Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

Airsnort: Open Source WEP cracker goes public

By 87C751 in News
Mon Aug 20, 2001 at 01:07:39 PM EST
Tags: Security (all tags)

Of course, this was inevitable. The widely publicized WEP vulnerability has been rolled into an Open Source project.

Now on SourceForge, look at Airsnort. From the introduction:
AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.
While not quite simple enough for skiddiez (I hope), Airsnort does handily prepackage the tools necessary to crack any arbitrary 802.11 node that uses WEP.


Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure


Now that a packaged WEP exploit is out, what will you do with your WEP node?
o Add a firewall and tunnel. 23%
o Put skiddiez props on my homepage. 2%
o Send a thank-you card to Airsnort. 8%
o Stay under my rock. 42%
o Go back to UUCP. 23%

Votes: 47
Results | Other Polls

Related Links
o SourceForg e
o Airsnort
o Also by 87C751

Display: Sort:
Airsnort: Open Source WEP cracker goes public | 11 comments (8 topical, 3 editorial, 0 hidden)
Amazing speed (2.00 / 3) (#1)
by iwnbap on Mon Aug 20, 2001 at 10:39:55 AM EST

I'm amazed at the speed of this - it seemed like just a few weeks ago that the RC4 crack was announced.

Thanks! (4.00 / 2) (#2)
by farmgeek on Mon Aug 20, 2001 at 10:42:39 AM EST

Being a health care provider, we had decided to forego wireless until the damn security improves. This should come in handy when the executives start whining about the decision. We'll just set up a two node demo lan and then sniff it for them.

re: Thanks! (4.33 / 3) (#6)
by danceswithcrows on Mon Aug 20, 2001 at 01:08:12 PM EST

This should come in handy when the executives start whining about the decision. We'll just set up a two node demo lan and then sniff it for them.

Don't hold your breath there. From c.o.l.misc about a year ago, posted by Peter T. Breuer:
"...we set up a demonstration about how insecure their system was: One person ran ethereal while another used a POP3 client to check his mail, and we showed how we could capture a user's password in realtime.

"It didn't help. They didn't understand the concept of passwords or what they were used for."

In a lot of peoples' minds, convenience trumps security. It would probably be best to say something about "patient data on wireless net = k1dd13z getting ahold of sensitive medical info = lawsuits from rich patients," then do the demo. They will remember the "lawsuits" part even after their eyes have glazed over during the tech-talk.

Matt G (aka Dances With Crows) There is no Darkness in Eternity/But only Light too dim for us to see
[ Parent ]

Patient Data (4.00 / 2) (#7)
by farmgeek on Mon Aug 20, 2001 at 01:47:19 PM EST

is my point exactly. Frankly, the rest of the network can go to hell in a hand basket as far as anybody in this organization is concerned.

What? Can't get your email? Well, we'll have it up in a few days we think.

Can't access patient records? I'll be there about thirty seconds ago.

Fortunately, I am in the position of being able to simply refuse to do stupid shit, as long as we can still provide patient care, and we keep patient information confidential.

[ Parent ]
To WEP or not to WEP (4.00 / 2) (#8)
by wcdw on Mon Aug 20, 2001 at 08:29:28 PM EST

WEP is useless on any non-trivial scale anyway. It's far too easy to social engineer a key, or obtain one from a disgruntled employee. There are other alternatives to security - for example, SSH into the wireless<->wired gateway and port redirect anything needed to play in that world. Less secure is proxy-based authentication, as it does still allow the network to be sniffed. Although, to be fair, it's not that hard to sit in your car and read what is on someone else's monitor, either, if you REALLY want to know what's going on. And in reality, the network is no less secure than some cable modem systems, or the Internet at large. Sure, most admins at large ISPs don't spend a lot of time sniffing the network if only due to the large volume of traffic. But are you sure they're not, or that your last transmission hasn't snared you in one of their filters?

This kind of software is going to exist either way -- having it as publically available open source makes it easier to get publicity for the problem, even if it does create potential problems for stupid people. (Witness ~20k port 80 probes against my firewall last week - down only 5k from the week before, if you need a watermark for stupidity.)

Its not that bad... (4.20 / 5) (#9)
by DedMike on Tue Aug 21, 2001 at 02:17:37 AM EST

...everyone should be using tunneling and a restrictive firewall for wherever they have any traffic that is in any way sensitive.

For REALLY sensitive information, investigate PGP, additional TCP wrappers, multiple encrypted pipe 'jackets,' (IPv6, with Kerberos authentication to PAM, anyone?) and the use of symmetric versus asymmetric (AKA 'public') key crypto systems, and journaling and encrypting file systems. Given the current Hotmail problem, CR and other issues, it is becoming clear that the ultimate responsibility for security is on the user, since software and service providers have abrogated all responsibility and gotten the Congress Critters and Reptilesentatives to pass laws to allow them to do so (except in Iowa). Too bad, since most users are idiots, and that's why the script kiddiez are always so successful (Well, that and the clueless media and politicians.).

On top of the above, we give the bad guys tremendous strategic and tactical intelligence about our responses and defenses and the efficacy therof. However, because of the iresponsibility of our vendors, service providers and lawmakers, we have no choice.

...and if you thought you were safe inside your network, just because you have no wireless network devices and use switched segmentation? Try this little project. Read it and try not to weep.

Meanwhile, could you guys at VA Linux, Kuro5hin and Sourceforge kindly turn off the web bugs?! They contribute to insecurities and are an annoyance to those of us who are sensitive to them...not to mention that I do everything in my power to poison your tracking databases and introduce inconsistencies in them when I find idiots such as yourselves using web bugs. It shows you have no respect for your users, their privacy, or their security. While you're at it, clean up your Javascript, too. Now, I'm going back to poisoning your adtrack and syslogs and checking the security (or lack thereof) of your scripts and databases. After all, if you have the right to attack me and my networks with your insecure practices, you've given me the same right.

Whatever happened to the idea of physical security (4.00 / 1) (#10)
by cascadefx on Tue Aug 21, 2001 at 09:32:06 PM EST

I seem to remember reading somewhere (OK... everywhere) that it doesn't matter how good you passwords or you encryption techniques are if you don't lock up that damn machine and keep your wires in safe places.

Given time and access anyone can break into anything. Now everyone is pushing wireless this and wireless that. Hmmm... Let me just sit in your general vicinity (or better yet, get an apartment across the street and a good antenna) and just start brute forcing the crap out of your protocol protections. Most probably, you won't even know it is happening (as you have no physical control of the protocol's boundaries) until it is too late.

my .02

but then again, it is really cool. I know of a place that is using wireless solutions for systems that are desktop units just for the wow factor. They have no problem with wire access (all jacks are next to power outlets that the desktop is going to need anyway) and the system is too heavy to be mobile. They are just doing it because it is "neat."

That's "neat," not "bright" mind you.

My Experience (5.00 / 1) (#11)
by titivillus on Wed Aug 22, 2001 at 02:28:12 PM EST

I work in a clinic, and we're looking into the possibility of Electronic Medical Records. This means we put computers and networks into all of the exam rooms. Now, there are power plugs in each exam room, but there isn't cat-5. And to run cat-5 to all the exam rooms would mean the clinic is down until the work is done, which is unacceptable. So, the current expectation is that we're going to go 802.11(something) for that.

To my mind, I should be able to route all my traffic through l0pht and 2600 without having to worry about anything being sent, so the insecurity of WEP doesn't worry me too much.

[ Parent ]
Airsnort: Open Source WEP cracker goes public | 11 comments (8 topical, 3 editorial, 0 hidden)
Display: Sort:


All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!