+ Post New Thread
Page 1 of 5 12345 LastLast
Results 1 to 15 of 61
Wireless Networks Thread, WEP Hacked in Technical; Some students have managed to access our network by hacking the WEP key - WEP is used because we have ...
  1. #1

    Join Date
    Sep 2013
    Posts
    25
    Thank Post
    35
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Question WEP Hacked

    Some students have managed to access our network by hacking the WEP key - WEP is used because we have some old laptops that can't cope with WPA.

    The domain itself is secured, along with the resources on it. The gateway should be secured with NTLM auth, so they can't get to the Internet.

    Clearly there could be effects on the wireless network in terms of load, devices connecting to WAPs.

    Can anyone see any other consequences of this, and have any other suggestions for what to do?

    (The plan is to change the WEP key, FWIW, and see if WPA is viable in any way at all)

  2. #2

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    6,068
    Thank Post
    592
    Thanked 1,039 Times in 797 Posts
    Blog Entries
    15
    Rep Power
    469
    If you have laptops old enough to not support at least WPA then they also won't be able to run Windows 7 when you should be getting them shifted off by April. I think that should be part of the case for getting sorted, despite the summer just gone being the best time to have done that. You could replace the wireless cards if you really must get by, you should be able to source them cheap enough as they'll be old enough. There is no way anyone should be using WEP - if I can hack it in 2 minutes flat with out of the box tools (and I'm no hacker) then someone with intent could do so in seconds. You might as well have an open network.

  3. Thanks to synaesthesia from:

    WEPHack (23rd September 2013)

  4. #3

    Join Date
    Sep 2013
    Posts
    25
    Thank Post
    35
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    One additional question. If we switch to WPA, should it be any particular flavour, or is any form of WPA sufficiently secure?

  5. #4

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    6,068
    Thank Post
    592
    Thanked 1,039 Times in 797 Posts
    Blog Entries
    15
    Rep Power
    469
    WPA2 Personal or Enterprise, depending on what your wireless system and hardware is capable. Most will have a "mixed" mode.

  6. Thanks to synaesthesia from:

    WEPHack (23rd September 2013)

  7. #5

    Join Date
    Sep 2013
    Posts
    25
    Thank Post
    35
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Does it matter whether TKIP or AES, or any particular bit length for the key?

  8. #6


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,065
    Thank Post
    232
    Thanked 2,717 Times in 2,005 Posts
    Rep Power
    795
    Quote Originally Posted by WEPHack View Post
    Does it matter whether TKIP or AES
    Definitely AES, because TKIP is insecure.

  9. Thanks to Arthur from:

    WEPHack (23rd September 2013)

  10. #7


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,065
    Thank Post
    232
    Thanked 2,717 Times in 2,005 Posts
    Rep Power
    795
    Quote Originally Posted by WEPHack View Post
    WEP is used because we have some old laptops that can't cope with WPA.
    Could you fit new wireless cards that support WPA2?

  11. Thanks to Arthur from:

    WEPHack (23rd September 2013)

  12. #8

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,634
    Thank Post
    49
    Thanked 463 Times in 338 Posts
    Rep Power
    140
    AES is essential to get above 54Mbps if your APs support it.

    Depending on your topology one thing to be careful of is DHCP exhaustion. If the kids can all attach devices to your lan they can dry up your DHCP pool in no time regardless of anything else they might do.

  13. Thanks to m25man from:

    WEPHack (23rd September 2013)

  14. #9

    Join Date
    Sep 2013
    Posts
    25
    Thank Post
    35
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by Arthur View Post
    Could you fit new wireless cards that support WPA2?
    It's a possibility. I need to check how many laptops are affected, although oddly they are running Win 7.

    Is TKIP actually hackable? Just to make sure I'm going for the right flavour of WPA.

