Slashdot Mirror

← Back to Stories (view on slashdot.org)

WEP And PPTP Password Crackers Released

Posted by timothy on from the be-worried dept.

Jacco de Leeuw writes "SecurityFocus published an article by Michael Ossmann that discusses the new generation of WEP cracking tools for 802.11 wireless networks. These are much faster as they perform passive statistical analysis. In many cases, a WEP key can be determined in minutes or even seconds. For those who have switched to PPTP for securing their wireless nets: Joshua Wright released a new version of his Cisco LEAP cracker called Asleap which can now also recover weak PPTP passwords. Both LEAP and PPTP employ MS-CHAPv2 authentication." Update: 12/22 00:14 GMT by T : Michael Ossmann wrote to point out his last name has two Ns, rather than one.

4 of 244 comments (clear)

  1. Securing wireless connections by da.phreak · · Score: 5, Informative

    I did not trust WEP even before this tools were released. I read a bit about securing the connection independent of the wireless equipment. Treating the wireless connection like a public network, I set up a Virtual Private Network (VPN). I'd like to share my experiences:

    First I tried to setup IPSec. It was a nightmare. Although I know a lot about computers and networks I did not manage to setup IPSec. It's configuration is so complicated, I have no clue. Although, it must be possible to get IPSec running, maybe it's just me who is too stupid :). IPSec would have been the most secure solution, but despite public belief it's not that secure:

    http://www.schneier.com/paper-ipsec.html

    Then I tried Cipe. It was very easy to get it running, but it's horribly insecure. Peter Gutmann wrote a nice article, which was in the news on slashdot some time ago:

    http://lists.virus.org/cryptography-0309/msg00257. html

    In that article I read about tinc, which I now use. It's almost as easy to setup as cipe, but more secure (although not perfect and not as good as IPSec). Here is the answer of the developers of tinc to Peter Gutmann's article:

    http://www.tinc-vpn.org/security

    So, maybe if you believe them it's not that bad, I'm not sure about this.

    I think one great advantage of the VPN-solutions is that AFAIK there are no tools available that make cracking them as easy as cracking WEP. So the "common War Driver" or Script Kiddie has no clue what to do, you'd need some kind of expert to crack your connection. And, if such an expert is trying to break your security, you maybe have a bigger problem anyway.

    I just wanted to have an acceptable level of security and lock War Drivers out.

  2. Correction to submission by paranode · · Score: 4, Informative

    Just to clarify, it can crack the code in minutes or even seconds after you've already captured at least about a quarter of a million encrypted packets, maybe more. That will take longer than just a few minutes or seconds, most likely.

  3. Re:End-to-End Security by JJahn · · Score: 4, Informative

    Although it may seem that the switch will only send data to the computer that is connected to it, that is easily subverted by ARP poisoning. Don't feel safe from traffic sniffing just because you use a switch.

  4. OpenVPN by halfelven · · Score: 4, Informative

    By far the best way to accomplish that is by using OpenVPN.
    I tried everything, IPSec, SSH tunneling, you name it. They all suck. SSH is, let's face it, limited. IPSec is cumbersome, not exactly friendly to all operating systems, doesn't play well with NAT (unless you use UDP encapsulation), etc. It is glaringly obvious that it's a severely overdesigned protocol.

    Enter OpenVPN. It uses SSL for encryption, but it's not a SSL-based pseudo-VPN, but a true VPN - it can forward any IP protocol. Think of it as having the functionality of IPSec, but using a simpler and more sensible implementation.
    It's cross-platform (Linux, Windows, Solaris... you name it). It's simple to install and configure (same software can be either server or client and the config file semantics are similar). It's secure (it can use signed certificates, passwords, any authentication mechanism you like). It can compress the traffic on the fly (using LZO which is pretty damn fast and low-overhead). If you use TCP transport instead of UDP, it can tunnel through ordinary HTTP proxies. It has dummy-friendly GUI for Windows. It slices, it dices and it makes coffee... oh, well, maybe not that.

    Anyway, i'm running an OpenVPN server on my home firewall, and i put OpenVPN on all my computers (my workstation at the office, my laptop, etc.). Wherever i go, i just fire up OpenVPN and "i'm home".
    I run IMAP through it, so my IMAP clients (Evolution), no matter where they are, they "see" the same IMAP servers and folders. That is awesome - different systems, yet my mail looks the same. And it's also secure. ;-)

    My wireless access point has no security whatsoever: no encryption, no MAC filtering, no SSID cloaking... it even gives you a DHCP address. :-) However, it's behind a totally restrictive firewall. The only way to work around that is to open an OpenVPN tunnel. Then you can do pretty much anything, through the tunnel, of course.

    It rocks!