WEP And PPTP Password Crackers Released 244
Jacco de Leeuw writes "SecurityFocus published an article by Michael Ossmann that discusses the new generation of WEP cracking tools for 802.11 wireless networks. These are much faster as they perform passive statistical analysis. In many cases, a WEP key can be determined in minutes or even seconds. For those who have switched to PPTP for securing their wireless nets: Joshua Wright released a new version of his Cisco LEAP cracker called Asleap which can now also recover weak PPTP passwords. Both LEAP and PPTP employ MS-CHAPv2 authentication." Update: 12/22 00:14 GMT by T : Michael Ossmann wrote to point out his last name has two Ns, rather than one.
Now who can we blame for downloading GB of stuff? (Score:2, Interesting)
Can we be blamed if the tenant runs a pot-growing facility in our basement? Is it the same?
Interesting (Score:3, Insightful)
Re:Now who can we blame for downloading GB of stuf (Score:4, Interesting)
Welcome to post 911 America
Feasibility of dictionary attacks no protocol flaw (Score:3, Interesting)
Re:Feasibility of dictionary attacks no protocol f (Score:5, Insightful)
But the good ones only allow online dictionary attacts. LEAP, PPTP, WEP, and unfortunately WPA all allow offline attacks.
Best way to secure WiFi lans? (Score:3, Insightful)
I was thinking of using Poptop over a Netgear WiFi router. This gives me pause.
I am thinking that it may be better to simply leave the router wide open, then put only an OpenBSD system with routing disabled on the other side of the router.
I'll allow only SSH into the OpenBSD system, then set up an HTTP proxy that only accepts connections from localhost. I'll then use PUTTY port forwarding on the clients, then proxy off localhost port 80.
IPSEC looks like the only other option, and it looks a lot harder
Re:Best way to secure WiFi lans? (Score:2)
I hear that IPSec is torture (Score:2)
And there are no free win32 clients.
Re:I hear that IPSec is torture (Score:2)
Re:Best way to secure WiFi lans? (Score:2)
Since i started to use OpenVPN [sourceforge.net], i never looked back. All the features of an IPSec VPN, but none of the hassles.
OpenVPN (Score:5, Informative)
I tried everything, IPSec, SSH tunneling, you name it. They all suck. SSH is, let's face it, limited. IPSec is cumbersome, not exactly friendly to all operating systems, doesn't play well with NAT (unless you use UDP encapsulation), etc. It is glaringly obvious that it's a severely overdesigned protocol.
Enter OpenVPN. It uses SSL for encryption, but it's not a SSL-based pseudo-VPN, but a true VPN - it can forward any IP protocol. Think of it as having the functionality of IPSec, but using a simpler and more sensible implementation.
It's cross-platform (Linux, Windows, Solaris... you name it). It's simple to install and configure (same software can be either server or client and the config file semantics are similar). It's secure (it can use signed certificates, passwords, any authentication mechanism you like). It can compress the traffic on the fly (using LZO which is pretty damn fast and low-overhead). If you use TCP transport instead of UDP, it can tunnel through ordinary HTTP proxies. It has dummy-friendly GUI for Windows. It slices, it dices and it makes coffee... oh, well, maybe not that.
Anyway, i'm running an OpenVPN server on my home firewall, and i put OpenVPN on all my computers (my workstation at the office, my laptop, etc.). Wherever i go, i just fire up OpenVPN and "i'm home".
I run IMAP through it, so my IMAP clients (Evolution), no matter where they are, they "see" the same IMAP servers and folders. That is awesome - different systems, yet my mail looks the same. And it's also secure.
My wireless access point has no security whatsoever: no encryption, no MAC filtering, no SSID cloaking... it even gives you a DHCP address.
It rocks!
Re:OpenVPN (Score:2, Insightful)
Me and a friend setup an IPSec tunnel between our linux boxes and started playing with it. The routing setup was a nightmare, and to get server to server, server to client and client to client traffic flowing you need multiple traffic filters installed. And the latency of the connection sucked, no playing Diablo 2 over that.
