Re: Wireless router

"maybenot" <isomon@here.invalid> wrote in message
news:F3ajf.256$xY2.145@trndny08...
>
> "DigitalVinyl" <DigitalVinyl@internet.com> wrote in message
> news:1s3qo1dpmovhsr87vk99nijf41t9a3h3tf@4ax.com...
> | The average person doesn't know what WEP is and half the users on
> the
> | internet can't figure out to do a decent google search. You can't
> | search for what you don't know exists.
>
> Sheesh, you must be living in yesteryears. Even my mom who is 82 yrs.
> old knows how to use google.
>
> | Read my other posts for my response to the whoop-de-do about having
> | cracked a WEP key.
>
> This one?
> "Lastly cracking a WEP key gets you on the network. It does not make
> spying any easier. You still have to do wireless sniffing or get in or
> attack a PC, assuming people haven't left themselves wide open--which
> is the bigger risk."
>
> Your statement shows what you know. Anyone who can get to your
> network can do a lot of evil things. Let's assume the boxes in the
> network are totally close for sharing, which is impossible for users
> who doesn't know how to secure their wireless, I give you that, but I
> have access to your internet, what do you think i can use your
> internet for? Who gets blame if I use your internet to send spam,
> hack other peoples machine?
> Now that you know what evil things can happen with a cracked WEP, why
> not advice people to use a more secure encryption(WPA, WPA2) instead,
> WPA has been available since two years ago.

WPA implementation on clients is horrible though, and it's often unstable to
the point of unusability. WEP is easy to set up and use on just about any
device.

However, using WEP filters out a big percentage of intruders, but *lets the
rest in*.

It's just like they have a wire on your network, minus any controls you've
put in by filtering traffic from the WAP. But within that cloud, they see
it all. They can read all your smtp and ftp passwords, your email, browse
habits, learn your internal IP structure and important hosts, etc. etc, even
with MAC filtering on, just by sniffing. A quick operation to read a MAC
out of a sniff, wait for it to go offline, then apply it to the local
device, gets they trusted access to your wireless cloud. Now they are free
to go surfing for child porn (law enforcement's investigative methods will
land them on your doorstep as the user of that public IP -- that's for real,
I've worked on 5 such cases this year -- how would you like that sort of
press?) or to hack away at all the inside hosts on your network. Do you
ever log in to your firewall with telnet or http? Now they have that
password. How secure are your workstations from each other? How secure are
your internal network passwords -- once they have network access, a password
cracker will get them on your servers with at least user access in short
order if they're not very strong -- but a finite amount of time more if they
are complex.

WEP is an invitation to disaster, but as one poster pointed out, it may be
that nobody ever picks up the invitation.

-Russ.
Received on Sat Dec 3 04:18:53 2005