[CentOS] CentOS4, KDE3.3 and 128 WEP

Mon May 23 08:25:18 UTC 2005
John Logsdon <j.logsdon at quantex-research.com>

Folks

My concern is not so much just how good or bad WEP is - and I agree that
it is much better to use ssh or a vpn tunnel.  Until 802.11i is fully
implemented, standard wireless is always going to be very easy to hack by
a sniffing geekster.

The problem is that there are quite a lot other machines on the network
that have been configured with WEP128.  I don't use DHCP and I have MAC
filtering enabled so that is some protection.  Unconfiguring all those
machines will be a pain and as some of them are WinDroze XPoor, almost
certainly to fall over.

OK - maybe the solution is to upgrade to KDE3.4.  There are comments about
128 WEP in the 3.4 kdenetwork package.  And is KDE3.4 already stable
enough to be included?  What do people recommend?  Has anyone upgraded to
3.4?

Another issue is where is the gpg public key repository for CentOS4?

So my problem remains.  At the moment I am using a regular wired
connection but that means that the garden is out of bounds and it is nice
and sunny today here in Manchester ... :-)

Best wishes

John

John Logsdon                               "Try to make things as simple
Quantex Research Ltd, Manchester UK         as possible but not simpler"
j.logsdon at quantex-research.com              a.einstein at relativity.org
+44(0)161 445 4951/G:+44(0)7717758675       www.quantex-research.com


On Sun, 22 May 2005, Ryan wrote:

> I disagree with this assessment.
> 
> WPA-PSK is not much more secure than 128-bit WEP, since its passphrases 
> vulnerable to common dictionary attacks.  Worse, linux has poor WPA 
> support - not every wifi card supported by linux has WPA support.
> 
> Also, many non-computer devices (wireless webcams, etc) only have WEP as 
> an option.
> 
> Use system-config-network , not kwifi, and you should be able to use WEP 
> with no problem. Also, consider turning OFF DHCP, turning the AP off 
> when you aren't using it, and enabling MAC filtering.
> 
> If you are really concerned about security, consider using an SSH or VPN 
> tunnel to encrypt data between laptops and a wired router/server.
> 
> For some information on WPA-PSK weaknesses: 
> http://wifinetnews.com/archives/002452.html
> 
> 
> system-config-network requires you enter in "0x" bbefore the key.
> 
> 
> Maciej Zenczykowski wrote:
> > You can skip wep128 or wep64 or any other wep for that matter,
> > currently a standard notebook with a supported wireless card running linux
> > can passively break through wep64/wep128 encryption within 10-30 
> > minutes, switching to active mode can break through the encryption 
> > within 3-5 minutes.  Simply put, encryption of the WEP kind is no longer 
> > worth the bother.
> > 
> > Just look around on google, he's a quote I found:
> > 
> > Department: Here's a demo of the FBI, using commonly available and openly
> > documented hardware & software to crack WEP 128-bit security in three 
> > minutes.
> > 
> > http://www.tomsnetworking.com/Sections-article111-page1.php
> > 
> > The needed utilites can be freely downloaded of the internet.
> > 
> > Cheers,
> > MaZe.
> > 
> > On Sun, 22 May 2005, John Logsdon wrote:
> > 
> >> CentOS4 standard installation.
> >>
> >> I see that KwifiManager doesn't support 128 bit WEP which I need for 
> >> other
> >> machines on the network, which is a bit of a blow - and rather surprising
> >> really as security should be quite a consideration on an enterprise level
> >> system (NB RH!).
> >>
> >> Is there a workaround?  An alternative way of configuring my Belkin
> >> F5D6020 ver 2 card?  eg a cvs download that I can get and copy via a
> >> stick?  Or how to do it manually?  I have tried regressing kdenetwork but
> >> that doesn't include kwifimanager at all.
> >>
> >> Ideas?
> >>
> >> TIA
> >>
> >> John
> >>
> >> John Logsdon                               "Try to make things as simple
> >> Quantex Research Ltd, Manchester UK         as possible but not simpler"
> >> j.logsdon at quantex-research.com              a.einstein at relativity.org
> >> +44(0)161 445 4951/G:+44(0)7717758675       www.quantex-research.com
> >>
> >>
> >> _______________________________________________
> >> CentOS mailing list
> >> CentOS at centos.org
> >> http://lists.centos.org/mailman/listinfo/centos
> >>
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> > 
> > 
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>