[geeks] home wap paranoia

Thomas Gallaway rescue at port11.net
Wed Mar 17 11:33:02 CST 2004


Daniel Johannsson wrote:

>Hi,
>I've finally decided to get myself a wireless access point at home, after
>getting really tired of always snaking a long ethernet cable to where ever
>I'm sitting with the laptop.
>
>I'm wondering how paranoid other geeks members are about people getting
>onto their wap, and out on their net connection.  I live in a fairly high
>density area, with a lot of apts/condos and some coffee shops/restaurants
>withing probable wap range, so I'm thinking I should try to go fairly
>secure.
>
>Are people in general just trusting 128bit wep and using non broadcast
>ssids, or also doing things like putting the wap on a private network, and
>then forcing ipsec tunnels from the laptops to a machine with a nic on
>both the private and the external facing network?
>
>Thanks,
>
>Dan Johannsson
>  
>
Assuming you have a newer access point with the latest firmware you 
should be fairly secure. There
are ways of brutforcing WEP keys but if you run 128bit you should be 
okay. The bruteforce method
works on the base that you only need a few samples from the wireless 
traffic and then you run a tool
that will try to encrypt the package. You can use john the ripper as 
your key generator too. But this
takes rather long and is not very good.

Maybe as a hint is when you create your 128bit wep key make up the HEX 
numbers yourselfe and
do not use the ASCII to HEX utility as those keys tend to be easier to 
crack that pure HEX keys.

All that scare about wireless networks is dated maybe 2 years back and 
new access points have
improved security. Then again if your would run the wap at an 
corporation you should maybe be a
bit more concerned about security.

-- Thomas



More information about the geeks mailing list