WEP Encryption

[gman76]

We all know how easy it is to crack WEP, does anybody know if it can be cracked when no clients are connected via WEP?

Reason I ask is, I'm planning a network as follows: ADSL wireless g router with WEP & one Ethernet connected PC, secondary wireless n router hung from that (with different IP range) with WPA for several other devices. The idea being that Nintendo DS devices connect via WEP & important laptops connect to second n/w via WPA.

The Nintendos will only be connected once in a blue moon, my concern is the WEP security will compromise the whole network.

I welcome any comments!

 

[Monsterminty]

the main thing to remember is that no one is going to bother hacking your network, most people would rather just find a non-encrypted network to leach.

 

[krisdorey]

But to answer your question, yes you can crack WEP without any clients connecting.

Auth packets just help speed things up by using rainbow tables (i.e. known hashes of password against SSID's), this is why if your'e attacking a WEP network you'll flood it with auth requests and de-auth other clients on the network which will force them to submit auth requests (if you are particularly devious then you'll masquerade a rogue AP with the same SSID, death the clients and hopefully get them to attempt an auth with your rogue AP, faster form of gaining the WEP key).

even if no clients are connecting then the attacker can still generate their own traffic to the AP and glean packet information from this, enough to run a rainbow table attack.

At worst a dictionary attack would eventually break the key, although it may take quite some time

Simple methods to "improve" security, although by no means foolproof, is to hide you SSID, make sure you change it to something other than the default (which is how prebuilt rainbow tables work) and use a relatively complex 13 character WEP key.

 

[krisdorey]

You could also get a dual band router, 2.4ghz and 5ghz. Then make one of the ranges WEP and one WPA, saves buying two routers. I have a Netgear Rangemax N600 which is pretty good router enabling 300mb/600mb channel bonded operation. (Obviously well beyond what you'll ever get form DSL but if you have a NAS then wireless laptop/pc to the NAS transfer speeds are far better).

 

[gman76]

Thanks for your input.

That is the router I will be using for the n network (N600), however it's actually more convenient to use two routers as the g network will be unable to "see" the n network.

I will just take all available steps to secure the WEP.

 

[krisdorey]

The N600 will automatically bridge the 2.4 and 5ghz networks so one device on one frequency can talk to the other.

Unless you are thinking of some custom configuration?

 

[gman76]

The reason I want two different networks is I have a music server, the music database is held on a NAS drive & is controlled by the server, if the database is modified inadvertantly by another user, it will mess the whole config up.

So I want to prevent unauthorised access.

 

[Monkeh]

Uh, with regards to the music database.. why is it writable over the network by anything but the music server?

 

[gman76]

It is perfectly feasible to password protect the contents of the database, it's just something I've not bothered to do.

Doing it with two networks suits me fine, I'm just concerned about using WEP, but the some nintendo DSi games only support WEP.

 

[krisdorey]

Your method is sound, just e aware of the limitations of WEP above