GPL Universal Wireless Client

Is anyone aware of a free (GPL) alternative wireless client for
Windows? I cannot use the client in Windows XP as it does not support
LEAP.

> Is anyone aware of a free (GPL) alternative wireless client for
> Windows? I cannot use the client in Windows XP as it does not support
> LEAP.

LEAP is worse than WEP. It's susceptible to a highly efficient
dictionary crack and once you have the username and password, you
have...the username and password - valid credentials for the network.
Capture the admin logging on and your network isn't yours anymore.

At least with WEP all you've lost is a network connection!

Even Cisco gave up on LEAP as not worth fixing, you might want to pass
by also.

http://searchnetworking.techtarget.c.../0,289142,sid7
_gci959510,00.html

David.

I'm afraid don't have a choice in the matter and I have to use LEAP.

LEAP is just the authentication scheme and uses WEP (which alternates
the WEP keys every 5 minutes). IMHO, it's better than just using WEP
and follows the intentions of the WPA standard. From what I understand
LEAP was the result of WEPs lack of security and intended as a holdover
until WPA (perhaps it was WPA2) was approved and used, and so it was
intended to be abonded eventually. I don't claim to know everything
about wireless technologies, so feel free to correct me if I'm wrong.

Per Wikipedia:
http://en.wikipedia.org/wiki/Lightwe...ation_Protocol

"The Lightweight Extensible Authentication Protocol (LEAP) is a
proprietary wireless LAN authentication method developed by Cisco
Systems. Important features of LEAP are dynamic WEP keys and mutual
authentication (between a wireless client and a RADIUS server). LEAP
allows for clients to reauthenticate frequently; upon each successful
authentication, the clients acquire a new WEP key (with the hope that
the WEP keys live long enough not to be cracked)."

Plus, I'm quoting Wikipedia, so that may be wrong, and anemic, as well.

Anyone know of any free alternate wireless clients?

David Taylor wrote:
> > Is anyone aware of a free (GPL) alternative wireless client for
> > Windows? I cannot use the client in Windows XP as it does not support
> > LEAP.
>
> LEAP is worse than WEP. It's susceptible to a highly efficient
> dictionary crack and once you have the username and password, you
> have...the username and password - valid credentials for the network.
> Capture the admin logging on and your network isn't yours anymore.
>
> At least with WEP all you've lost is a network connection!
>
> Even Cisco gave up on LEAP as not worth fixing, you might want to pass
> by also.
>
> http://searchnetworking.techtarget.c.../0,289142,sid7
> _gci959510,00.html
>
> David.

> LEAP is just the authentication scheme and uses WEP (which alternates
> the WEP keys every 5 minutes). IMHO, it's better than just using WEP
> and follows the intentions of the WPA standard. From what I understand

You need to read about the asleap tool. Basically, you catch the
authentication, then perform a super quick dictionary crack and you have
the users login credentials.

Yes it's the authentication and rotates WEP keys but the fact that the
credentials can be compromised very quickly gives the attacker a network
login, worse than WEP.

> Anyone know of any free alternate wireless clients?

Can you at least not do an 802.1x solution or failing that just a VPN
because any amount of googling for LEAP flaw will enlighten you.

David.

Thanks for the info on LEAP - it is very interesting.

I'm afriad the authentication and encryption method is not up to me. I
just need a free wireless client which supports LEAP. I'm assuming my
chances are slim to none.

David Taylor wrote:
Can you at least not do an 802.1x solution or failing that just a VPN
because any amount of googling for LEAP flaw will enlighten you.

David.

> I'm afriad the authentication and encryption method is not up to me. I
> just need a free wireless client which supports LEAP. I'm assuming my
> chances are slim to none.

Possibly, not much point writing a client for a broken authentication
scheme I guess? You could always educate the person who makes the
decision about the config.

David.

There are a couple major reasons why LEAP was used. I won't go into a
long history of it, but it's still in use because of our favorite
argument: not enough money, time and effort are available to make a
change - yet. It foot the bill at the time of implementation.


David Taylor wrote:
> > I'm afriad the authentication and encryption method is not up to me. I
> > just need a free wireless client which supports LEAP. I'm assuming my
> > chances are slim to none.
>
> Possibly, not much point writing a client for a broken authentication
> scheme I guess? You could always educate the person who makes the
> decision about the config.
>
> David.

> There are a couple major reasons why LEAP was used. I won't go into a
> long history of it, but it's still in use because of our favorite

It was a good idea years ago when Cisco wanted to have something better
than static WEP but the world has moved on - a long way!

LEAP was cracked, it was proprietary, times change.

David.

In article <(E-Mail Removed) .com>, (E-Mail Removed) wrote:
>There are a couple major reasons why LEAP was used. I won't go into a
>long history of it, but it's still in use because of our favorite
>argument: not enough money, time and effort are available to make a
>change - yet. It foot the bill at the time of implementation.
>

Just to jump in, I don't think there is a LEAP client add on available for
Windows to be had in GPL form. The insecure nature of LEAP insures that
very few to (you may be the only one in the world) no one would be
interested in client software for it. When you think about it, why would
someone take the time to write code for something no one would be
interested in using?

Good luck in your search, but don't be surprised if nothing turns up. I
understand your problem. I really think you and the powers that be need to
discuss this issue at some point. I understand ca$h issues, but how much
will a compromised network co$t? Again though not your call I understand...

>
>David Taylor wrote:
>> > I'm afriad the authentication and encryption method is not up to me. I
>> > just need a free wireless client which supports LEAP. I'm assuming my
>> > chances are slim to none.
>>
>> Possibly, not much point writing a client for a broken authentication
>> scheme I guess? You could always educate the person who makes the
>> decision about the config.
>>
>> David.
>

fundamentalism, fundamentally wrong.