WEP And PPTP Password Crackers Released 244
Jacco de Leeuw writes "SecurityFocus published an article by Michael Ossmann that discusses the new generation of WEP cracking tools for 802.11 wireless networks. These are much faster as they perform passive statistical analysis. In many cases, a WEP key can be determined in minutes or even seconds. For those who have switched to PPTP for securing their wireless nets: Joshua Wright released a new version of his Cisco LEAP cracker called Asleap which can now also recover weak PPTP passwords. Both LEAP and PPTP employ MS-CHAPv2 authentication." Update: 12/22 00:14 GMT by T : Michael Ossmann wrote to point out his last name has two Ns, rather than one.
Some thoughts on Wireless and Security (Score:5, Insightful)
# setting up secure connections is too difficult for the lay person. We need standard Diffie-Helman key exchanges. I saw on the internet that it is available on some access points, but it just should be the standard of the IEEE. As far as I could find with Google it isn't yet. I can't understand why.
# Securing accesspoints should be mandatory. There are too many open access points available. There is no use for anonymous connections over a random family's access point, it only endangers them into being seen as cybercriminals.
# If people want to make it possible for neighbours and strangers to make use of their access point it should be done in the same way hotspots are now available at airports and Starbucks. Make it possible to extend the official network of the ISP to a users access point. This way if I open up my laptop and there is an access point available of Joe User, I can only hook up to it by propperly logging in to the ISP's network or use the airport/credit card system. This will require many roaming agreements etc, but it would bring security and convenience at the same time. It should be done in such a way that the person opening up his network in this way can throttle the speed of the guest users and/or the times they can access. So I would like to see a rule like "Guests can only connect when I am not connecting" or "Guests only get 1mbit/sec".
Re:Feasibility of dictionary attacks no protocol f (Score:5, Insightful)
But the good ones only allow online dictionary attacts. LEAP, PPTP, WEP, and unfortunately WPA all allow offline attacks.
Re:Easier for travelers (Score:4, Insightful)
these tools are useless against that scheme. you still need to perform old-skool cracking in order to get past nocatauth, no point and drool tools for getting past that yet, espically with the non-public modifications we made to it to make it different than what is freely available.
Re:Some thoughts on Wireless and Security (Score:2, Insightful)
ad 2: Depends on your understanding of what the net is. If you think that WLANs are insecure means of accessing a safe network, then yes, AP security should be mandatory. If you think that WLANs are just another insecure link in a dangerous network, then what difference would it make?
ad 3: There are so many ways to abuse this system, it isn't even funny.
Re:End-to-End Security (Score:4, Insightful)
Re:Feasibility of dictionary attacks no protocol f (Score:1, Insightful)
Re:Easier for travelers (Score:3, Insightful)
I wouldn't trust Wi-Fi as a fully secure medium even if the manufacturers built in more security measures. As a completely hypothetical and unrealistic example, say I had a completely closed network, with no outside net connections at all. Now, to gain access with physical connections, I've either got to get actual access to a terminal, or do a bit of cable snipping. Now, if I network with Wi-Fi, the job's a lot easier.
Compeltely hypothetical of course, but shows the difficulties of mainting secure access (as in personel able to use, rather than data) to a wi-fi network.
Re:Old news (Score:4, Insightful)
Re:MAC Control tables useless? (Score:4, Insightful)
MAC filtering is not encryption, even if you MAC filter, I can come by with any number of 'tools' and leech all your traffic without having to do any work. Perhaps the only thing MAC filtering does is keep the non-technical neighbor upstairs off your signal.
This article refers to another way to crack networks that are actually encrypted, which was generally enough of a hassle that someone would want to specifically target YOU before going through the trouble. As with all encryption though, cracking what's out there gets easier every day, time to move up to something else!
Re:Old news (Score:1, Insightful)
If somebody wants internet access, why not provide a public service to them?
And if they are spamming/breaking into NASA/trading child porn?
Re:We've known WEP was broken for a long time (Score:2, Insightful)
Security is not an absolute, it is relative. Yes WEP is broken, worse than previously thought.
WEP, however bad it is (and however many better solutions exist) still stops most people from using your bandwidth. Retail studies have shown that most staff theft is opportunistic - while most people are basically honest, if they see money lying around, most of them will pick it up. Same goes for unprotected bandwidth. Many people would not have a problem if it's completely open, but put even the semblance of a lock and they won't try to break in - that's because they have to actively be dishonest in order to steal your bandwidth/money, as opposed to ignorant.
So while it wasn't a perfect solution TM, it was actually better than nothing.
I'm not arguing that better solutions aren't available, but I am saying that WEP isn't as completely useless as you make it out to be.
What would you prefer no security or bad security? That's actually a trickier question than it sounds!
Re:Easier for travelers (Score:3, Insightful)
It's a radical assertion perhaps, but it's my belief that security attacks are merely a symptom of some other problem (not sure entirely what it is, but I could posit some of the characteristics); beefing up security is merely like treating a toothache with painkillers; the pain goes away, but the rot is still there.
So, how do you get rid of the rot? There are only two options: you have to first remove the rot from the system, then implement preventive measures so more rot doesn't develop. Strangely enough, nobody in the security industry (computer, homeland, or any other variety) seems to be looking at that aspect - they seem to be focused on creating and using better pain killers.
Interesting (Score:3, Insightful)
Re:Old news (Score:3, Insightful)
Best way to secure WiFi lans? (Score:3, Insightful)
I was thinking of using Poptop over a Netgear WiFi router. This gives me pause.
I am thinking that it may be better to simply leave the router wide open, then put only an OpenBSD system with routing disabled on the other side of the router.
I'll allow only SSH into the OpenBSD system, then set up an HTTP proxy that only accepts connections from localhost. I'll then use PUTTY port forwarding on the clients, then proxy off localhost port 80.
IPSEC looks like the only other option, and it looks a lot harder.
You're all forgetting... (Score:3, Insightful)
The point is that I don't have to be totally secure, just more secure than my neighbors. Unless I am specifically targeted by some scoflaw, there are a lot easier access points to get to in my neighborhood for general malfeasance.
You only have to outrun the other guy... (Score:4, Insightful)
The moral of this story is that your security doesn't need to be perfect, it just needs to be 'good enough', and in this case 'good enough' is probably merely 'better than the muppet next door who hasn't secured their network at all'.
I use WEP to secure my wireless LAN. Does it bother me that it's possible to crack? Not really, because there are at least 2 other networks in my apartment building (with SSIDs of 'linksys' and 'default') which don't appear to have any kind of security at all. Which means that someone casually looking for a free connection is going to use them, not me. If someone really wants to compromise my network specifically, and has the time and skill to do so, well, then I have bigger problems...
Re:OpenVPN (Score:2, Insightful)
Me and a friend setup an IPSec tunnel between our linux boxes and started playing with it. The routing setup was a nightmare, and to get server to server, server to client and client to client traffic flowing you need multiple traffic filters installed. And the latency of the connection sucked, no playing Diablo 2 over that.
OpenVPN is a breeze compared to all that, you get a tunX device on each box, and as long as you setup your routes using "ip route add (remote net) gw (remote tun) src (your servers eth IP)" even server to server traffic comes from the right netblock so your firewall rules stay sane. And best of all, we dropped from 160ms ping times to 60ms, just by switching from FreeSWAN to OpenVPN.