wep decodable within 30 minutes?

New to wireless security, I hesitate to run my recently purchased MN-700 for
7/24. Is it true that the constant availability of the router - other than
wireless notebooks with varying locations -facilitates cracking its 128-bit
wep key by brute force within 30 to 60 minutes? wpa cannot be implemented
with my mixed network clients.

Many thanks for clarification and/or advice,

Thomas

you need to be passing a LOT of traffic for someone to crack WEP. it
takes a pretty dedicated hacker. and you'd probably notice someone
parked outside your house.

you should use mac address filtering (access control lists) in
addition to WEP and you should change the WEP key weekly.

On Mon, 17 May 2004 09:20:15 +0200, "Thomas Bliesener" <kicks_@gmx.de>
wrote:

>New to wireless security, I hesitate to run my recently purchased MN-700 for
>7/24. Is it true that the constant availability of the router - other than
>wireless notebooks with varying locations -facilitates cracking its 128-bit
>wep key by brute force within 30 to 60 minutes? wpa cannot be implemented
>with my mixed network clients.
>
>Many thanks for clarification and/or advice,
>
>Thomas

--
Barb Bowman
Expert Zone Columnist
http://www.microsoft.com/windowsxp/expertzone
MS-MVP (Windows)

Barb Bowman [MVP-Windows] <(E-Mail Removed)> schrieb:

> you need to be passing a LOT of traffic for someone to crack WEP. it
> takes a pretty dedicated hacker. and you'd probably notice someone
> parked outside your house.

During my absence from the office, extra traffic would not detected. Or
could you suggest some kind a sms alarm at a critical rate of network
traffic?

Cars are always parking in my street from one end to the other - I am living
downtown in a European big city. Anyway, when I scan my site, there are
always a couple of ssid active in the neighborhood.

> you should use mac address filtering (access control lists) in
> addition to WEP and you should change the WEP key weekly.

This will reduce the risk, thanks for the advice.

Thomas

If you are that concerned, you can turn off your wireless radio every time
you know you are leaving the house for an extended amount of time.


--
Jason Tsang - Microsoft MVP

Find out about the MS MVP Program -
http://mvp.support.microsoft.com/default.aspx

"Thomas Bliesener" <kicks_@gmx.de> wrote in message
news:%(E-Mail Removed)...
> Barb Bowman [MVP-Windows] <(E-Mail Removed)> schrieb:
>
> > you need to be passing a LOT of traffic for someone to crack WEP. it
> > takes a pretty dedicated hacker. and you'd probably notice someone
> > parked outside your house.
>
> During my absence from the office, extra traffic would not detected. Or
> could you suggest some kind a sms alarm at a critical rate of network
> traffic?
>
> Cars are always parking in my street from one end to the other - I am
living
> downtown in a European big city. Anyway, when I scan my site, there are
> always a couple of ssid active in the neighborhood.
>
> > you should use mac address filtering (access control lists) in
> > addition to WEP and you should change the WEP key weekly.
>
> This will reduce the risk, thanks for the advice.
>
> Thomas
>

Jason Tsang <jason-(E-Mail Removed)> schrieb:

> you can turn off your wireless radio every time
> you know you are leaving the house for an extended amount of
> time.

You might have overlooked the condition "24/7" in my original posting.
Others depend on using this shared internet connection anytime they want.

Since they are not apt to monitor a possibly critical amount of network
traffic, there needs to be a technological solution for keeping the network
safe. Of course, wired LAN does the job. But how can a wireless alternative
be more secured? How (for example) could an intrusion alarm be created?

Thomas

i don't know of any sms alarm. the MN-700 was designed for residential
use (and is only supported in the US and Canada).

you could turn off DHCP and assign statics, and use SPX/IPX for file
sharing and unbind file sharing from TCP/IP. but seriously, if you are
in an office environment, you should get an enterprise level access
point that supports radius authentication and set up radius on a
server o the domain to authenticate against.