OpenVPN is a breeze compared to all that, you get a tunX device on each box, and as long as you setup your routes using "ip route add (rem
Re:Feasibility of dictionary attacks no protocol f (Score:2)
Re:Feasibility of dictionary attacks no protocol f (Score:2)
Re:Feasibility of dictionary attacks no protocol f (Score:4, Informative)
Re:Feasibility of dictionary attacks no protocol f (Score:2)
Re:Feasibility of dictionary attacks no protocol f (Score:5, Interesting)
First, you will note that the attack on WEP (but not on PPTP) is not a dictionary attack and works with a computer-generated random 64- or 128-bit key. This is a protocol weakness.
Second, a good protocol does protect passwords. Either it establishes an encrypted session with the server, like SSH or SSL does, or it uses a secure password protocol like SRP. SRP in particular has the following properties:
1) The protocol is entirely public, and open-source implementations are available.
2) An eavesdropper on the wire does not get a dictionary attack on the password; without breaking the crypto behind the protocol, which nobody has been able to do yet, he gets no information. Of course, he can still do an online attack, but the server should prevent that.
3) Someone impersonating the server also does not get a dictionary attack on the password, even though the client does not need to memorize a key hash.
4) Someone who compromises the server database does get a dictionary attack on the password (this is inevitable), but they don't get the password for free. Furthermore, the password is salted, so they have some work to do.
Re:Feasibility of dictionary attacks no protocol f (Score:2)
if the protocol or system involved doesn't allow for a penalty against failed atempts, then that IS a weakness.
End-to-End Security (Score:4, Interesting)
It's far better not to rely on wireless link encryption and encrypt your application-level protocols instead. SSL for web browsing, PGP or S/MIME for e-mail, ssh for login. Far better algorithms, far better key management.
Re:End-to-End Security (Score:4, Insightful)
Re:End-to-End Security (Score:2)
For higher demands, use a proxy/firewall against which users (not machines) must authenticate in order to get out.
Re:End-to-End Security (Score:2)
It's a standard feature in almost all any device with a MAC address including WiFi & Wired.
MAC address filtering is a useful additional layer of security but I wouldn't rely on it.
Jason
Re:End-to-End Security (Score:2)
Re:End-to-End Security (Score:4, Informative)
Re:End-to-End Security (Score:5, Informative)
Re:End-to-End Security (Score:2)
I haven't got around to buying wifi equipment for my apartment yet. Living in a flat with a bunch of neighbours though, I just checked to see if there was any wifi network nearby. Tried it, found one, set ethereal to sniff packets for perhaps 5 minutes. Most of these packets contained relevant MAC addresses for me to use.
After that, ifconfig ath0 hw ether [mac-addr] and voilà
Re:End-to-End Security (Score:2)
This tool does (Score:3, Informative)
I haven't looked at it for a while, I provided a few suggestions a while back. I thought it was a good idea. For non-authorised subnets, it sends bogus ARP replies, with bogus MAC addresses.
ipsentinel [tu-chemnitz.de]
Re:End-to-End Security (Score:2)
Re:End-to-End Security (Score:2)
Ideally, I prefer the belt-and-suspenders route: WPA, then a VPN, then app
Re:End-to-End Security (Score:2, Informative)
Bare open wireless with a dedicated DHCP/OpenVPN server. Server configured to only allow connections to/from known MAC addresses. Use OpenVPN (128 bit certificate keyed AES) to connect to the internal network.
Potentially an attacker could compromise one of the wireless devices, however the clients could be firewalled to permit only connections to/from the server to limit that exposure
Re:End-to-End Security (Score:2)
But, once you connect, you can't do anything. You're behind an allow-nothing firewall. You must open up an OpenVPN [sourceforge.net] tunnel if you wanna go through the firewall.
You're right (Score:2)
Re:End-to-End Security (Score:3, Informative)
Even if WEP was perfect, it wouldn't protect your traffic on the distribution system that your access-point connects to. The hubs, switches, and routers that your traffic flows through on the way to its destination are still carrying your traffic unencrypted, and it is subject to interception at those
Easier for travelers (Score:5, Interesting)
Seriously though, Wi/Fi has to be treated like an unsecure public network, and anyone wants to restrict access they should use a more secure protocol like IPSec in host-to-host mode. Do not count on Wi/Fi manufactures to protect you, for some reason they just simply refuse to provide secure products.
