dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
32905
share rss forum feed


Dispatcherator

@choiceone.net

4 edits

Verizon FiOS default WEP key HIGHLY insecure!

Just a FYI, the WEP keys used by default in the wifi routers provided by verizon FiOS are HIGHLY INSECURE!!!!

Even despite this fact, it typically takes me about 10 minutes to crack a 40 or 64 bit WEP key from scratch, regardless of what the key might be.

For these reasons I HIGHLY recommend that people immediately swicth their security to WPA or WPA2 !!!!

This has been a public service announcement.


Vamp
5c077
Premium
join:2003-01-28
MD
kudos:1

2 edits
They should definitely ship with WPA instead, but they still use WEP for compatability. Some people still use hardware that doesn't support WPA, and even more that dont support WPA2.

--
20/20 FIOS || MSN Msgr: scott001^gmail_com
Expand your moderator at work

JohnA
Premium
join:2003-09-16
Pittsburgh, PA

Re: Verizon FiOS default WEP key HIGHLY insecure!


The idea was not that it was fully secured, but that it was not shipped in a fashion that allowed it to come up fully open. IIRC the original ATs didn't have WPA2. That came in a firmware upgrade. As always, the responsibility for properly securing a wireless network lies with the person operating it.


yj4x4
Still in love with Obama?
Premium
join:2002-09-18
Whittier, CA
reply to Dispatcherator
Anybody who uses defaults deserves whatever happens.


ENIQomios

@verizon.net

1 edit
reply to Dispatcherator
the wep key that is used is the ROUTER's mac, not the WIFI mac. they are two different addresses.
while wep isn't impossible to break it still has its place and is fine for most users


mystryfiostk

join:2008-07-17
00000
reply to Dispatcherator
IMO your post should read:

Verizon FiOS default WEP key provides basic security!

if anything they should get a kudo or two (or at least actiontech) for locking down their routers BY DEFAULT.

WEP keeps 99%+ of people off your network and at least it's something. most of the "comcast home networking" setups i've seen are left open as are retail routers.
Expand your moderator at work


dstathop

@rr.com
reply to Dispatcherator

Re: Verizon FiOS default WEP key HIGHLY insecure!

Arguing about the security of a WEP password is a useless exercise. Who cares, it isn't the password that is insecure, but WEP by itself.

I guess you can give Verizon kudos for implementing some sort of wireless security by default, I still question the use of WEP. Why not WPA, since WPA is orders of magnitude more secure than WEP? Even for the newer routers that actually support WPA. Maybe Verizon didn't want to change their setup or settled on WEP because everyone has WEP. Who knows, but arguing about the security of a WEP password, give me a break.


PoloDude
Premium,VIP
join:2006-03-29
Northport, NY
kudos:3
Yes WEP is the least insecure of the encrption methods.But, to come on here and scream that you can crack it in seconds as a PSA is wrong.
VZ should be given kudos for implementing a basic security on thier installs. WEP is easily used by every system that i have seen so far. It keeps the honest people out and the hackers are going to get in if they want to.
besides urban areas where it easy to "see" many signals at a time, most times you would have to drive around than be set up within range of your intended tagert.
Now i can see 3 to 4 routers from my L/R. But what would be my reason to crack them if except to get online. To do damage,steal?
Most people from my experience have never heard of encryption and are glad that VZ is doing this. They usually have a Linksys open to the world (second largest ISP )
I also don't think it is right that you have specified the tools and details that might help some one do this.
--
I'm not as good as I once was
but I'm as good once
as i ever was.
Expand your moderator at work

xargs

join:2000-08-25
Camarillo, CA
reply to PoloDude

Re: Verizon FiOS default WEP key HIGHLY insecure!

quote:
VZ should be given kudos for implementing a basic security on thier installs.
But they haven't. They've implemented false security.

quote:
It keeps the honest people out and the hackers are going to get in if they want to.
No, they're not. WPA with a strong password has not been cracked.

quote:
I also don't think it is right that you have specified the tools and details that might help some one do this.
Hiding the truth doesn't make WEP more secure. If people see first hand how easy it is to break WEP, perhaps they'll be motivated to use WPA.

