freeradius and dynamic ip allocation

Dimitrios sehh at altered.com
Thu May 29 15:24:43 BST 2003


On Thu, 29 May 2003 15:04:36 +0100 Pete French <pete at twisted.org.uk> wrote:

> I am assuming that 128 bit keys take longer to break than the 48 bit ones
> though. As the kit does not (as yet) appear to support WPA then its
> the best I could do.

It takes longer, but not that much, depends on the amount of sniffed data
and the methods/hardware of the cracker.
 
> I thought breaking the keys required sniffing a considerable quantity
> of data from the network (at least ten minutes worth when theres a lot of
> traffic). You must be driving very slowly :-)
> [seriously - how much data needs to be captured to break a 128 bit key ?]

err i should have been a bit more clear. what i mean by driving is that
you can move anywhere and sniff anything.

finding the WEP key requires around 100mb. which doesn't take very long
to sniff on a busy network.

so if you want to make a cracker sit outside your home all year to
crack your key, here is what to do:

1) reduce traffic down to a few kb per month (kinda impossible eh?)

2) change key every 10-50-100mb or so

3) use VPN/IPSEC or other kind of ecryption for your traffic, so
even if the cracker finds the key, it won't be much use to him.

4) Set your wireless devices in a clever way. Avoid using an AP
close to the border of your properly. Don't buy very powerful
devices. It all makes it harder for the cracker to sniff, but
does not prevent it.

5) Use a good AP which is customisable. What you need is an AP
which disables broadcasting ESSID, and other details. If your AP
can filter MAC addresses then use it! Also, dont count on
MAC filtering only, since a cracker can sniff the MAC's you use
on your devices and he can use them as well.

I think corporate networks and users with wireless-only networks
are at most risk. Users who replace their entire cable lan
for wireless only, means they transfer a very large amount of
data, making it easier to find the key.





More information about the Ukfreebsd mailing list