I just setup a wireless network and I am using wep. One of my friends told me that wep can be cracked in like 5sec. I looked around on the net and found some places that told me you would have to get alot of packets (like 1million) . I would like to know if there is like a set time that it can be done in or if it is about the number of packet and how many would be needed.

Pretty easy, there's a quick study of a number of methods, longer key lengths don't really change much. Still you should use at least 64bit to discourage the casual, unintentional, or un-talented hacker.

http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html

I've just gotten my own wireless network and I've been wondering about this too.

I read an article that airsnort would need about 500mb of data before being able to crack a 128bit key, which meant about 8hours of scanning (give or take an hour or two depending on luck) (I'll see if I can dig up the url)

I haven't tested this at home (I have WEP enabled and MAC address filtering on) because I'm still trying to find info on how to actually DO it.

So far I can sniff my network, the ESSID is not broadcast, and its encrypted and if I change my MAC with iwconfig (i think that's what I used on the weekend) it won't let me in even knowing the ESSID and the key I made.

(I'm not worried yet per-say since I seem to be the only one in the neighborhood with a computer, much less a wireless network! But that can change.)

I was curious myself, so I actualy tried cracking my own network WEP key about a month ago. So I downloaded WEPcrack and used my wireless Zaurus to sniff packets with Kismet. I didn't capture anywhere near 500Mb of packets, so that might have influenced my results. But I captured a decent number of packets and ran WEPcrack against it. It ran overnight (about 10 hours) on a 1.4GHz Athlon with close to 99%CPU utilization the whole time until I finally killed the job. So although it's in theory possible, I'm starting to have my doubts as to what "easily crackable" means. If someone has to have a freakin' CRAY running for a week to decrypt my WEP, then I'll be a little less concerned.

Now that I have an SD card for my Zaurus, I'll try capturing more packets (I'll shoot for >500Mb) and re-running my test. I'll post my results after this weekend and let you know if I could crack a 128bit WEP key and just how "easy" it was.

I tried cracking my moms wireless network. I had kazaa runing on her computer and my lil bros computer to add more packets to the mix. But after about 2 hours I gave up (I had about 4000 packets) I said to myself why would any wanna wait 2 hours to get one my network when there is a network that is open thet i can get one with no prob. I was running airsnort.

I ran airsnort for fun last night (I still don't know for sure what to do next after it spits out the key but so what....I already know how to USE MY OWN network...I'll figure out how to use hotspots eventually) on my network.

I had to pack it up after 4 hours tho (needed my laptop with me when I headed out)...with very little results.

Before buying my card and reading all those "WEP is totally insecure" articles I had the idea that my future network would be crackable by any hacker with a car and antenna driving by...right now its seeming like it just isn't so....

I agree from the theory I've read that yes...WEP isn't "secure" and yes, I wouldn't use it to work on top-secret CIA stuff...but for what I use it for at home? Its plenty secure...

I don't think a script-kiddie walking by will wait for 8 hours just to access my net or sniff out what websites I use....plus my other gateway will stop him from getting OUT of the network once he's in..so surfing won't happen...and that's IF I leave my AP up (I turn it off when I leave for work).

This weekend I have no plans, so I'm gonna leave airsnort up and see how long it takes to spit out a key.

Ok. I ran kismet for about 2 days straight and I still only captured ~100mb of traffic, even with a streaming internet radio application going overnight. I did manage to capture 1 weak packet, but given that a weak packet only has a 5-10% chance of identifying 1 bit of the key, I'm starting to think that cracking WEP isn't as trivial as people make it out to be.

I took a look at a couple of the initial papers that described WEP cracking and they had to ping flood their access point to capture enough traffic. Given the data I captured, I estimate it would take me over a week non-stop to log enough packets. At that point I would be more worried about my wireless card spontaneously bursting into flames than anything else. I guess if someone was determined enough to run a wireless sniffer for that long or if the target network generated a large amount of traffic, then it's possible. Personally, I feel if your dedicated enough to run a sniffer that long, then you've earned the right to listen in on my connection to www.goat-porn.com.

