Re: Mac Address Filter

[Scott Francis <darkuncle@darkuncle.net>]

On Sat, Jun 08, 2002 at 02:35:11PM -0700, grendel@heorot.stanford.edu said:
> > > For security purposes, on my local wireless P2P network, I have to
control
> > > the access to my gateway.
> > > As WEP is really unsecure, I need to have an ipsec security. But some
> > > hosts on the network don't have an ipsec implementation. So, I think a
>
> WEP is secure enough if you change keys from time to time.  104 (128) bit
> keys can't be broken that fast.  IP filtering is still sufficient IMHO.

On the contrary ... see http://www.dachb0den.com/projects/bsd-airtools.html,
specifically the README for airsnort.

----
When every weak IV has been gathered (13 key bytes * 256 = 3315
packets), there is no point to continuing the capture process. In
reality, it takes somewhat fewer packets than this.
----

On a wireless net with no traffic, this is obviously not the case, as pretty
much all you'll get is beacon traffic from the AP. However, on a net that's
being actively used, an hour or two, at most, is all you'll need to collect
enough IV packets to run crack and get the WEP password.

As you said though, WEP can be reasonably secure if you change keys often
enough (once an hour or more frequently). Of course, this introduces its own
problems - on a net with several clients, updating everybody's WEP key that
frequently can be a hassle. *shrug*
--
Scott Francis                   darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager          sfrancis@ [work:]         t o n o s . c o m
GPG public key 0xCB33CCA7              illum oportet crescere me autem minui

[demime 0.98d removed an attachment of type application/pgp-signature]