If you've read this article in its entirety, you should now have a basic understanding of the following:
How to temporarily convert a PC into a network security tool.
How to use the kismet_server and kismet_client to identify your wireless network and capture wireless data to disk.
How to use the aircrack command to decipher your WEP key from the captured data.
How to estimate the time that one would need to monitor traffic on your wireless network in order to capture enough data to determine your WEP key.
Why it would be bad for your WEP key to be known to the outside world.
How to check for unauthorized clients accessing your network.
After finishing this article and being disappointed with the duration one can count on a WEP key for protection, we are left with the following questions:
The WPA method is suppose to provide much stronger security than WEP. It would be nice to answer the following questions:
Can the use of WPA be easily setup and maintained on a home network which has a mix of Linux and Windows XP™ wireless clients?
Is a WPA secured wireless network still crackable, and if so how long does it typically hold up.
Given a set of Linux client machines capable of running Java, we know the following can be done:
Create a Java program which takes a initial seed value and point in time as inputs and generates a pseudo random WEP key (a one way hash).
Create a cron job which uses the Java program to change the WEP key on the machine at a precise point in time (for example every hour on the hour).
There advantages in setting this up:
It makes it difficult for a network cracker to obtain enough data to determine the current WEP key used by the network.
Even if a network cracker gets lucky and captures a WEP key, it will only be good for a limited time. They will not be able to reverse map the WEP key back to its original seed value and hence won't be able to predict the next WEP key. At most, we've only exposed the wireless network data for that one time block.
Unfortunately, we aren't sure how to automate the changing of WEP keys at a wireless access point or on Windows XP™ machines which make up our wireless network.
A colleague has pointed out that the above sounds a lot like the Temporal Key Integrity Protocol TKIP which is part of 802.11i and is designed to address WEP's short comings.