Conclusion: If I worked at the Pentagon, I might think twice about installing a wireless network, but for the home user I wouldn't lose sleep about it.

OK I don't think it can be done on a home network. I fine you would have to worry about the kid next door that his a box and an extra wireless card. But for anyone else I guess if the really want you wep code they could hide a laptop in a tree and come back to it in a month.

Over the weekend I place mt laptop in my moms living room i started download from newsgroups about 2.4 gigs of "stuff" . Also i did some other things to get packets moving. after about 3 day i had 304MB in packets and did not get the wep.

If anyone has crack there home wep post the amount of time amount of packets that it took. thanks


P.S. i really feel that it would take more then a month.

Ok...well last weekend I sniffed for 3 days of "normal" home net use on my network and nada. nothing. no weak packets. I'm not going to do that again because I want to USE my connection I don't have a spare machine/card for this hehe.

At work its easy, there's an encrypted network they run and I asked the network guys if I could try accessing it...since that's EXACTLY what they set it up for they think its a great idea (I work for a large health care association in Canada and before any technology is used, by law, we have to practice due diligence to protect medical records)...so far I've sniffed everything in the air for 9 days...found a few interesting packets (by airsnort standards) and I've gotten nothing at all...mind you this is a "light" use testing network with low traffic...

I agree with Caveman's conclusion...while there are demonstrated vulnerabilities in WEP..for normal use, I'm not worried about the kid next door buying a wireless and using my network. Since I rotate keys every couple of weeks, by the time anyone cracks into it...the key gets changed...and that's IF they figure out how to get OUT of my lan and into the net once they're in...its not like my internal lan is wide open either.

I have been reading up on WEP security, since I plan on switching to wireless myself.

I found this Oreilly page pretty interesting. It might be worth checking out.

http://www.oreillynet.com/pub/a/wire...ap1/index.html



- Emil

If you read the article, they had to ping flood the router in order to generate that much traffic. Depending on the type of 802.11x network, that can be a whole lot of traffic. I don't know much about Apple hardware, but on an 802.11g network than can move 54Mb/s, that is a significant amount of traffic.

However for the average home user, where the majority of network traffic is from internet, the amount of traffic will be restricted to the bandwidth of their connection. Usually that will be some kind of DSL with a max of about 100-300Kb/s. So if you do the math (54000/200), that's a 270-fold difference. At that rate, it would take 405 hours to capture the same amount of traffic. And that's with you DSL connection max'ed out for 17 days non-stop!

Granted you'll have other network traffic like your AP beacon, ARP traffic, etc which would increase the total, but who really max'es their internet connection for 2+ weeks.

Im sure your right there.

One other question:
Does the traffic have to be to/from the internet? What is you have a gateway also serving as a file server. Say you had your laptop playing mp3's of the server? Or a user on the network was watching a movie located on the server. That would generate something like 700 mb of data.

Am I just way off here?
I could be, as i said, im all new to this wireless stuff

- Emil

As far as I know, the traffic does not have to be internet traffic...just regular network traffic. See, the problem is capturing a significant amount of interesting packets, packets that have weak encryption that allow you to get the whole...and the amount of weak packets vs regular is fairly small...so you have to listen to a LOT of network traffic before you get enough of them to let you crack the WEP....

at least that's how I understand it.

I see...

but still, people in this thread said that it was hard to capture even 500 mb of data. I was just thinking that if you used a fileserver as sort of a "jukebox" - as i plan to - then it would be fairly easy to capture enough packets. Maybe not if your were wardriving by, but maybe if you were the kid next door?

- Emil

There are plenty of examples that would generate enough traffic. Any kind of internal file server that is heavily used would do the trick. But I was trying to make a generalization about the average home user with a wireless network and I doubt that many of them have a high throughput file server or streaming media server. But sure, you could have a setup that would make your WEP easier to crack.

In fact when I did my test, there were 3 other home networks and 1 small comapany network (like a coffee shop or small restaurant) and I still couldn't capture nearly enough packets over 2 days.

Try it if you don't believe me