  15. #10


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,065
    Thank Post
    232
    Thanked 2,717 Times in 2,005 Posts
    Rep Power
    795
    Quote Originally Posted by WEPHack View Post
    Is TKIP actually hackable?
    Unfortunately yes, and as m25man mentioned above you need to use AES to get > 54Mbps wireless speeds.

  16. Thanks to Arthur from:

    WEPHack (23rd September 2013)

  17. #11

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,634
    Thank Post
    49
    Thanked 463 Times in 338 Posts
    Rep Power
    140
    A flaw in a feature added to Wi-Fi, called Wi-Fi Protected Setup, allows WPA and WPA2 security to be bypassed and effectively broken in many situations.[2] WPA and WPA2 security implemented without using the Wi-Fi Protected Setup feature are unaffected by the security vulnerability.

    That doesn't mean it cant be hacked with the right tools and time anything can be hacked.

    Your problem is reliance on a passphrase or memorable key as the only means of securing your Wifi isn't enough. Any kid with limited knowledge can lift the key from your OS given physical access to a machine.
    Radius (802.11x) is your only real option for securing the LAN, WEP, WPA, WPA2 is there to prevent casual eavesdropping or deciphering of you data as it travels through the air not to be the primary means of securing your network.

  18. Thanks to m25man from:

    WEPHack (23rd September 2013)

  19. #12

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,572 Times in 1,252 Posts
    Rep Power
    340
    I agree with all the above - WPA2-PSK AES is the way to go, but I'm curious to know what wireless adapters are installed in these devices?

    Even the oldest notebook I've ever used supported WPA2-PSK AES once Windows XP SP3 was installed. The fact they're running Win 7 is strange I must admit as Win 7 supports the strongest encryption out the box.

  20. Thanks to Michael from:

    WEPHack (23rd September 2013)

  21. #13

    Join Date
    Sep 2013
    Posts
    25
    Thank Post
    35
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    My fault probably. I accepted from a previous manager of the system that it was on WEP because of an issue with these older laptops. I'll do some testing.

  22. #14

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,572 Times in 1,252 Posts
    Rep Power
    340
    Quote Originally Posted by WEPHack View Post
    My fault probably. I accepted from a previous manager of the system that it was on WEP because of an issue with these older laptops. I'll do some testing.
    Let us all know how you get on - encryption technologies in notebooks/phones have always been a software limitation rather than a physical limitation. Physically it's the speed/frequency you're connecting at wirelessly which determines whether you need to upgrade from wireless G to wireless N for example.

    Looking at the wireless adapter in my Win 7 notebook, I can't even select WEP as an option but I can still select 'Open' (unsecure) weirdly.

  23. #15


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,065
    Thank Post
    232
    Thanked 2,717 Times in 2,005 Posts
    Rep Power
    795
    Quote Originally Posted by Michael View Post
    Even the oldest notebook I've ever used supported WPA2-PSK AES once Windows XP SP3 was installed.
    A WiFi card like the Intel Pro/Wireless 2200BG doesn't support WPA2 or AES even with XP SP3. Hopefully @WEPHack hasn't got any of those.

  24. Thanks to Arthur from:

    WEPHack (24th September 2013)

SHARE:
+ Post New Thread
Page 1 of 5 12345 LastLast

Similar Threads

  1. Website hacked...
    By _Bat_ in forum Web Development
    Replies: 8
    Last Post: 27th July 2007, 09:17 AM
  2. Are we being hacked?
    By Paul_L in forum General Chat
    Replies: 2
    Last Post: 13th September 2006, 08:31 AM
  3. Replies: 34
    Last Post: 9th May 2006, 12:56 PM
  4. Text WEP key for hex input
    By NetworkGeezer in forum Wireless Networks
    Replies: 2
    Last Post: 16th March 2006, 07:16 PM
  5. Video demonstrating hacking WEP in 10mins
    By Geoff in forum Wireless Networks
    Replies: 11
    Last Post: 3rd February 2006, 06:40 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •