It's 2005, why do things still not do WPA?

[Mercutio]

I think I hate WLANs.

The title says it all. I just got to look at an "I just bought it yesterday" DLink AP/Router. No WPA. So I flashed it to the newest firmware. STILL no WPA.
Where the f*ck is WPA?

Linksys makes all kinds of wireless geegaws now. Toys, almost. Wireless audio systems, range extenders, print servers. Guess what absolutely none of them support?

The stickers on the box talk about how effortless wireless crap is to set up... except, it's not. Mixing vendors of wireless equipment is sometimes bad enough to make the baby jebus cry.
The everyday users have NO IDEA that they are using 20something-digit WPA keys, and they expect their new stuff to just instantly work.

True story: Guy I do work for has a WLAN for the four portable computers in his office. Originally there was nothing else, ever, that was supposed to be able to connect. OK, fine. WPA, turn of SSID broadcasts, run a MAC filter to those four NICS. Good security practice, y'know?
Guy calls me today, tells me his internet service is really slow, and the office Kazaa fiend is on vacation.
So I remote into his router. All the security is off. All of it. No WPA. SSID is being broadcast. MAC filtering is off... and there are *19* more DHCP clients than he has computers.
So I turn everything back on, filters and all, while I'm on the phone with him.
I start to ask "Why was this stuff shut off to begin with?", when my client pipes in "Oops. Now my speakers don't work?"
Which leads to the logical question, what the hell does that have to do with anything?
But the picture is made clear: "I have these linksys wireless speakers..."
So I hit linksys.com, look at the Product PDF - Nothing at all about WPA.
"They told you to turn off security, didn't they?"

Apparently the asshats at linksys support successfully walked him through turning off every single security feature on his WRT54G. EVERY ONE. " *I* call linksys and I can't get them to answer yes/no questions. Him, they walk through connecting to the router, typing in the password, and each of the five or six places he had to go to turn all that stuff off (and since the SSID and password were the ones I assigned, they DIDN'T just tell him to reset it, amazingly).

So I said to my client: "If you want that to work in your office, I'm billing you two hours at my emergency rate to set them up. You can either have a secure network or you can have those stupid speakers."

Anyone care to guess what I'm doing right now?

Arrrg...

 

[ddrueding]

Anyone care to guess what I'm doing right now?

Making some good money?


A very nice rant; and one I 100% agree with. It's not like linksys don't know how to do WPA; many of their products have it. The killer for me is why their range extenders don't support it. They have a "one touch setup" that would obviously not support keying in a code.

 

[time]

Boy oh boy do I sympathize!

On a related topic, can anyone tell me if Linksys wireless adaptors come with a WPA supplicant (like most Netgear), or is WinXP the only supported OS?

BTW, the Canon Pixma IP4000R, an incredibly cheap networked printer that also comes with 802.11g, supports WPA out of the box, effortlessly (at the same time, I was struggling with Intel's stupid wireless client on a Centrino notebook).

 

[Mercutio]

Linksys has it's own tool. I make linksys adaptors work with 2000 Pro all the time.

 

[sechs]

How do I get in on this action?

 

[Tannin]

One of the great rants, Merc. I hear you.

 

[Stereodude]

How many of you have had a WEP encrypted WLAN compromised by hackers?

I mean WPA is nice and all, but is it really necessary?

 

[Mercutio]

I've done it a couple times, for my own amusement. If I can do it from just reading a page of instructions I printed out from google, I don't think anyone else is going to have a very hard time, either.

 

[sechs]

I've had one compromised by the reset button.

 

[blakerwry]

I dont actively monitor my wireless connection nor have good logs so I wouldn't know if anyone hacked it....

But I have SSID broadcast disabled, MAC filtering, and 128bit WEP... in addition there are 2 fully open access points nearby and 1 WEP enabled, but broadcasts still on. Kind of like a honey pot... especially since I dont use my wireless network but every so often and it is not attached to my main network.

 

[Fushigi]

How many of you have had a WEP encrypted WLAN compromised by hackers?

I mean WPA is nice and all, but is it really necessary?

It has been demonstrated that WEP can be broken in about 10 seconds using a modern PC. If you care about keeping your WLAN to yourself, WEP cannot be considered secure. WPA is not perfect, especially with PSK vs. Radius, but is far, far better.

Besides keeping your WLAN to yourself, also consider what could happen over your connection if it was compromised: illegal activities, excessive bandwidth usage, etc. Things in violation of your ISP's TOS could get your connection disabled and could result in you being taken to jail or fined.