Re:Easier for travelers (Score:4, Insightful)
these tools are useless against that scheme. you still need to perform old-skool cracking in order to get past nocatauth, no point and drool tools for getting past that yet, espically with the non-public modifications we made to it to make it different than what is freely available.
Re:Easier for travelers (Score:2)
Will it stand up to someone who knows how to change their MAC address and other information to match a subscriber? Collect four or five of them and odds are that at any given time one of them isn't present.
Part of the reason that WEP is fundamentally insecure goes beyond just the broken encryption; once you've cracked the key you can
Re:Easier for travelers (Score:3, Insightful)
I wouldn't trust Wi-Fi as a fully secure medium even if the manufacturers built in more security measures. As a completely hypothetical and unrealistic example, say I had a completely closed network, with no outside net connections at all. Now, to gain access with physical connections, I've either got to get actual access to a terminal, or do a bit of cable snipping. Now, if I network wit
Re:Easier for travelers (Score:3, Insightful)
Some thoughts on Wireless and Security (Score:5, Insightful)
# setting up secure connections is too difficult for the lay person. We need standard Diffie-Helman key exchanges. I saw on the internet that it is available on some access points, but it just should be the standard of the IEEE. As far as I could find with Google it isn't yet. I can't understand why.
# Securing accesspoints should be mandatory. There are too many open access points available. There is no use for anonymous connections over a random family's access point, it only endangers them into being seen as cybercriminals.
# If people want to make it possible for neighbours and strangers to make use of their access point it should be done in the same way hotspots are now available at airports and Starbucks. Make it possible to extend the official network of the ISP to a users access point. This way if I open up my laptop and there is an access point available of Joe User, I can only hook up to it by propperly logging in to the ISP's network or use the airport/credit card system. This will require many roaming agreements etc, but it would bring security and convenience at the same time. It should be done in such a way that the person opening up his network in this way can throttle the speed of the guest users and/or the times they can access. So I would like to see a rule like "Guests can only connect when I am not connecting" or "Guests only get 1mbit/sec".
Re:Some thoughts on Wireless and Security (Score:2, Insightful)
ad 2: Depends on your understanding of what the net is. If you think that WLANs are insecure means of accessing a safe network, then yes, AP security should be mandatory. If you think that WLANs are just another insecure link in a dangerous network, then what difference would it make?
ad 3: There are so many ways to abuse this system, it isn't even funny.
Old news (Score:3, Funny)
If you bought one of those shiny new 802.11{abg} access points so you could be lazy and use your laptop in bed without a bunch of cords dangling all over the place, you have a decision to make. Do you want your neighbors and random strangers using your Internet connection?
If you decide you don't want other people using your connection, then don't do these things:
Re:Old news (Score:4, Insightful)
Re:Old news (Score:3, Informative)
Re:Old news (Score:3, Insightful)
Re:Old news (Score:2)
Windows XP is getting past this issue, but anyone who might turn on filesharing just to see what it's all about could be left out in the cold. Proof beyond a reasonable doubt would be very easy to create. Oddly enough, with Mozilla it is probably easier to
Re:Old news (Score:3, Informative)
So if someone did illegal things through your connection, YOU will still be responsible.
Re:Old news (Score:2)
Open wireless points might work for people living on
Re:Old news (Score:2)
Hiding your SSID and enabling WEP will turn away all casual freeloaders. Yes, WEP is crackable, but you still need to be fairly knowledgeable to do it. Doing these two things will save you from 99% of the attackers out there. Turn on MAC restrictions, and you've probably gotten rid of 90% of what's left. Turning off the DHCP server can't hurt, but anybody who can get through the WEP and
Re:Some thoughts on Wireless and Security (Score:2)
THAT is higher security than the most expensive wireless access point hardware that money can buy can ever give you.
if they can not recieve the signal, they can not hack it.
and yes, I have good coverage all ove
Re:Some thoughts on Wireless and Security (Score:3, Funny)
Re:Some thoughts on Wireless and Security (Score:2)
even with the "pringles can" or other directional antenna you can not get a signal from the street.