On Mon, 17 May 2004 13:24:58 +0200, "Thomas Bliesener" <kicks_@gmx.de>
wrote:

>Barb Bowman [MVP-Windows] <(E-Mail Removed)> schrieb:
>
>> you need to be passing a LOT of traffic for someone to crack WEP. it
>> takes a pretty dedicated hacker. and you'd probably notice someone
>> parked outside your house.
>
>During my absence from the office, extra traffic would not detected. Or
>could you suggest some kind a sms alarm at a critical rate of network
>traffic?
>
>Cars are always parking in my street from one end to the other - I am living
>downtown in a European big city. Anyway, when I scan my site, there are
>always a couple of ssid active in the neighborhood.
>
>> you should use mac address filtering (access control lists) in
>> addition to WEP and you should change the WEP key weekly.
>
>This will reduce the risk, thanks for the advice.
>
>Thomas

--
Barb Bowman
Expert Zone Columnist
http://www.microsoft.com/windowsxp/expertzone
MS-MVP (Windows)

Barb Bowman [MVP-Windows] <(E-Mail Removed)> schrieb:


> you could turn off DHCP and assign statics,

already the case

> and use SPX/IPX for file sharing and unbind file sharing from TCP/IP.

to be considered

> but seriously, if you are
> in an office environment, you should get an enterprise level access
> point that supports radius authentication and set up radius on a
> server o the domain to authenticate against.

Ok, possibly the only adequate solution.
I'll pass on the MN-700 to my students (at least I spent my bucks in the
store).

Thanks for your clear words, Barb, et bonne chance,

Thomas

Actually, depending on your setup, a singe data frame may
be sufficient to break WEP!!! In average, a day of data
exchanges is sufficient to break WEP.

Even when you setup MAC filtering it is possible to
capture all data exchanged within the network (e.g.
financial files). One can also break in by faking the MAC
address.

If your installation is really important:
- Enable ICF on each computer, and set a VPN to
transfer data among them
- Upgrade all to g or (MS equip is now fairly cheap
that they are getting out of wifi business)
- Get a second b router and separate secure WPA data
from an insecure b subnetwork

>-----Original Message-----
>you need to be passing a LOT of traffic for someone to
crack WEP. it
>takes a pretty dedicated hacker. and you'd probably
notice someone
>parked outside your house.
>
>you should use mac address filtering (access control
lists) in
>addition to WEP and you should change the WEP key
weekly.
>
>On Mon, 17 May 2004 09:20:15 +0200, "Thomas Bliesener"
<kicks_@gmx.de>
>wrote:
>
>>New to wireless security, I hesitate to run my recently
purchased MN-700 for
>>7/24. Is it true that the constant availability of the
router - other than
>>wireless notebooks with varying locations -facilitates
cracking its 128-bit
>>wep key by brute force within 30 to 60 minutes? wpa
cannot be implemented
>>with my mixed network clients.
>>
>>Many thanks for clarification and/or advice,
>>
>>Thomas
>
>--
>Barb Bowman
>Expert Zone Columnist
>http://www.microsoft.com/windowsxp/expertzone
>MS-MVP (Windows)
>.
>

I don't have an answer to your question, but I would be
currious as well. I'm not very familair with WEP, but I
reasoned that it would be relatively secure with a 128-
bit key. Back in the 80's, the DES (Data Encription
Standard) with it's 32-bit key was considered safe in
that it would take a Cray super computer a mater of
months to break, by which time the information was no
longer time critical. I would assume that WEP would be
similar to DES in encription methode and that the larger
key would make is even more secure.

>-----Original Message-----
>New to wireless security, I hesitate to run my recently
purchased MN-700 for
>7/24. Is it true that the constant availability of the
router - other than
>wireless notebooks with varying locations -facilitates
cracking its 128-bit
>wep key by brute force within 30 to 60 minutes? wpa
cannot be implemented
>with my mixed network clients.
>
>Many thanks for clarification and/or advice,
>
>Thomas
>
>.
>