Strengthening WEP security?

[haqking]

Your router should enable you to specify permitted MACs. An easy solution is to connect all your devices then look at the list of MACs in the router's software. Some routers let you create a permission list; otherwise you would just copy the addresses into the form for permitted addresses.

MACs can be spoofed, but from the little I've read it's harder than exploiting WEP. I imagine you'd need to be monitoring the radio when the device requests an address via DHCP. Using static addresses on the client devices might avoid the need to broadcast the MACs entirely. I suspect it would be pretty hard to exploit this method in that situation, but you should do some research and not trust my rather uninformed speculation.

Spoofing a MAC and cracking WEP are equally as "easy" and both take about 30 seconds.

To the OP for radio security where you have to use WEP, there isnt alot you "can" do other than whats been said.

Use MAC address filtering (though it is easy to overcome)
Use a strong key and change it often (rotation)
Dont use DHCP and use statics where possible
Use a custom subnet to limit the amount of available IP so only the machines you have and want can connect.

These are all trivial to overcome, but that being said how likely is it that someone is close to you who will steal your WIFI or if they were going to would actually bother that much to get past the above.

[Stonecold1995]

Spoofing a MAC and cracking WEP are equally as "easy" and both take about 30 seconds.

To the OP for radio security where you have to use WEP, there isnt alot you "can" do other than whats been said.

Use MAC address filtering (though it is easy to overcome)
Use a strong key and change it often (rotation)
Dont use DHCP and use statics where possible
Use a custom subnet to limit the amount of available IP so only the machines you have and want can connect.

These are all trivial to overcome, but that being said how likely is it that someone is close to you who will steal your WIFI or if they were going to would actually bother that much to get past the above.

How much protection does sending out fake WEP frames provide then? From the manpage of airuncloak-ng only it can defeat fake WEP frames, which would mean very good protection from any skiddy type "point and click" WEP cracker like fern-wifi-cracker.

Your router should enable you to specify permitted MACs. An easy solution is to connect all your devices then look at the list of MACs in the router's software. Some routers let you create a permission list; otherwise you would just copy the addresses into the form for permitted addresses.

MACs can be spoofed, but from the little I've read it's harder than exploiting WEP. I imagine you'd need to be monitoring the radio when the device requests an address via DHCP. Using static addresses on the client devices might avoid the need to broadcast the MACs entirely. I suspect it would be pretty hard to exploit this method in that situation, but you should do some research and not trust my rather uninformed speculation.

I'm not using a router. I'm using my computer connected to 3G for adhoc Wi-Fi.

[haqking]

How much protection does sending out fake WEP frames provide then? From the manpage of airuncloak-ng only it can defeat fake WEP frames, which would mean very good protection from any skiddy type "point and click" WEP cracker like fern-wifi-cracker.


I'm not using a router. I'm using my computer connected to 3G for adhoc Wi-Fi.

Chaff (fake WEP frames or cloaked) was proposed for legacy WEP devices (WIPS) it will add about 10 seconds of security

There is no security for WEP, it was never meant to be (wired equivalence), update your firmware to support WPA or WPA2 or devices, or go with what youve got and hope for the best.

Peace

[CharlesA]

I can only speak for myself, but my laptop has some nifty "turn wireless NIC into wireless AP" software, but I'm running Win7 on it. There should be something like that for Linux.

I agree with haqking's assessment. Using WEP is just slightly above having no security at all.

[haqking]

I can only speak for myself, but my laptop has some nifty "turn wireless NIC into wireless AP" software, but I'm running Win7 on it. There should be something like that for Linux.
.

There is, always has been there hasnt there ?

http://www.howtogeek.com/116409/how-...-access-point/

[WhaleVPS]

I think you are going to have to go with a case of "Who cares?"

Just monitor who is on your wireless and hope for the best.

[CharlesA]

There is, always has been there hasnt there ?

http://www.howtogeek.com/116409/how-...-access-point/

Yep. Nice howto as well.

I think you are going to have to go with a case of "Who cares?"

Just monitor who is on your wireless and hope for the best.

No. Just no. If you are just going to depend on people to be honest, why have any security at all?