I have my ap in the celing with 2 aluminum sheets at the 1 wavelength point away from the AP's antennas (that are seperated form the AP and spread out by 3 feet in both directions from the AP it's self) I have no access in the front yard, very m
Re:Some thoughts on Wireless and Security (Score:2)
Give me a break.
Securing one's front door should be mandatory. There are too many open front doors available. There is no use for someone to randomly walk into a family's front door, it only endangers them into being seen as victims of crime or criminals themselves if the "bad g
Re:Some thoughts on Wireless and Security (Score:2)
1) Someone can access my network.
2) Someone can see my traffic.
Any wireless network implementation should take both of these into account. Wireless access points, until other encryption and access control mechanisms mature, should be treated as if they were compromised to begin with. If you treat an access point like a live jack into your network that's located outside your building some whe
Security is an illusion ... (Score:5, Interesting)
Any encryption can be broken - given enough resources ... The trick is to make it so difficult that nobody finds out unless they are prepared to invest more than what you did (time, computing power, money, technology).
Interestingly in India, according to Department of Telecom [64.233.167.104] website - security means something differentRe:Security is an illusion ... (Score:5, Funny)
Re:Security is an illusion ... (Score:2)
I'd like to compare it to a weapons license that you need to obtain in every sane country in order to possess firearms legally.
Re:Security is an illusion ... (Score:2)
I won't have minded it if they asked for a provision to ask for private keys - I just don't trust the government that much - Especially my clients.
Laws like patents, have to specific - otherwise they are easily misused.Re:Security is an illusion ... (Score:2)
Such a law is not meant to be enforced against random people like us. But it serves to punish people that are suspected of illegal activity, but can't be convicted because they encrypted their communications. Then, these suspects can be arrested on grounds of violation of such a law, and tried when further evidence has been gathered.
Yes it is. All laws apply to all people. Mere suspicion of illegal activity is not enough to warrant punishment in any free society. I can't tell for certain, but it sounds
Re:Security is an illusion ... WRONG (Score:2)
Any encryption can be broken - given enough resources ...
This is false. A correct one-time pad can never be broken.
Misread the headline... (Score:4, Funny)
We've known WEP was broken for a long time (Score:3, Informative)
So, this isn't really "new" news, although it should reinforce the message that WEP is worse than useless.
Re:We've known WEP was broken for a long time (Score:2, Insightful)
Security is not an absolute, it is relative. Yes WEP is broken, worse than previously thought.
WEP, however bad it is (and however many better solutions exist) still stops most people from using your bandwidth. Retail studies have shown that most staff theft is opportunistic - while most people are basically honest, if they see money lying around, most of them will pick it
Securing wireless connections (Score:5, Informative)
First I tried to setup IPSec. It was a nightmare. Although I know a lot about computers and networks I did not manage to setup IPSec. It's configuration is so complicated, I have no clue. Although, it must be possible to get IPSec running, maybe it's just me who is too stupid
http://www.schneier.com/paper-ipsec.html
Then I tried Cipe. It was very easy to get it running, but it's horribly insecure. Peter Gutmann wrote a nice article, which was in the news on slashdot some time ago:
http://lists.virus.org/cryptography-0309/msg00257
In that article I read about tinc, which I now use. It's almost as easy to setup as cipe, but more secure (although not perfect and not as good as IPSec). Here is the answer of the developers of tinc to Peter Gutmann's article:
http://www.tinc-vpn.org/security
So, maybe if you believe them it's not that bad, I'm not sure about this.
I think one great advantage of the VPN-solutions is that AFAIK there are no tools available that make cracking them as easy as cracking WEP. So the "common War Driver" or Script Kiddie has no clue what to do, you'd need some kind of expert to crack your connection. And, if such an expert is trying to break your security, you maybe have a bigger problem anyway.
I just wanted to have an acceptable level of security and lock War Drivers out.
IPsec (Score:2)
IPSec is cross platform people and AIRPORT people should just use it and dump the crypto stuff on the cards and let the OS deal with it
N. Ferguson and B. Schneier "it is the best IP security protocol available at the moment." bbut dont like the fact the config is hard...
push the vendors to all support IPSec and make config easy and bingo "the world is a better place" tm
do it
john jones
Re:Securing wireless connections (Score:3)
I haven't started to use it yet, due to paranoia. I have several Linux boxen that are on my inside net and I don't want to compromise them.
