wep key hack attempt?

cylent · September 8, 2008, 11:06am

I am using a wep key on my wireless hotspot system.
i know its only 64bit and i really dont want to go with anything higher like 128 or wpa …

i looked at my log today and i found a huge repetition of someone trying to connect.

could this be someone trying to break my key?

13:17:48 wireless,debug wlan2: reject 00:4F:62:1A:15:A0, banned (last failure - not allowed by access-list) 
13:17:49 wireless,debug wlan2: 00:4F:62:1A:15:A0 attempts to associate 
13:17:49 wireless,debug wlan2: reject 00:4F:62:1A:15:A0, banned (last failure - not allowed by access-list) 
13:17:50 wireless,debug wlan2: 00:4F:62:1A:15:A0 attempts to associate 
13:17:50 wireless,debug wlan2: reject 00:4F:62:1A:15:A0, banned (last failure - not allowed by access-list) 
13:17:51 wireless,debug wlan2: 00:4F:62:1A:15:A0 attempts to associate 
13:17:51 wireless,debug wlan2: reject 00:4F:62:1A:15:A0, banned (last failure - not allowed by access-list) 
13:17:52 wireless,debug wlan2: 00:4F:62:1A:15:A0 attempts to associate 
13:17:52 wireless,debug wlan2: reject 00:4F:62:1A:15:A0, banned (last failure - not allowed by access-list) 
13:17:53 wireless,debug wlan2: 00:4F:62:1A:15:A0 attempts to associate 
13:17:53 wireless,debug wlan2: reject 00:4F:62:1A:15:A0, banned (last failure - not allowed by access-list) 
13:17:54 wireless,debug wlan2: 00:4F:62:1A:15:A0 attempts to associate 
13:17:54 wireless,debug wlan2: reject 00:4F:62:1A:15:A0, banned (last failure - not allowed by access-list) 
13:17:55 wireless,debug wlan2: 00:4F:62:1A:15:A0 attempts to associate 
13:17:55 wireless,debug wlan2: reject 00:4F:62:1A:15:A0, banned (last failure - not allowed by access-list) 
13:17:57 wireless,debug wlan2: 00:4F:62:1A:15:A0 attempts to associate 
13:17:57 wireless,debug wlan2: reject 00:4F:62:1A:15:A0, banned (last failure - not allowed by access-list) 
13:17:58 wireless,debug wlan2: 00:4F:62:1A:15:A0 attempts to associate 
13:17:58 wireless,debug wlan2: reject 00:4F:62:1A:15:A0, banned (last failure - not allowed by access-list) 
13:17:59 wireless,debug wlan2: 00:4F:62:1A:15:A0 attempts to associate 
13:17:59 wireless,debug wlan2: reject 00:4F:62:1A:15:A0, banned (last failure - not allowed by access-list) 
13:18:00 wireless,debug wlan2: 00:4F:62:1A:15:A0 attempts to associate 
13:18:00 wireless,debug wlan2: 00:4F:62:1A:15:A0 not in local ACL, by default reject 
13:18:01 wireless,debug wlan2: 00:4F:62:1A:15:A0 attempts to associate 
13:18:01 wireless,debug wlan2: reject 00:4F:62:1A:15:A0, banned (last failure - not allowed by access-list) 
13:18:02 wireless,debug wlan2: 00:4F:62:1A:15:A0 attempts to associate 
13:18:02 wireless,debug wlan2: reject 00:4F:62:1A:15:A0, banned (last failure - not allowed by access-list) 
13:18:03 wireless,debug wlan2: 00:4F:62:1A:15:A0 attempts to associate 
13:18:03 wireless,debug wlan2: reject 00:4F:62:1A:15:A0, banned (last failure - not allowed by access-list) 
13:18:04 wireless,debug wlan2: 00:4F:62:1A:15:A0 attempts to associate 
13:18:04 wireless,debug wlan2: reject 00:4F:62:1A:15:A0, banned (last failure - not allowed by access-list) 
13:18:05 wireless,debug wlan2: 00:4F:62:1A:15:A0 attempts to associate 
13:18:05 wireless,debug wlan2: reject 00:4F:62:1A:15:A0, banned (last failure - not allowed by access-list) 
13:18:07 wireless,debug wlan2: 00:4F:62:1A:15:A0 attempts to associate 
13:18:07 wireless,debug wlan2: reject 00:4F:62:1A:15:A0, banned (last failure - not allowed by access-list) 
13:18:08 wireless,debug wlan2: 00:4F:62:1A:15:A0 attempts to associate 
13:18:08 wireless,debug wlan2: reject 00:4F:62:1A:15:A0, banned (last failure - not allowed by access-list) 
13:18:09 wireless,debug wlan2: 00:4F:62:1A:15:A0 attempts to associate 
13:18:09 wireless,debug wlan2: reject 00:4F:62:1A:15:A0, banned (last failure - not allowed by access-list) 
13:18:10 wireless,debug wlan2: 00:4F:62:1A:15:A0 attempts to associate 
13:18:10 wireless,debug wlan2: reject 00:4F:62:1A:15:A0, banned (last failure - not allowed by access-list) 
13:18:11 wireless,debug wlan2: 00:4F:62:1A:15:A0 attempts to associate 
13:18:11 wireless,debug wlan2: reject 00:4F:62:1A:15:A0, banned (last failure - not allowed by access-list)

on and on and on …

what do you guys think?

normis · September 8, 2008, 11:11am

probably not. he is banned by access list, he will not be able to connect even if he would guess the wep key. it’s just somebody who wants to connect, but can’t because of your access list

sergejs · September 8, 2008, 11:11am

To ensure security on your network, it’s better to use WPA, not WEP.
Consider WEP security in the same level as MAC-address filtering security.

Current logs are looking like someone without WEP key is trying to get access to your router, it should not take too much time for user to “crack” WEP key, if user wants to do it.

cylent · September 8, 2008, 11:22am

i had a feeling you guys were going to say that (about him not being on my access list) but guess what? hes not on my customer list and even the mac address is random … in other words, its a fake .. it doesnt show up here: http://www.coffer.com/mac_find/?string=00:4F:62:1A:15:A0

all valid mac addresses show up on coffer’s list for me. fake ones or ones that are random used for cracking dont.

now the problem with wep/wpa is this:

there is a program called wzcook that comes bundled with aircrack-ng for windows (i wont provide link - find it yourself) .. once the program is run on a machine that has the wep/wpa key it will show it.
so in other words some guy is a subscriber of mine – his friend isnt. his friend goes to his computer and runs wzcook then gets my key.
WPA key power is all gone now.

and besides isnt hotspot supposed to be keyless?

normis · September 8, 2008, 11:25am

in other words - don’t let your evil “friend” use your PC.

cmon69 · April 7, 2009, 4:21pm

Is there a way to stop such connection attempts? Maybe allow the connection and forward all their traffic to web server, and when they open up a browser they get a message that you are aware of there attempts to gain access.

janisk · April 9, 2009, 12:33pm

there is one good way to improve security of WEP - use the successor and named technology, that is either of WPA and WPA2. Why to invent wheel again, when there where created new security for a reason, and reason is - you cannot fix what is broken by design.

Also, all security measures are preventative for this time scope, when WEP was introduced, than it was secure, as it required several month of computing to decrypt the key, now with advanced methods you can do that in 2 hours or so. When praised WPA will become obsolete new scheme will take place to protect our unprotected data in wireless links.

If you are worried about workload that will be added by WPA - then do not - all encryption thing is done on the wifi card by hardware you have already paid for. (I am talking about R52, R52H R5H cards, do not know about other )