+ Post New Thread
Page 2 of 5 FirstFirst 12345 LastLast
Results 16 to 30 of 61
Wireless Networks Thread, WEP Hacked in Technical; As mentioned it's really time to get rid, but... Depending on your APs you could set up WPA2-xx on one ...
  1. #16


    Join Date
    Oct 2006
    Posts
    3,414
    Thank Post
    184
    Thanked 356 Times in 285 Posts
    Rep Power
    149
    As mentioned it's really time to get rid, but...

    Depending on your APs you could set up WPA2-xx on one radio/ssid, and WEP with an allowed MAC address list on the other. Never been in that situation so it may not be possible on your APs, it may not be possible on any APs...

  2. Thanks to j17sparky from:

    WEPHack (24th September 2013)

  3. #17

    Join Date
    Nov 2011
    Location
    Cambridgeshire
    Posts
    524
    Thank Post
    141
    Thanked 75 Times in 67 Posts
    Rep Power
    19
    In a scrape when I had a laptop I needed to keep going for a month until a planned refresh, I bought one of these micro USB wifi adapters

    It definitely supported WPA and was a lot easier than replacing the wifi card. It was actually the fastest wifi connection in the school at the time Might not be quite so good on student machines though...

  4. Thanks to jmak from:

    WEPHack (24th September 2013)

  5. #18

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,204
    Thank Post
    655
    Thanked 2,247 Times in 1,031 Posts
    Blog Entries
    23
    Rep Power
    664
    Moving to Wireless Networking forum.

  6. #19

    Join Date
    Sep 2013
    Posts
    25
    Thank Post
    35
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I've tested 4 laptops, from our oldest to newest, with WPA2-AES 504 bit key (most of our APs are Netgear WG302's, so I've tested with one of these using the latest 4.2.17 firmware). Ironically our newest Lenovo laptops just refuse to connect with this config. I will double check, but I'm fairly sure they have the latest (Intel) drivers (Centrino Wireless-N 2230). These are all Win 7.

  7. #20

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,265
    Thank Post
    242
    Thanked 1,575 Times in 1,254 Posts
    Rep Power
    341
    Quote Originally Posted by Arthur View Post
    A WiFi card like the Intel Pro/Wireless 2200BG doesn't support WPA2 or AES even with XP SP3. Hopefully @WEPHack hasn't got any of those.
    You can according to this link and I'm pretty sure I've come across these before and they worked fine with WPA2, but only at wireless B at a whopping 11Mbps

  8. Thanks to Michael from:

    WEPHack (24th September 2013)

  9. #21

    Join Date
    Sep 2013
    Posts
    25
    Thank Post
    35
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    As an aside, it transpires that WEP wasn't hacked. A student went onto a teacher's laptop, looked at the wireless settings (click "show characters") and wrote down the WEP key. We've told teachers time and time again to not leave their laptops unsupervised.

  10. #22

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,265
    Thank Post
    242
    Thanked 1,575 Times in 1,254 Posts
    Rep Power
    341
    Quote Originally Posted by WEPHack View Post
    I've tested 4 laptops, from our oldest to newest, with WPA2-AES 504 bit key (most of our APs are Netgear WG302's, so I've tested with one of these using the latest 4.2.17 firmware). Ironically our newest Lenovo laptops just refuse to connect with this config. I will double check, but I'm fairly sure they have the latest (Intel) drivers (Centrino Wireless-N 2230). These are all Win 7.
    Realistically WPA2 AES doesn't need to be 504 bit. Even using the minimum 8 characters is perfectly OK - just avoid dictionary words and you'll be fine. WPA2 AES is breakable, but for the time it takes someone attempting to have a go, they'll soon give up

  11. Thanks to Michael from:

    WEPHack (24th September 2013)

  12. #23

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,265
    Thank Post
    242
    Thanked 1,575 Times in 1,254 Posts
    Rep Power
    341
    Quote Originally Posted by WEPHack View Post
    As an aside, it transpires that WEP wasn't hacked. A student went onto a teacher's laptop, looked at the wireless settings (click "show characters") and wrote down the WEP key. We've told teachers time and time again to not leave their laptops unsupervised.
    As for this problem, you should either block Control Panel completely for teachers or customise the Control Panel. Both are possible via GPO.

  13. Thanks to Michael from:

    WEPHack (24th September 2013)

  14. #24

    Join Date
    Sep 2013
    Location
    UK and Europe
    Posts
    115
    Thank Post
    0
    Thanked 56 Times in 46 Posts
    Rep Power
    12
    WEP.... wow

    People up to no good love piggybacking into WEP networks. You should take this extremely seriously.

    You should only use WPA2/AES.

    WEP was regarded as broken by 1999. The WiFi alliance implemented WPA while the IEEE 802.11i standard was developed. WPA uses the same RC4 hashing technique as WEP, however TKIP generates a temporary encryption key to encode data, and the keys are produced during the 4-way handshake immediately after association. WPA could be implemented with a firmware upgrade and was designed to last about 4 years until 802.11i, which was implemented by the WiFi alliance as WPA2.

    WPA2 introduces the concept of the Robust Secure Network (RSN). It uses the same 4 way handshake to generate a temporary key, however it uses AES in place of RC4 and CCMP in place of TKIP. Advanced processing required new hardware in access points.

    Enterprise encryption us a bit of a misnomer. It generally uses Radius to authenticate the user or device. Once the authentication is complete there is still a 4-wayhandshake.

    A network is classed as a true RSN if it's WPA2 only, if it's WPA/WPA it's called a transitional network. The aim should ALWAYS be to get yourself to a true RSN.