Fortunately, one box has an unused NIC that I can use for the 802.x router. I plan to use L2TP and IPSec on this, but the instructions are rather intimidating and the protocol com
Re:Use SSH Instead? (Score:2)
Have a look at OpenVPN [sourceforge.net]. I did, and i never looked back.
Re:OpenVPN (Score:2)
honeypot WAP time! (Score:3, Funny)
The 5th one is a flaky piece of crap anyway and will likely just fry your WiFi card when my roommate fires up the microwave.
Re:honeypot WAP time! (Score:2)
Is PPTP considered safe? (Score:2)
I am not an expert on security -- could someone just tell me in 1 sentence whether PPTP can be considered 'secure' for a VPN at the moment? Or is it worth going to some other VPN infrastructure?
Thanks to anyone who replies.
Re:Is PPTP considered safe? (Score:3, Informative)
Have a look at OpenVPN [sourceforge.net] instead.
One solution to all this security mess... IPSec (Score:2)
I know its not the "magic bullet" but it would certainly help with some areas of weak security.
Only problem is that no-one is interested in implementing IPSec. Why cant we implement IPSec like we do with IPv6 where if both ends support it, it gets used.
Then, people can install IPSec on their clients and servers and start using it.
Although unless Microsoft added IPSec support to tcpip.sys or whatever (and released vers
IPSec sucks (Score:2)
Have a look at OpenVPN [sourceforge.net]. After i tried it, i swore i'll never get back to IPSec.
Re:IPSec is a pair of MMC snap-ins in Windows 2K-X (Score:2)
Or does it come standard with the OS?
Is there a reason why OS vendors (or more specifically those who write TCP/IP stacks/code) dont add IPSec and have it on by default?
Is there action that has to be taken to use IPSec (e.g. obtaining certificates/keys or something) that prevents it from being "on by dfefault"?
I'm not worried (Score:2)
Also, if you have a regular RTL8139 or NE2000 clone like I do, no exotic drivers are needed either to get things up and running.
Disclaimer: I don't have a clue about the current state of wireless on live distro's such as knoppix. Anyone hit me with a clue bat please?
People still use WEP? (Score:3, Interesting)
Who still uses WEP? The weeknesses in WEP have been known for some time, and there have been more than a few working crackers in the wild for quite a while now.
WPA [tomsnetworking.com] is the money. It's far more secure than WEP in that it has key rotation, and some of the snazzier base stations already support AES as the cryptographic algorithm. Most older stations with dilligent vendors will at least support WPA with TKIP (RC4 with rotating keys), since it's a trivial addition from a compute-intensiveness point of view.
That said, if you do insist on sticking with WEP (some people prefer classic cars to modern ones as well, I guess), or even less (ie, run an open base station) at least ensure that your access point is configured to only allow your specific MAC (as well as those you trust) to peer with it. This will at least keep the bandwidth sucklers off your back.
Unless, of course, being suckled upon is what you like. At that point, do what you want. I'm Canadian, so my personal bandwidth is everyones bandwidth.
Ahhh... socialism. :)
As for PPTP, switch to using KAME, FreeS/WAN or your IPSec implementation of choice. You can, of course, even use IPSec to do transport level encryption for your wireless connection if your base station doesn't support WPA, though you would need additional boxen to do this, of course.
Both of these (WPA and IPSec) provide the same functionality as what they replace (WEP and PPTP) with additional security benefits. We moved to WPA for our corporate access points over a year ago and have been running a 100% IPSec (SonicWall, specifically [sonicwall.com]) VPN for just as long. They're functional, production tested and very secure.
Don't wait. Do it now.
Re:People still use WEP? (Score:2)
Re:People still use WEP? (Score:2)
2. MAC addresses can be spoofed.
Re:People still use WEP? (Score:2)
If your AP won't do WPA, you should replace it.
