WEP Cracking

debrat

Hello,

I wanted to do a setup where I creat a WEP network having one or 2 users and I use my wireless laptop to sniff and crack the WEP. I just had a few questions. I downloaded the backtrack cd from remote-exploit. Are there any tutorials I can get to be able to do this? My idea is to be able to show that WEP is weak and WPA and 802.1x is a much better solution. Could you please give me a push in the right direction for this. Also if I have such a small setup, how can I have more date being sent to simulate a larger network with more data being passed so the WEP cracking can be faster?

Cheers,
Debrat

mgeorge

I don’t believe Techexams.net would support the discussion of WEP Cracking, considering it is in violation of several US Laws, and can be considered a Class B Felony in some states.

I suggest a forum mod lock this thread for example.

sprkymrk

mgeorge27 wrote:

I don’t believe Techexams.net would support the discussion of WEP Cracking, considering it is in violation of several US Laws, and can be considered a Class B Felony in some states.

I suggest a forum mod lock this thread for example.

Can you reference the specific laws? The wording usually has to do with violating someone else's privacy as far as I can remember. Any lawyers that specialize in digital communications out there?

I wouldn't consider sniffing your own network in a lab environment for proof-of-concept an out of bounds discussion, but maybe I'm wrong.

hduk

Hi,

This is actually taught as material on the CEH course.

If you google knoppix wep crack video there is a cool tutorial on how to do it.

I think in essance it involves capturing packets with the valid wep encryption data then you play them back at the access point. (i think you need to spoof the mac of a valid host)

This then allows you to capture enough packets to use something like aircrack to recover the wep key.

People that know the mechanics well can do the whole process in about 10 minutes.

Sorry its vague but that is the jist of it.

seuss_ssues

mgeorge27 wrote:

I don’t believe Techexams.net would support the discussion of WEP Cracking, considering it is in violation of several US Laws, and can be considered a Class B Felony in some states.

I suggest a forum mod lock this thread for example.

Who fed you that crap?

Its as legal as breathing to crack your own WEP.

sprkymrk

seuss_ssues wrote:

mgeorge27 wrote:

I don’t believe Techexams.net would support the discussion of WEP Cracking, considering it is in violation of several US Laws, and can be considered a Class B Felony in some states.

I suggest a forum mod lock this thread for example.

Who fed you that crap?

Its as legal as breathing to crack your own WEP.

Kinda what I thought.

JDMurray

Actually, in most states in the US it is illegal to simply associate with a wireless network without authorization from the network's owner--regardless if encryption is used or not. Think about that the next time you are taking a "free ride" on your neighbor's wireless Internet connection.

The speed of WEP cracking depends upon several factors, including the complexity of the WEP key, the number of WEP-encrypted packets that have been collected, and the speed of the machine performing the decryption on the collected packets. A weak key with lots of packets and a very fast machine with lot of free memory is your best-case scenario.

WEP cracking is really old news and, unless you are writing a paper on wireless security for a class project, there is nothing to be gained by performing a practical demonstration of how easy it is to crack WEP. How do you intend to attempt to crack WPA and WPA2 to prove that they are stronger than WEP? Simply cracking WEP alone doesn't prove that other wireless privacy solutions are stronger.

debrat

Thank you for the Input guys. Well, what I was thinking is that as part of my discussion as I will be discussing mechanisms of wireless security starting with WEP and MAC address filtering, I thought I would just show that this can be easily broken, and then I will move on to talk about how WPA and WPA2 with the use of 802.1x port based authentication is a more robust system. Because WEP does not do anything in which the AP authenticates itself to the wireless station. And then I also want to discuss about use of Wirless IDS and Firewalls and such sort of things. So just to give some shape to my project I wanted to incorporate this thing and Its also interesting to see how sometimes networks that people think are secure, can so easily be compromised.

debrat

Also another quick question, are there only particular wireless cards that can be used to do the cracking? I have a Centrino, Intel Pro Wirless BG 2200 and was wondering if I could use that

JDMurray

The wireless card is only used to collect packets and is not used in the actual WEP passphrase discovery process. The card and its firmware only need to recognize the packets in the air and route them up to your 802.11 sniffer app.

JDMurray

debrat wrote:

... I will be discussing mechanisms of wireless security starting with WEP and MAC address filtering, I thought I would just show that this can be easily broken ...

Will you be giving an actual live demo? If so, here's a few ideas:

Start off with a demo of of how passwords, email, IM chats, etc. on a open wireless network are easily visible to a wireless sniffer.

For a WEP cracking demo, use a short, simple WEP key that any brute force cracker can easily find, such as "12345678".

For a MAC address filter vulnerability demo, show how enabling a MAC filter will prevent a wireless client from associating with an access point, but allow another wireless client to associate and authenticate. Then, using a wireless sniffer, capture packets from the other client's traffic and show how easily it is to clone MAC address into WNIC firmware, thus getting around the MAC filter. You'll need a WNIC with firmware that allows you to change its MAC address, of course.

debrat

Thanks for the tips jdmurray, yeah I will try it out in this way. I got confused about the Wireless Card coz I thought for some wireless tools they only supported some hardware. Thanks for this.

sprkymrk

Found this authoritative summary and commentary from the Shidler Journal of Law, Commerce and Technology:

http://www.lctjournal.washington.edu/Vol1/a009Ramasastry.html

It has some great information on a piece titled "Will Wi-Fi Make Your Private Network Public? Wardriving, Criminal and Civil Liability, and the Security Risks of Wireless Networks"

If the moderator would prefer to post this as a new topic instead of an add-on to this thread please feel free.

JDMurray

debrat wrote:

TI got confused about the Wireless Card coz I thought for some wireless tools they only supported some hardware. Thanks for this.

Yes, this is true. Some software tools which talk directly with the hardware drivers do not support every 802.11 chipset. Netstumbler is one that comes to mind. Most of the major chipset are supported by most software. I always buy Cisco WNICs and I don't seem to have any problems.