    Any security is going to be vulnerable if you use a weak key. An attacker can capture the 4-way handshake and run an analysis against a set common passwords. If yours is on it then the key will be found.

    If you use enterprise security it can come at a cost of roaming times in delay sensitive applications like VoIP, which is why some admin's mistakenly use WEP on VoIP systems (I have seen it). 802.11k and 802.11r allow for fast BSS transitions, and Cisco/Apple are one of the first to get this working well. If you have Enterprise and need fast roaming look into that.

    However, it's not the only answer. Some vendors implement Dynamic Pre-Shared Key - enterprise level of security without the admin headache. Each user gets their own key. It works great.

    However here is my advice it you are responsible for running this network.

    1) educate yourself on the fundamentals of WiFi. Why is it so many people are responsible for WLAN deployment and admin who have zero training and even worse, make no attempt at getting any training. It baffles me.

    2) Put some serious planning into what your network is supposed to be doing now, in three years and in 5 years.

    3) Take immediate steps to remove WEP, even if it means old laptops can't connect (which I doubt - are they older than XP ?)

    4) Examine all options to provide good security. Remember, security is also about protecting your users. If you are in education there will be huge implications if security is breached (data protection, student records, etc). Hackers are predators, they will pick off the weak ones first.

    5) If in doubt, talk to a professional WiFi person. In fact, this should be rule 1. Talk to a professional WiFi person.

    NM

  15. 2 Thanks to neilmac:

    WEPHack (24th September 2013), zag (24th September 2013)

  16. #25

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,530
    Thank Post
    1,622
    Thanked 500 Times in 307 Posts
    Rep Power
    220
    WEP and WPS are as @m25man stated very very easy to hack, add an ARP spoof and your whole network is compromised, even https.

  17. Thanks to CHR1S from:

    WEPHack (24th September 2013)

  18. #26

    Join Date
    Sep 2013
    Posts
    25
    Thank Post
    35
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by Michael View Post
    Realistically WPA2 AES doesn't need to be 504 bit. Even using the minimum 8 characters is perfectly OK - just avoid dictionary words and you'll be fine. WPA2 AES is breakable, but for the time it takes someone attempting to have a go, they'll soon give up
    Does having a 504 bit key increase the amount of time it takes to hack? Does the length of the key have any other effect? e.g. connection speed.

    I've used a random generator to create the 504 bit key, so definitely not dictionary.
    Quote Originally Posted by Michael View Post
    As for this problem, you should either block Control Panel completely for teachers or customise the Control Panel. Both are possible via GPO.
    Control panel is blocked other than display, yet you can still get to it through the notification area. Is some specific block required?

  19. #27

    Join Date
    Sep 2013
    Location
    UK and Europe
    Posts
    115
    Thank Post
    0
    Thanked 56 Times in 46 Posts
    Rep Power
    12
    What type of access points do you have ?

    WPA is not easy to crack unless you have a weak password. Don't worry about the 504 bit, it won't really add anything, plus some clients won't be compatible.

    Concentrate on the bigger picture. Describe your network before making changes.

    NM

  20. 2 Thanks to neilmac:

    WEPHack (24th September 2013)

  21. #28

    Join Date
    Sep 2013
    Posts
    25
    Thank Post
    35
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by neilmac View Post
    3) Take immediate steps to remove WEP, even if it means old laptops can't connect (which I doubt - are they older than XP ?)
    As per the above though I've got some new Lenovo laptops with Intel chipsets that won't connect to our Netgear WG302 AP's configured with WPA2 AES. We have a very mixed fleet of laptops so my nightmare scenario is changing the key and it not working on some models - the teachers have to have a working Internet connection, even a day or two of no connection is a huge problem for them.

    Going forward we will look next FY at replacing the wireless solution with something managed, if budget allows. (Budget being another problem...)

  22. #29

    Join Date
    Sep 2013
    Posts
    25
    Thank Post
    35
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by neilmac View Post
    What type of access points do you have ?
    Mostly Netgear WG302. Some Netgear WNDAP350. All individually setup.

    I'd prefer a managed solution, but as per the above it won't be happening until at least the next FY. Clearly we'd then need to look at the network infrastructure as a whole, to make sure it will all work together.

  23. #30

    Join Date
    Sep 2013
    Location
    UK and Europe
    Posts
    115
    Thank Post
    0
    Thanked 56 Times in 46 Posts
    Rep Power
    12
    It's funny, in education there are always funds for silly projects but never something as key as WiFi. There are good solutions out there, but the WG302 isn't one of them.

    If your infrastructure allows, just create a new SSID mapped to the same VLAN and migrate users from old to new. Otherwise, bite the bullet and get some help, spend a weekend doing it when the school is closed.

    How many devices are we talking about ?

    NM
    Last edited by neilmac; 24th September 2013 at 12:04 PM.

  24. Thanks to neilmac from:

    WEPHack (24th September 2013)

SHARE:
+ Post New Thread
Page 2 of 5 FirstFirst 12345 LastLast

Similar Threads

  1. Website hacked...
    By _Bat_ in forum Web Development
    Replies: 8
    Last Post: 27th July 2007, 09:17 AM
  2. Are we being hacked?
    By Paul_L in forum General Chat
    Replies: 2
    Last Post: 13th September 2006, 08:31 AM
  3. Replies: 34
    Last Post: 9th May 2006, 12:56 PM
  4. Text WEP key for hex input
    By NetworkGeezer in forum Wireless Networks
    Replies: 2
    Last Post: 16th March 2006, 07:16 PM
  5. Video demonstrating hacking WEP in 10mins
    By Geoff in forum Wireless Networks
    Replies: 11
    Last Post: 3rd February 2006, 06:40 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •