For a long time, WEP was considered to be an extremely good method of encrypting wireless connections. The acronym simply means Wired Equivalent Privacy. Originally it was only available in 64-bit configuration, but soon after 128-bit and even 256-bit encryption became available. Entering a 64-bit WEP Wi-Fi key was as simple as choosing a ten character hexadecimal number. Each character represented 4 bits, making 40 bits in total, and then 24 bits were added to complete the 64-bit key. WEP however, was proved to have many flaws mainly involving the short key size, which were relatively easy to crack. WEP also does not provide for security against altered packets – a process where packets of information is intercepted by an intruder and then altered before sending them back, making it look like the intruder is valid user.

These days, WPA (Wi-Fi Protected Access) and WPA2 have completely taken over from the old WEP encryption methods. You’ll probably still find WEP available on most routers, but it’s being phased out and someday it probably won’t be available at all. The main advantage WPA has over WEP is that it employs a powerful new feature called TKIP, or rather Temporal Key Integrity Protocol. TKIP is 128-bit, but instead of the key being static, it generates a new key for every packet of information that is sent, meaning it is a lot more secure. WPA also integrates a method of message integrity checks, used to defeat network attackers intercepting and altering data packets. WPA2 goes even further and replaces TKIP with CCMP. CCMP is an AES based encryption method that is much stronger even than TKIP.

In the home, you’ll probably want to use an encryption method called WPA-Personal. This is sometimes also called WPA-PSK. PSK stands for Pre-Shared Key, and is designed for home users and small offices where a server is not required for authenticating messages. It works by having each wireless device such as a laptop or smart phone authenticating directly with the wireless access point using the same key. Offices and large buildings may employ WPA-Enterprise. You can’t generally use this without a complicated authentication server set-up, but it does provide additional security.

Both WPA-SPK and WPA-Enterprise are available in WPA2, meaning even home users can now benefit from AES encryption over their Wi-Fi connections. All of these methods can transmit data at maximum speed, and you won’t notice any speed differences between each type of encryption. Therefore the recommendation is to use the best encryption you can. This means going for WPA2-PSK where you can in a home environment. There are new and more exotic types of Wi-Fi encryption becoming available, but for now even advanced users will find WPA2 more than adequate for most security applications.

If you are using wireless connections, you may want to check your router to make sure that it does not use encryption that can easily be cracked by users with the right toolset.

WPA Cracker is an online service that offers to run a 140 million word dictionary against a WPA handshake that is submitted by the customer. The service is powered by a cluster of 400 CPUs that can perform the brute force attack in a matter of minutes compared to the days it would take otherwise.

The price of the service depends on the the utilization of the cpu cluster. Full utilization comes at $34 which will process the 135 million words in about 20 minutes. The other option is half utilization which will cost half the price but take twice as long as only half of the servers are used in the attack.

This opens up a can of worms as it is now possible to crack passwords in a very short time.

As Dante who tipped us puts it “This is especially good for free wi-fi locations. You can use this to easily set up a man-in-the-middle attack and intercept everyone’s Internet communications. Makes for a great retirement plan – there are always idiots out there who do their finances/purchases in public locations like cafes, hotels, airports, et al.)”.

The service works even for WPA2 if PSK is being used:

Actually, while WPA2 introduced CCMP mode as a replacement for the problematic TKIP, when run with authentication based on Pre-Shared Keys (PSK), it is still vulnerable to dictionary attacks. Our service works against both WPA and WPA2 when PSK is being used.

Disclaimer: Please note that it is illegal to hack someone else’s wireless network. This article merely reports about the new possibility but does not encourage the use of the service for illegal activities (although it likely will be used for that as well).

While it does not seem to be that bad that someone else would use your wireless internet connection for surfing the web it becomes a very important matter if this is abused. Someone could download warez, pornography, commit fraud, send thousands of emails or share software in p2p networks. You will be held responsible for abuse that is done with your connection.

You need to know the basic information about your wireless router before you can begin to protect it.

• Who is the manufacturer
• What is the name of the wireless router

Visit the manufacturers website and search for updates for your router. Updates are normally in the form of firmware updates which update the internal functions to a new version which could result in additional features and security. Please consult the website for instructions on how to update the firmware of your router.

Make sure you update it using a wired connection because wireless connection tend to become unstable in the wrong moments. (Murphy’s law)

It is now time to protect the router further. Connect to the interface which is normally done by opening the IP of the router. (default 192.168.1.1 most of the time) Enter username and password and change them when your are logged in. Many routers get hacked because the user did not change the default login data that ships with the routers. Everyone can look them up and it is really easy to access the router even though everything else might have been optimized for security.

Now it is time to configure the security settings of the w-lan router. Add a service set identifier (SSID), it does not really matter how you name it, just remember the name. Make sure you disable the SSID broadcasting afterwards, this ensure that your wireless router does not show the SSID and it is a little bit more difficulty to find it out.

I know that this is a weak security tip but it could mean that this in addition with other security measures poses a problem for so called script kiddies.

Enable the strongest encryption method available, this is normally WPA2 with AES. If you have an older router or a device that does not support WPA2 you should think of buying a new router or updating the devices. Make sure you use a large string with numbers and letters. A good value would be between 20 and 30 chars for the key, make sure you remember it because you need to supply the key to the other devices that have to connect to the router.

Enable Mac filtering, look up your mac address by using the command line in Windows XP and typing ipconfig /all. The physical address is your mac address. This ensures that only computers with a Mac address that is listed in the router can connect to it. Please note that the Mac address can be faked.

If you do not need the full transmitter power because your router and computer are physically close to each other you could reduce the transmitter power to reduce the chance that someone from outside your walls will be able to find the router and connect to it. Please be aware that a good antenna on the device that wants to connect to your router is able to counter this strategy.

Here is a list of other ideas that are worth investigating.

• Disable all services that you do not need.
• It is a very good idea to power off the router when you do not need it to prevent anyone from connecting to it while you are away. Alternatively turn off the wireless function of the router.
• If you have the means monitor the traffic of your wireless connection to find out if someone else uses it as well.
• Enable the firewall of the router and configure it properly
• If the router has a logging feature enable it and analyze it regularly.
• Limit the maximum number of DHCP addresses if you use that feature.
• Use Authentication if possible.

The FBI method relies on the following tools: Kismet and Aircrack. Both can be found on Linux live cds such as knoppix.

Do the following if you have the tools available:

1. Run Kismet to find your target network. Get the SSID and the channel.
2. Run Airodump and start capturing data.
3. With Aireplay, start replaying a packet on the target network. (You can find a ‘good packet’ by looking at the BSSID MAC on Kismet and comparing it to the captured packet’s BSSID MAC)
4. Watch as Airodump goes crazy with new IVs. Thanks to Aireplay.
5. Stop Airodump when you have about 1,000 IVs.
6. Run Aircrack on the captured file.
7. You should see the WEP key infront of you now.

Update: WEP and WPA are no longer considered secure standards for wireless data transactions. It is highly recommended to enable WPA2-PSK in the wireless router if available. While it is also possible to attack WPA2-PSK wireless connections, success is not likely.

Please consult the manual of your router to find out how to change or modify the encryption method used by your wireless router. While we are at it, it is recommended to change the default admin password and username to improve router security significantly. Additional security measures, like disabling SSID broadcasting, filtering MAC addresses or changing the default SSID of the router have been proven to be ineffective to protect the wireless router from attacks.

The wireless research paper is still available. It details 802.11 security vulnerabilities. The latest vulnerability listed dates back to February 2002 though, it is therefor recommended to check other sources for more recent discoveries.

We had to do a scan of the surroundings of course and found lots of unsecured wireless lan networks. I don´t know why people keep these unsecured, maybe its laziness, maybe they simply don´t know the risks involved. Its like leaving your doors open when you leave your house. Lots of things can happen..

Others could use your internet connection to surf the web, to spam, download copyrighted files or hack other servers, and do even worse stuff. All using your connection. Guess on whose door the police will be knocking ?

Router / Access Point

This is your main configuration unit. If someone gets access to it he will be able to change lots of preferences like passwords, encryption and mac address. Most routers have default passwords and SSID´s which have to be changed by their owner to make the entire system more secure.

1. Default Login

Your first task is to change the default user login to something else. Routers normally have default usernames and passwords like admin / 0000 or similar. You normally configure your wlan router using a web browser and the routers ip. Those are the username and password you enter when you want to change the configuration.

2. Updates

Visit the manufactures website and look for updates for your router / access point. Often those updates include security updates as well, recommended to to every once in a while.

3. Infrastructure / Ad-Hoc

With infrastructure mode enabled all deviced connected to the wireless lan communicate through the access point / router while the Ad-Hoc mode allows for direct communication. Disable Ad-Hoc mode if available.

4. SSID

The SSID, Service Set Identifier, identifies your router. Companies use default ones like wireless or wlan which are easy to guess. Choose a more secure password, best is a combination of letters and numbers.

Disable the SSID Broadcasting, which transmits its name to everyone in range.Wireless stations searching for a network connection can ‘discover’ it automatically, not needed if you know the SSID and configure your computers the way. It does not make sense to change the name but leave broadcasting on.

Note its still possible to sniff the SSID, its still send in clear text when a client associates with the router / access point.

5. Pings

Turn of Broadcast pings on the access point / router this makes it invisible to 802.11b analysis tools.

6. Mac Address Filtering

Every network device has in theory a unique MAC address. You can configure your access point / router the way that it only accepts connections from the mac address(es) you specify. Its possible to sniff your mac addresses and fake them, don´t rely on this alone.

On windows open the command prompt and enter ipconfig /all

The Physical Address is your MAC address, make sure you selected the right device, a wlan pci card for example.

If you are not using windows go to, it explains how you find it on your operating system. [Update: the website is no longer available]

7. Remote Management

Disable if not needed.

8. WPA, WPA2 or WEP

If your access point offers WPA2 encryption use it. WPA2 uses AES encryption. If you have an older access point use WPA and as last resort use WEP. Make sure you chose passwords that are more or less immune against dictionary attacks and chose the highest available encryption option (232 ->104 -> 40)

9. Wlan Coverage

It does not make sense most of the time to provide wlan coverage for a wider area than your own appartment. You can experiment with lowering the transmit level and the use of directional antennas to reduce the area your wlan covers.

Its a good idea to change the encryption keys and the SSID every now and then. The best protection is of course to turn your wireless network off if you don´t need it.