LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-21-2006, 12:10 PM   #1
ilan1
LQ Newbie
 
Registered: Jan 2006
Posts: 18

Rep: Reputation: 0
Newbie question about WEP cracking


When I use tools like airodump and aireplay, if I wanted to
be absolutely safe, is it necessary to change the MAC on
my wireless card?

My understanding is that at no time does my MAC address
ever appear over the air. Somebody please correct me if
I am mistaken.

Ilan
 
Old 02-21-2006, 12:19 PM   #2
onebuck
Moderator
 
Registered: Jan 2005
Location: Central Florida 20 minutes from Disney World
Distribution: SlackwareŽ
Posts: 13,970
Blog Entries: 46

Rep: Reputation: 3194Reputation: 3194Reputation: 3194Reputation: 3194Reputation: 3194Reputation: 3194Reputation: 3194Reputation: 3194Reputation: 3194Reputation: 3194Reputation: 3194
Hi,

Yes, using MAC filtering with WEP provides a more secure wireless network than WEP alone. WPA would be the way!

As for changing the MAC address of your card. The MAC is uniquely assigned to the manufacture and therfore is assign to the card to identify it as such. The chance of hitting someone's MAC does exist but the scale of your network would have to large. Therefore , you could change it but why.

Last edited by onebuck; 02-21-2006 at 12:22 PM.
 
Old 02-21-2006, 05:55 PM   #3
ilan1
LQ Newbie
 
Registered: Jan 2006
Posts: 18

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by gwsandvik
Hi,

Yes, using MAC filtering with WEP provides a more secure wireless network than WEP alone. WPA would be the way!

As for changing the MAC address of your card. The MAC is uniquely assigned to the manufacture and therfore is assign to the card to identify it as such. The chance of hitting someone's MAC does exist but the scale of your network would have to large. Therefore , you could change it but why.
gwsandvik, your reply was not helpful at all!

Could somebody who is more knowledgeable please reply?

Ilan
 
Old 02-21-2006, 08:49 PM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
I actually misunderstood your question the first time I read it as well...I think it has something to do with the wording.

If your question is whether you should change your MAC address when using a WEP cracking tool so that the MAC cannot be traced back to you, then it really depends. If you are using a passive technique, then no, it shouldn't transmit any packets and hence your MAC never hits the wire (or wireless in this case). If you use an active cracking technique, then yes, it will transmit packets. For a replay attack, it should use one of the clients MACs from the captured session. For other active attacks, I don't know if any of the tools forge MAC addresses.

In general, doing anything that makes you think you need to hide your MAC is probably a bad idea. An experienced investigator will likely be able to track you down with or without a real MAC.

Also note that asking cracking-related questions is against our site rules, so I'll likely close this thread if it becomes a WEP-cracking guide.
 
Old 02-22-2006, 02:02 PM   #5
int0x80
Member
 
Registered: Sep 2002
Posts: 310

Rep: Reputation: Disabled
I've used airodump/aireplay for monitor/inject attacks, but haven't sniffed during this event so I can't say for certain. I am 99% sure that your mac is sent out when using airodump in conjunction with aireplay since you are sending out packets. My other thought is change your mac anyways. What do you have to lose? Worst case, you change your mac and everything still works.
 
Old 02-23-2006, 12:19 PM   #6
onebuck
Moderator
 
Registered: Jan 2005
Location: Central Florida 20 minutes from Disney World
Distribution: SlackwareŽ
Posts: 13,970
Blog Entries: 46

Rep: Reputation: 3194Reputation: 3194Reputation: 3194Reputation: 3194Reputation: 3194Reputation: 3194Reputation: 3194Reputation: 3194Reputation: 3194Reputation: 3194Reputation: 3194
Quote:
Originally Posted by ilan1
gwsandvik, your reply was not helpful at all!

Could somebody who is more knowledgeable please reply?

Ilan
Hi,

Why change it? As for your snide remark, you won't get much help with that attitude. If you want to change it then change it. As for hiding, won't happen if some really wants to find you!
 
Old 02-23-2006, 01:48 PM   #7
int0x80
Member
 
Registered: Sep 2002
Posts: 310

Rep: Reputation: Disabled
gwsandvik

Your post really was not helpful in regards to the question being asked by the thread starter. Instead of taking responses emotionally, perhaps taking time to read and evaluate what is being asked would be a better option. At no point were the topics of MAC filtering or WEP vs. WPA ever mentioned by the thread starter.

We appreciate all contributors at LinuxQuestions, and are thankful for the help you've provided thus far

Quote:
Originally Posted by gwsandvik
Hi,

Why change it? As for your snide remark, you won't get much help with that attitude. If you want to change it then change it. As for hiding, won't happen if some really wants to find you!
 
Old 02-23-2006, 02:41 PM   #8
onebuck
Moderator
 
Registered: Jan 2005
Location: Central Florida 20 minutes from Disney World
Distribution: SlackwareŽ
Posts: 13,970
Blog Entries: 46

Rep: Reputation: 3194Reputation: 3194Reputation: 3194Reputation: 3194Reputation: 3194Reputation: 3194Reputation: 3194Reputation: 3194Reputation: 3194Reputation: 3194Reputation: 3194
Quote:
Originally Posted by int0x80
gwsandvik

Your post really was not helpful in regards to the question being asked by the thread starter. Instead of taking responses emotionally, perhaps taking time to read and evaluate what is being asked would be a better option. At no point were the topics of MAC filtering or WEP vs. WPA ever mentioned by the thread starter.

We appreciate all contributors at LinuxQuestions, and are thankful for the help you've provided thus far
Hi,
I read the OP and responded as I saw the request. Maybe I read between the lines and assumed. But it was my interpretation. Judge as ye judge!

I will continue to respond and find that it is only fitting to give back to the community. I am not taking any response emotionally, now that is weighing on your part! As any responder, people refer information in the manner they feel fit. And the reference article was appropriate in my mind.


As for your input, do as you desire. BTW, that is not intended to be snide nor smart. I don't see a moderator tag or feel that your interpretation was warranted.

As stated the general drift of a request to change a MAC generally is related to the WEP problem and or wired when one wants to attempt to hide. Read into as you will.

BTW, thanks! I will continue to respond.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Question on the use of Wep cracking with auditor live CD army180 Linux - Newbie 2 02-23-2006 07:43 PM
WEP cracking with auditor live cd doesn't find wireless card?!!!!!! yottabyte james Linux - Wireless Networking 2 01-29-2006 03:40 PM
linux-wlan-ng, smc2532w-b, rfmon and wep question - simple i think captgoodnight Linux - Wireless Networking 5 06-05-2004 11:47 PM
Linux/Debian, WEP and linux-wlan - cannot get it to work with WEP slewis1972 Linux - Wireless Networking 1 12-25-2003 05:48 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration