have successfully broken a network or two with this method, but it was > probably a year ago when I was trying it. Since then I've upgraded OS X > to 10.3.x, and my second wireless NIC is not supported (yet). So I lack > the ability to play with this currently. > > >My current project is > >to put a *BSD box in between the wireless router and the internet/LAN > >access, but that's kind of an end-run around getting Linux wireless to > >be more secure. > > > > > End-run or not, you should often do what works best. Linux is a > powerful tool, but don't neglect to use the right tool for the right job. > > Aaron J. > > > -- > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug > TriLUG Organizational FAQ : http://trilug.org/faq/ > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ > TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc > -- Uh-huh, I know I ain't hearin' that see. You tellin' or you askin'? Cuz nobody tells Boxy Brown. - Boxy Brown -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
