wep decodable within 30 minutes?

Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

New to wireless security, I hesitate to run my recently purchased MN-700 for
7/24. Is it true that the constant availability of the router - other than
wireless notebooks with varying locations -facilitates cracking its 128-bit
wep key by brute force within 30 to 60 minutes? wpa cannot be implemented
with my mixed network clients.

Many thanks for clarification and/or advice,

Thomas
8 answers Last reply
More about decodable minutes
  1. Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

    you need to be passing a LOT of traffic for someone to crack WEP. it
    takes a pretty dedicated hacker. and you'd probably notice someone
    parked outside your house.

    you should use mac address filtering (access control lists) in
    addition to WEP and you should change the WEP key weekly.

    On Mon, 17 May 2004 09:20:15 +0200, "Thomas Bliesener" <kicks_@gmx.de>
    wrote:

    >New to wireless security, I hesitate to run my recently purchased MN-700 for
    >7/24. Is it true that the constant availability of the router - other than
    >wireless notebooks with varying locations -facilitates cracking its 128-bit
    >wep key by brute force within 30 to 60 minutes? wpa cannot be implemented
    >with my mixed network clients.
    >
    >Many thanks for clarification and/or advice,
    >
    >Thomas

    --
    Barb Bowman
    Expert Zone Columnist
    http://www.microsoft.com/windowsxp/expertzone
    MS-MVP (Windows)
  2. Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

    Barb Bowman [MVP-Windows] <barb@nospam.com> schrieb:

    > you need to be passing a LOT of traffic for someone to crack WEP. it
    > takes a pretty dedicated hacker. and you'd probably notice someone
    > parked outside your house.

    During my absence from the office, extra traffic would not detected. Or
    could you suggest some kind a sms alarm at a critical rate of network
    traffic?

    Cars are always parking in my street from one end to the other - I am living
    downtown in a European big city. Anyway, when I scan my site, there are
    always a couple of ssid active in the neighborhood.

    > you should use mac address filtering (access control lists) in
    > addition to WEP and you should change the WEP key weekly.

    This will reduce the risk, thanks for the advice.

    Thomas
  3. Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

    If you are that concerned, you can turn off your wireless radio every time
    you know you are leaving the house for an extended amount of time.


    --
    Jason Tsang - Microsoft MVP

    Find out about the MS MVP Program -
    http://mvp.support.microsoft.com/default.aspx

    "Thomas Bliesener" <kicks_@gmx.de> wrote in message
    news:%23Nr2ZGAPEHA.308@TK2MSFTNGP11.phx.gbl...
    > Barb Bowman [MVP-Windows] <barb@nospam.com> schrieb:
    >
    > > you need to be passing a LOT of traffic for someone to crack WEP. it
    > > takes a pretty dedicated hacker. and you'd probably notice someone
    > > parked outside your house.
    >
    > During my absence from the office, extra traffic would not detected. Or
    > could you suggest some kind a sms alarm at a critical rate of network
    > traffic?
    >
    > Cars are always parking in my street from one end to the other - I am
    living
    > downtown in a European big city. Anyway, when I scan my site, there are
    > always a couple of ssid active in the neighborhood.
    >
    > > you should use mac address filtering (access control lists) in
    > > addition to WEP and you should change the WEP key weekly.
    >
    > This will reduce the risk, thanks for the advice.
    >
    > Thomas
    >
  4. Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

    i don't know of any sms alarm. the MN-700 was designed for residential
    use (and is only supported in the US and Canada).

    you could turn off DHCP and assign statics, and use SPX/IPX for file
    sharing and unbind file sharing from TCP/IP. but seriously, if you are
    in an office environment, you should get an enterprise level access
    point that supports radius authentication and set up radius on a
    server o the domain to authenticate against.