Oregonian2

join:2008-07-16
Beaverton, OR
reply to Dispatcherator
Actiontec/Verizon doesn't do as well as they could, but it's my observation that most routers come with nothin' enabled (public free wifi hotspot mode), so Verizon is way way ahead of most.

EMC26

join:2007-08-21
Tampa, FL

1 recommendation

reply to Dispatcherator
Probably the best thing would be to ship the router with the wifi radio defaulted to OFF. That would require a conscious effort by the user to enable the wifi feature & choose a security setting.

In any event, IMHO, the security of the end user's connection/network is the sole responsibility of the end user. We all use our access to the internet at our own risk.

Merru

join:2008-09-02
Yonkers, NY
reply to Dispatcherator
how about u just lock ure mac address' so no one besides ure comp cant connect or see it

Oregonian2

join:2008-07-16
Beaverton, OR
reply to EMC26
said by EMC26:

Probably the best thing would be to ship the router with the wifi radio defaulted to OFF. That would require a conscious effort by the user to enable the wifi feature & choose a security setting.

In any event, IMHO, the security of the end user's connection/network is the sole responsibility of the end user. We all use our access to the internet at our own risk.
Good idea except that it would result in massive numbers of problem reports to Verizon (and associated bad reputation) about how the Wifi doesn't work.


cdru
Go Colts
Premium,MVM
join:2003-05-14
Fort Wayne, IN
kudos:7
reply to Merru
said by Merru:

how about u just lock ure mac address' so no one besides ure comp cant connect or see it
MAC addresses can be sniffed and spoofed. MAC authentication is only security through obscurity. It's better then nothing, but your foolish if you rely on it solely.


Drunkula
Premium
join:2000-06-12
Denton, TX
Reviews:
·Verizon FiOS
reply to Dispatcherator
My stepdad had a problem with his new wireless router and he called me to help. I wasn't able to return his call to the next day so he called his ISP [not Verizon] for assistance. The tech walked him through configuring the encryption on the router and the few machines that have wireless. I was pleased that he got it fixed until I learned the tech set him up with WEP. I strongly urged him to switch to WPA if at all possible if all their hardware supports it. If not the hardware should be upgraded.
--
There are 10 types of people that understand binary numbers. Those that do - and those that do not...


JohnNWPVNJMH
Premium
join:2007-03-26
Berkeley Heights, NJ
reply to mystryfiostk
I agree. The basic WEP will keep off the average neighbor trying to get free Internet off your dime.

You are right, WEP keeps 99%+ of people off your network and in such Verizon and Actiontec did the right thing.

Yes, WPA and WPA2 is superior and I use WPA2 with a large & complex passkey along with my SSID in stealth mode. That said, the cost for Verizon to send by default WPA2 to the average consumer would be huge. Compatibility and complexity in getting all of the devices to work are a task for any seasoned tech and certainly not that of a regular user. WPA2 can be very frustrating when trying to integrate older equipment, PC to MAC and so on.

I give both thumbs up to Verizon for having the specs that their routers ship secured with basic WEP.


pflog
Bueller? Bueller?
Premium,MVM
join:2001-09-01
El Dorado Hills, CA
kudos:3
said by JohnNWPVNJMH:

along with my SSID in stealth mode.
"stealth" mode (e.g. not broadcasting the SSID) isn't really worthwhile. The SSID is easily found if there are active wifi devices talking to the WAP/router, and it can even cause issues with certain client devices (though, that might have been something that has mostly been fixed with newer devices that support WPA2 anyway )
--
He who is not contented with what he has, would not be contented with what he would like to have. -Socrates


JohnNWPVNJMH
Premium
join:2007-03-26
Berkeley Heights, NJ
You are right. In fact, I did have a device that didn't like the SSID turned off which I later resolved with a firmware update.

I just turn off SSID so the neighbors kids don't even see my connection thus break the temptation. ha ha. I know, I have Network Stumbler and I know there are others out that can sniff any connection.

I should also note that I use MAC filtering so between WPA2, the MAC filtering and the "stealth" SSID I am not that worried about anyone getting into the network. That said, there is always tomorrow in regards to the latest discovered exploit!

