[lwlan-user] trouble using WEP with linksys wpc11

David Cook linux-wlan-user@lists.linux-wlan.com
Mon, 30 Jun 2003 21:49:33 -0400 

>However, unless you somehow encrypt your traffic
>blocking MAC-addresses is futile. It doesn't take much to spoof
>MAC-addresses, just as it doesn't take too much effort determining the
>MAC-addresses of your PC's.

Ah, good point.  Thanks for enlightening me about that!

In my neighborhood, the odds are low that ANY of these threats
are very likely.  But, never say never.  That said, one of these days I'll
now
probably go try enabling WEP.  (My access-point is an older model,
though, and does NOT support 128-bit encryption [unless there is
a firmware upgrade that does now].  I've got some homework to do, I guess.)

Cheers...

			Dave



-----Original Message-----
From: linux-wlan-user-admin@lists.linux-wlan.com
[mailto:linux-wlan-user-admin@lists.linux-wlan.com]On Behalf Of Søren
Boll Overgaard
Sent: June 30, 2003 12:28
To: linux-wlan-user@lists.linux-wlan.com
Subject: RE: [lwlan-user] trouble using WEP with linksys wpc11


Hi,

man, 2003-06-30 kl. 17:42 skrev David Cook:

> My own view is that I am NOT concerned about anyone 'decoding' the
> content of my traffic (which is what WEP prevents, right?  it 'encrypts'
> all the traffic?)

Yes. I am not particularly concerned about people observing what I use
my network for. The stuff that matters is encrypted at the transport or
application levels anyway.

> Anyway, what I AM CONCERNED with on my home network is to prevent anyone
> (like a neighbor or guy parked in the street) from being able to CONNECT
> to my access-point.

Indeed, that's a reasonable concern.

>  So, instead of WEP, in my access-point, I enable the
> feature that allows only a known list of 'MAC-addresses', and then I
> 'allow' the MAC-addresses of each of my PC's that have wireless-adapters
> and 'deny' all others.  This prevents my access-point from acting like
> a 'hot spot', so only adapters-addresses (i.e. MAC addresses) that I
> pre-approve by putting in the list are allowed to 'associate' (connect
> wirelessly)
> to my access-point.

I've done this as well. However, unless you somehow encrypt your traffic
blocking MAC-addresses is futile. It doesn't take much to spoof
MAC-addresses, just as it doesn't take too much effort determining the
MAC-addresses of your PC's.

> Enabling WEP seems 'off the mark', and I think some people want to enable
> it for the wrong reasons.  I'd argue that in general no one worries about
> 'encrypting' the traffic from our WIRED machines, yet we all know that
> anyone with a wired 'sniffer' can READ that traffic.

It is illegal and reasonably easy to detect physical breakins required
to hook up a wired sniffer. It is trivial and hardly illegal to setup a
wlan-sniffer. I consider that an important difference. Additionally, I
normally expect my LAN to be a trusted part of the Internet. Using an
unencrypted wlan breaks that assumption.

>   After all, unless
> I'm engaged in some illegal activity, I don't care if other can READ
> segments
> of my messages.  I just don't want them to BREAK IN (i.e. CONNECT to the
> inside
> of my home network, and the MAC-address-list thing will prevent that.
>
> (Anyone/everyone:  Please enlighten me if my theory and understanding is
> incorrect.)

If I had the option I would probably not be using WEP at all, since
known plaintext attacks against it is (presumably) feasible. IPSec seems
to be the way to go, unfortunately it requires a running host to decrypt
the IP traffic before it gets routed out of the local network, and I
don't particularly like the idea of having a machine running around the
clock.

Also, my apologies for sending my initial message twice. It was a
brainfart on my part.

Thanks.
--
Søren O.

_______________________________________________
Linux-wlan-user mailing list
Linux-wlan-user@lists.linux-wlan.com
http://lists.linux-wlan.com/mailman/listinfo/linux-wlan-user