    On Mon, 17 May 2004 13:24:58 +0200, "Thomas Bliesener" <kicks_@gmx.de>
    wrote:

    >Barb Bowman [MVP-Windows] <barb@nospam.com> schrieb:
    >
    >> you need to be passing a LOT of traffic for someone to crack WEP. it
    >> takes a pretty dedicated hacker. and you'd probably notice someone
    >> parked outside your house.
    >
    >During my absence from the office, extra traffic would not detected. Or
    >could you suggest some kind a sms alarm at a critical rate of network
    >traffic?
    >
    >Cars are always parking in my street from one end to the other - I am living
    >downtown in a European big city. Anyway, when I scan my site, there are
    >always a couple of ssid active in the neighborhood.
    >
    >> you should use mac address filtering (access control lists) in
    >> addition to WEP and you should change the WEP key weekly.
    >
    >This will reduce the risk, thanks for the advice.
    >
    >Thomas

    --
    Barb Bowman
    Expert Zone Columnist
    http://www.microsoft.com/windowsxp/expertzone
    MS-MVP (Windows)
  5. Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

    Actually, depending on your setup, a singe data frame may
    be sufficient to break WEP!!! In average, a day of data
    exchanges is sufficient to break WEP.

    Even when you setup MAC filtering it is possible to
    capture all data exchanged within the network (e.g.
    financial files). One can also break in by faking the MAC
    address.

    If your installation is really important:
    - Enable ICF on each computer, and set a VPN to
    transfer data among them
    - Upgrade all to g or (MS equip is now fairly cheap
    that they are getting out of wifi business)
    - Get a second b router and separate secure WPA data
    from an insecure b subnetwork

    >-----Original Message-----
    >you need to be passing a LOT of traffic for someone to
    crack WEP. it
    >takes a pretty dedicated hacker. and you'd probably
    notice someone
    >parked outside your house.
    >
    >you should use mac address filtering (access control
    lists) in
    >addition to WEP and you should change the WEP key
    weekly.
    >
    >On Mon, 17 May 2004 09:20:15 +0200, "Thomas Bliesener"
    <kicks_@gmx.de>
    >wrote:
    >
    >>New to wireless security, I hesitate to run my recently
    purchased MN-700 for
    >>7/24. Is it true that the constant availability of the
    router - other than
    >>wireless notebooks with varying locations -facilitates
    cracking its 128-bit
    >>wep key by brute force within 30 to 60 minutes? wpa
    cannot be implemented
    >>with my mixed network clients.
    >>
    >>Many thanks for clarification and/or advice,
    >>
    >>Thomas
    >
    >--
    >Barb Bowman
    >Expert Zone Columnist
    >http://www.microsoft.com/windowsxp/expertzone
    >MS-MVP (Windows)
    >.
    >
  6. Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

    Jason Tsang <jason-onlineDEL@ETEmvps.org> schrieb:

    > you can turn off your wireless radio every time
    > you know you are leaving the house for an extended amount of
    > time.

    You might have overlooked the condition "24/7" in my original posting.
    Others depend on using this shared internet connection anytime they want.

    Since they are not apt to monitor a possibly critical amount of network
    traffic, there needs to be a technological solution for keeping the network
    safe. Of course, wired LAN does the job. But how can a wireless alternative
    be more secured? How (for example) could an intrusion alarm be created?

    Thomas
  7. Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

    Barb Bowman [MVP-Windows] <barb@nospam.com> schrieb:


    > you could turn off DHCP and assign statics,

    already the case

    > and use SPX/IPX for file sharing and unbind file sharing from TCP/IP.

    to be considered

    > but seriously, if you are
    > in an office environment, you should get an enterprise level access
    > point that supports radius authentication and set up radius on a
    > server o the domain to authenticate against.

    Ok, possibly the only adequate solution.
    I'll pass on the MN-700 to my students (at least I spent my bucks in the
    store).

    Thanks for your clear words, Barb, et bonne chance,

    Thomas
  8. Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

    I don't have an answer to your question, but I would be
    currious as well. I'm not very familair with WEP, but I
    reasoned that it would be relatively secure with a 128-
    bit key. Back in the 80's, the DES (Data Encription
    Standard) with it's 32-bit key was considered safe in
    that it would take a Cray super computer a mater of
    months to break, by which time the information was no
    longer time critical. I would assume that WEP would be
    similar to DES in encription methode and that the larger
    key would make is even more secure.

    >-----Original Message-----
    >New to wireless security, I hesitate to run my recently
    purchased MN-700 for
    >7/24. Is it true that the constant availability of the
    router - other than
    >wireless notebooks with varying locations -facilitates
    cracking its 128-bit
    >wep key by brute force within 30 to 60 minutes? wpa
    cannot be implemented
    >with my mixed network clients.
    >
    >Many thanks for clarification and/or advice,
    >
    >Thomas
    >
    >.
    >
Ask a new question

Read More

Routers Wireless WEP Networking