| reply to Tom Blue
Re: securely mixing WEP and WPA - two routers required? said by Tom Blue:... unless the marketing person is an idiot... a redundancy of terms? |
|
| reply to Tom Blue
quote:
or the length of the string of bits as transmitted over the wire.
Please explain this. I must have missed the part of the 802.11 spec where the 104 bit key is transmitted over the "wire". Only the 24 bit IV is sent and it is not part of the key. As previously described the 40 or 104 bit key is concatenated with the 24 bit IV and used as input to the PRNG which in turn generates the encryption key used in the RC4 algorithm. I would appreciate it if you pointed out where the key or the key concatenated with the IV is transmitted over the "wire". |
|
| said by Lasko :
Please explain this. I must have missed the part... Come now... Do you really think anybody gives a shit ? Start a new thread. You are off topic. |
|
| reply to Anav
said by Anav:Actually Tom thats 'not secure' because all the traffic coming from the second router or from the WAN side has to pass the first (WEP - hackable router). Thus all the 'secure second router' traffic can be intercepted... Can traffic from the second router to the internet really be intercepted by someone wirelessly connected to the first router?
Of course I understand that the packets have to physically travel through the first router to get to the internet. But surely those packets are routed directly to the internet (do not pass go, do not collect £200)...?
Intuitively I'd have thought there would be no cause for concern unless those packets were additionally being broadcast on all the LAN ports of router 1? Is the router not clever enough to know that all stuff bound for 192.168.1.x goes one way, and everything else goes the other way?
Or is it really possible for device A, attached to router 1, to 'sniff' packets sent from device B to the internet via router 1? |
|
| reply to LiquidEyes
Thank you Liquid, I was wondering the same exact thing. You worded the question perfectly. Furthermore, even if it were possible to sniff those packets by simply connecting to router 1 how would that be any less secure than those packets getting sniffed after they leave the WAN port and venture onto the Wild Woolly Web ? Also, where does promiscuous mode of LAN cards fit into the sniffing picture ? Is the LAN of router 1 providing a "Promiscuous" intercept point ? |
|
| said by DRM Killler :
Furthermore, even if it were possible to sniff those packets by simply connecting to router 1 how would that be any less secure than those packets getting sniffed after they leave the WAN port and venture onto the Wild Woolly Web ? Quite! From that perspective, my third parapraph ("Intuitively...") is almost moot. Really I shouldn't be transmitting sensitive stuff over the internet unencrypted, period. But I do concede that if my ADSL router really did 'have a big mouth', my WEP network would be a great place for an infiltrator to sniff my internet packets.
I guess it would be easy enough to run some simple IP sniffing tool on the LAN in question to see whether internet traffic leaks onto that network...?
In any event, it is primarily the security of my intra-LAN communication with which I am concerned, since it is this that could potentially be compromised by the use of a lesser wireless encryption standard. (As you rightly say DRM, Internet communication is already 'compromised' in that sense - anybody can theoretically plug in and listen.)
But as I understand, using the second router as a secure 'internal' network, it is only communication with the outside world (the internet, or the less secure 'outer' LAN -- they are both 'the internet' as far as the router is concerned) that should ever cross the WAN port. |
|
 AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | I believe I was referring to 'man in the middle attacks', perhaps not applicable to a hacked primary router in between a secondary router and the internet???? |
|
