Reply to comment
The weakness of WEP
In the past, on my home network, I had been using WEP, or Wired Equivalent Privacy for encryption of wireless traffic. When I read about the security flaws in WEP, I immediately switched to WPA encryption. But today, I decided to set it back to WEP and see just how flawed it is...
I downloaded an OS X app called KisMAC (derived from the Linux tool Kismet, used for the same purpose.) What it does is it takes your wireless card, and puts it in listening-only mode, recording every packet that goes by in the airwaves, without sending anything at all.
So I installed KisMac on my iBook, and put it into listening mode. Within ten minutes, it picked up about 29393 packets, or about 23MB of data – not enough to deterimine a 128-bit WEP key. So I did a few things to generate some additional traffic. First, I sent an authentication flood. This simulates a lot of computers trying to access the router, by randomly generating MAC addresses, in an attempt to get the router to respond with some packets. Another method is to reinject packets. This resends packets that were already sent by another machine to get the router to respond even more. Within another ten minutes, I had 130123 packets, or about 107MB of data.
Now, I could continue at this rate, injecting packets and spoofing clients, and within an hour, I could easily have enough to rebuild the WEP key. But I decided to speed up the process a bit. I went over to my PC, and sent a 700MB video over to my file server via wireless. Within minutes, I had more than enough packets captured. About 457434 of them had unique IVs (initialization vectors), and I was ready to extract the key.
I executed a weak scheduling attack against the data I had captured, and in seconds, to my surprise, I had the WEP key!
Seeing the very key that I thought was keeping me safe in my dialog box was quite a surprise.
A neighbor, or even someone sitting in a car a few hundred from my house running a similar program could, in less than an hour, discover what my WEP key was. Pretty scary.
Printer-friendly version