Can something be done sort of like freenet? (Score:3, Interesting)
So, for each client there are four keys. One to encrypt information sent from client to server (residing only on client), one to decrypt this information (residing only on server), one to encrypt information sent from server to client (only on server), one to decrypt information sent from client to server (only on client). Plus the server has its own internal key so that even if the encryption for two clients between two computers is identical, the decryption is different. Same for the client. Ok ok- 6 keys.
Ignoring the complication, overhead, and excess noise produced by this, wouldn't it be better than say... WEP?
IPsec is great (Score:3, Interesting)
Re:IPsec is great (Score:2)
Re:IPsec is great (Score:2, Informative)
But you can use the following utility, it's not as polished as those $80 clients but it does the job, it's basically a front-end to configure the IPSec for you based on a simpler config file:
http://vpn.ebootis.de/ [ebootis.de]
IPsec is not great (Score:2)
I mean, IPSec is nice and all, if you're a medium-to-large company that just goes ahead and buys a full solution from vendor XYZ. But it's a big pain in the butt for everyone else.
At some point, i discovered OpenVPN [sourceforge.net] and i got hooked immediately. Clients and servers for all major operating systems (the same software can be either client or software, just flip a config bit), nice GUI for Windows, compression, rock-solid encryptio
I brought the cheese ball...OOPS! (Score:2)
I saw the title -- WEP And PPTP Password Crackers Released -- and thought perhaps it was time to try out some new Christmas party tray snack crackers. Very geeky food.
Alas, I shall have to return my Publix-brand caviar and this goose pate I bought frozen from SAM's Club. I'm keeping the cheese ball, though. And the cocktail weiners.
IronChefMorimoto
You're all forgetting... (Score:3, Insightful)
The point is that I don't have to be totally secure, just more secure than my neighbors. Unless I am specifically targeted by some scoflaw, there are a lot easier access points to get to in my neighborhood for general malfeasance.
So what IS good? (Score:2)
- If it runs WAP, it's probably been rushed to market and has plenty of serious security issues that will give up my keys, admin access, whatever, making the whole thing a moot point.
- If it's been on the market long enough that I can fix the really heinous flaws with firmware updates, it runs WEP.
You only have to outrun the other guy... (Score:4, Insightful)
The moral of this story is that your security doesn't need to be perfect, it just needs to be 'good enough', and in this case 'good enough' is probably merely 'better than the muppet next door who hasn't secured their network at all'.
I use WEP to secure my wireless LAN. Does it bother me that it's possible to crack? Not really, because there are at least 2 other networks in my apartment building (with SSIDs of 'linksys' and 'default') which don't appear to have any kind of security at all. Which means that someone casually looking for a free connection is going to use them, not me. If someone really wants to compromise my network specifically, and has the time and skill to do so, well, then I have bigger problems...
Trying to compile asleap (Score:2)
Re:Trying to compile asleap (Score:2)
Re:But nobody can crack my Slashdot password (Score:2, Offtopic)
Re:So how can I secure my connection? (Score:2, Interesting)
Re:So how can I secure my connection? (Score:2)
The only problem is that when a friend comes over he can't just hook into the wifi. But well, that's how I learned that OpenVPN works fine on windows, too and once you've scribbled up the really small config file (mine is 10 lines!) it's a matter of minutes to enable a new host.
Re:So how can I secure my connection? (Score:2)
That said, your best bet, until 802.11i is widespread, is to buy an access point and wireless card that support WPA, which provides for regular key changes.
Additionally, be sure to configure your base station to only allow your specific MAC address (the address of your personal wireless card and any other authorized cards) to peer with your access point.
This way, even if someone -does- br
Re:So how can I secure my connection? (Score:2)
Re:MAC Control tables useless? (Score:4, Insightful)
MAC filtering is not encryption, even if you MAC filter, I can come by with any number of 'tools' and leech all your traffic without having to do any work. Perhaps the only thing MAC filtering does is keep the non-technical neighbor upstairs off your signal.
This article refers to another way to crack networks that are actually encrypted, which was generally enough of a hassle that someone would want to specifically target YOU before going through the trouble. As with all encryption though, cracking what's out there gets easier every day, time to move up to something else!
Correction to submission (Score:5, Informative)
Re:Correction to submission (Score:2)
Re:Hidden ESSID (Score:2)