I guess if anything, I would have to set up a wireless access point that is segregated from the rest of the Network for ultimate security in regards to any damage to devices on the wired network such as my server.


dstathop

@lmco.com

1 edit
reply to Dispatcherator
The only secure thing to do is activate either WPA or WPA2.

SSID stealthing and MAC address filtering is not a security scheme. I have half a dozen programs that will tell me your SSID if I ping all available access points near me and your MAC address is part of a TCP/IP packet. So if I crack your encryption (which I can with WEP, but not with WPA), then all I have to do is examine your TCP/IP packet and I have your MAC address.

So, everyone out there turn on your SSID, turn off your MAC address filter, and turn on either WPA or WPA2. Your system will be secure and best of all it will be a lot easier on your end to manage. The only thing you are doing by hiding your SSID and MAC address filtering is creating more headaches for yourself when you try and add new devices to your network. You are NOT securing yourself from those that can crack your WEP password in 30 seconds. And God help you if the only security you are implementing is SSID stealthing and MAC address filtering.

I wish I could link you guys to a very informative white paper I read on 802.11 security. It was quite eye opening and very informative and I am sure more than a few people on this forum would find it interesting. Full disclosure, I used to be part of the SSID stealthing and MAC address filtering crowd.

As with all things these method are there only to protect you against the 1% or so that want to do something nefarious. Most folks will just use an open access point to get free access to the internet.
Expand your moderator at work


Silver_2000
Premium
join:2005-12-12
Carrollton, TX
reply to Dispatcherator

Re: Verizon FiOS default WEP key HIGHLY insecure!

In my limited experience the FIOS access points POORLY support WPA or WPA2
In 2 cases the ONLY way to get clients to reliably connect was with WEP

It wasnt a limitation on the client


Drunkula
Premium
join:2000-06-12
Denton, TX
Reviews:
·Verizon FiOS
I have no problems using WPA on the Actiontec, on my laptop OR my Ipod. It was a pain-in-the-butt to enter all 63 random characters for my passphrase into the Ipod though!
--
There are 10 types of people that understand binary numbers. Those that do - and those that do not...


cdru
Go Colts
Premium,MVM
join:2003-05-14
Fort Wayne, IN
kudos:7
reply to Silver_2000
I too have not had any problems with WPA/WPA2 on my ActionTec. That was with multiple different brands of laptops, my cell phone, and Wii.

neftv

join:2000-10-01
Broomall, PA
reply to Dispatcherator
Better way like for me, since I don't have a need for wireless I have the radio turned off. So it's secure as can be. You be surprise how many non-technical people will just leave their wireless radios on when they don't need it. When these routers get installed they don't ask if they need wireless so they just leave it on.

jgantert

join:2004-06-02
Columbia, MD
reply to Dispatcherator
My Verizon D-Link DI-624 doesn't support WPA2, but I do have WPA1 enabled. Anyways, how secure is WEP using 128-bit passwords? Any more that using the 64-bit passwords, or will it just take you 20 minutes instead of 10?


PGHammer

join:2003-06-09
Accokeek, MD
reply to Oregonian2
My WRT54GS (purchased new in 2005 from BB) came with no security enabled (I switched to WPA2/G-only because I have no wireless computers at all on the LAN; threfore *any* wireless device is subject to immediate ejection). Since then, I have changed SSIDs twice and added TKIP/AES support (still no wireless devices) and I have also changed the default device ID. All this is easily doable with any wireless router today (even the ActionTec), so what's the users' excuse?

Max Greene

join:2000-12-22
Bayonne, NJ
Reviews:
·Boost Mobile
said by PGHammer:

My WRT54GS (purchased new in 2005 from BB) came with no security enabled (I switched to WPA2/G-only because I have no wireless computers at all on the LAN; threfore *any* wireless device is subject to immediate ejection). Since then, I have changed SSIDs twice and added TKIP/AES support (still no wireless devices) and I have also changed the default device ID. All this is easily doable with any wireless router today (even the ActionTec), so what's the users' excuse?
Why bother with all the nonsense your doing? Just disable wireless altogether.