Here's a good blog discussion about what happened with an open AP: http://www.schneier.com/blog/archives/2005/07/stealing_wifi_a.html

 

[MaxBurn]

Just got verizon and they have a nice little app on an install CD that sets up their wireless/firewall/DSL modem for you. Super easy but doesn't set up any security except for turning on the firewall. Thus I can see NINE other networks in my complex that are wide open. Not that I am complaining, I used a couple in the week or so it took me to get my modem shipped to me and working. I toyed with the idea of going in and "helping" them turn on their security.

Major gripe here: they don't tell you what the username and password they use to setup the DSL modem with. It's not on the included paperwork, nor on verizon's web page that I could find. I finally found it buried in the manufacturer's manual (that I had to go find and download).

Interesting thought: Because all these networks are unsecured and will accept anyone and all have a incomprehensible number assigned for the SSID it's entirely plausible that there are people in the building that aren't even using their own connection and are connected to their neighbor all the time.

 

[Stereodude]

It has been demonstrated that WEP can be broken in about 10 seconds using a modern PC. If you care about keeping your WLAN to yourself, WEP cannot be considered secure. WPA is not perfect, especially with PSK vs. Radius, but is far, far better.

Besides keeping your WLAN to yourself, also consider what could happen over your connection if it was compromised: illegal activities, excessive bandwidth usage, etc. Things in violation of your ISP's TOS could get your connection disabled and could result in you being taken to jail or fined.

Here's a good blog discussion about what happened with an open AP: http://www.schneier.com/blog/archives/2005/07/stealing_wifi_a.html

10 seconds?

All the information I've seen indicates you had to collect packets for days and it still takes the PC hours to get the key from that data.

I'd love to know how to break WEP in 10 seconds. Then I wouldn't need to pay for internet access anymore.

 

[blakerwry]

Just got verizon and they have a nice little app on an install CD that sets up their wireless/firewall/DSL modem for you. Super easy but doesn't set up any security except for turning on the firewall. Thus I can see NINE other networks in my complex that are wide open. Not that I am complaining, I used a couple in the week or so it took me to get my modem shipped to me and working. I toyed with the idea of going in and "helping" them turn on their security.

Major gripe here: they don't tell you what the username and password they use to setup the DSL modem with. It's not on the included paperwork, nor on verizon's web page that I could find. I finally found it buried in the manufacturer's manual (that I had to go find and download).

Interesting thought: Because all these networks are unsecured and will accept anyone and all have a incomprehensible number assigned for the SSID it's entirely plausible that there are people in the building that aren't even using their own connection and are connected to their neighbor all the time.

That sounds wholey unsecure, they didn't even follow the 1st step in security, change the default passwords....

 

[Stereodude]

So, I take it you can't crack a WEP network in 10 seconds?

 

[time]

Merc or someone would know more about this, but my understanding is that passive decrypters need to capture a certain amount of traffic (5-10 million packets for AirSnort). If the network is extremely busy, it might take only an hour, but if there's not much activity, it could take days or weeks. Once they have sufficient data, deriving the key is apparently trivial.

However, there are also active attack methods which I presume aren't dependent on traffic and are much faster.

 

[Fushigi]

So, I take it you can't crack a WEP network in 10 seconds?

Me? I've no reason to try and I am ethics-bound to not do so unless it is for ethical hacking purposes. The statement was made at a security conference I attended earlier this year by a wifi engineer.

Without even Googling I found that these guys did it in 5 minutes.

 

[blakerwry]

I'll be moving in less than a month, so in preparation I upgraded my smoothy to a Green+ Orange + Red setup and am intending on putting my AP on the orange to keep it off my main network.


Because of this I also got interested enough in setting up my smoothwall to be a fully fledged VPN server. Works VERY well with the PoPToP mod that is freely available once you get past the initial setup grunts and groans.

The security, convenience, and flexibility a VPN offers is so much better than the SSH port forwarding that I have been doing for the last year. Which in turn was a heck of a lot better than remote router management to setup port forwarding when/where needed. I'm sure my network is also a 100% more secure now as well that I have removed the many holes that had previously been open.


The question now becomes whether I even need WEP anymore... guess it will be useful in keeping people off my network ;-)

 

[blakerwry]

forgot to mention that I did some research on both WEP and WPA practical cracking.... the short of it is not to bother unless you really want into someone's network.

in my experience most wep keys are generated from a pass phrase, so it becomes more difficult than guessing the wep key since they are just gibberish. This leaves a dictionary -> hash -> brute force method available... which can work in some instances...

the other method, which i would actually consider the WEP crack, takes gigs of traffic to be logged before you can determine the likely WEP key. Most home networks are not going to see that in a few months. But it is true, that once you have the data it can be cracked, and quickly.

It's almost easier to just get a directional antenna and find a nearby access point. Suprisingly, the number of access points in my area has grown dramatically.. a year or two ago I could count them on one hand, now I don't have enough fingers and toes put together to count the access points in my small subdivision.

If you're in an area like mine there are sure to be a few open APs in range.