.

What if I am forced to use WEP?

<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Fri Jan 14, 2011 5:57 pm

What if I am forced to use WEP?

My oldest daughter has a Nintendo DS (not the DS Lite or the DSi, just the DS). In order to be able to connect to the internet, the DS can only use WEP encryption.

I think Nintendo needs more security consultants...
Should I use HEX or ASCII when creating a key?
When entering a key, you have the choice of entering Hexadecimal or ASCII characters. Hexadecimal (HEX) is the easiest to use. You can either create a 10-digit (64-bit) or 26-digit (128-bit) key. We recommend the 10-digit. Consider using an easy-to-remember number.

http://www.nintendo.com/consumer/wfc/en_na/ds/wrWEPkeyHelp.jsp#hex_ascii

So since WPA (supported on the DSi) and WPA2 are not possible, what can I do in order to have a "secure" connection to my wireless router?

I have thought about many different things, like MAC address filtering and stuff like that, but nothing that can't be hacked in less than 10 minutes...  :-\

Other than only plugin my wireless router when she needs it and change the password every single time she uses it (which is quite anoying...), I can't think of anything else...

Any ideas?
Last edited by caissyd on Fri Jan 14, 2011 6:01 pm, edited 1 time in total.
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

mambru

Jr. Member
Jr. Member

Posts: 98

Joined: Wed Jun 03, 2009 3:11 pm

Post Fri Jan 14, 2011 6:33 pm

Re: What if I am forced to use WEP?

I've faced the same problem lately (a laptop supporting only WEP). The best solution I came up with was to implement a RADIUS server. Unfortunately I haven't been able to implement it since I don't have a spare box to use for the server. So my only solution is to avoid using wireless :(
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Fri Jan 14, 2011 6:37 pm

Re: What if I am forced to use WEP?

Depending on the hardware...

DD-WRT lets you have a primary interface and virtual wireless interface.

You can set up the regular one for WPA2 or what you like and have the sub interface set for wep. You can create rules on the device to segment the traffic as best as it can.

You could also turn on and of the virtual interface as she needs it.

You can also create a file of passwords and have the device change it everytime you log in (scripting with ssh).

Probably disjointed reply, but hope it gives you some ideas. Good luck.
OSWP, Sec+
<<

mallaigh

User avatar

Jr. Member
Jr. Member

Posts: 65

Joined: Fri Jul 16, 2010 12:36 am

Post Fri Jan 14, 2011 7:21 pm

Re: What if I am forced to use WEP?

chrisj wrote:Depending on the hardware...

DD-WRT lets you have a primary interface and virtual wireless interface.

You can set up the regular one for WPA2 or what you like and have the sub interface set for wep. You can create rules on the device to segment the traffic as best as it can.

You could also turn on and of the virtual interface as she needs it.

You can also create a file of passwords and have the device change it everytime you log in (scripting with ssh).

Probably disjointed reply, but hope it gives you some ideas. Good luck.


With DD-WRT, I would recommend this and then throw her WEP wireless network on its own VLAN (another option supported by DD-WRT).  This would help separate her Nintendo DS traffic from the rest of your network and help make it a little more secure.  Also, I don't think MAC filtering would hurt too much. 
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Fri Jan 14, 2011 8:41 pm

Re: What if I am forced to use WEP?

Humm... Thanks for your advices!

Unfortunately, both my wireless routers (WBR-2310 and DIR-655) are not supported by DD-WRT... But maybe I can buy a third one just for the sake of playing with it. I bet I can find a cheap one easily...

You can also create a file of passwords and have the device change it everytime you log in (scripting with ssh).

That's a great idea chrisj, but I cannot do any special configurations on the DS. But I keep that in mind for a laptop!

I guess there's no way I can have a secure connection...

But what about this, without any human intervention once it is set up:

I use one Wireless Access Point with WPA2 for my laptops so I don't have to worry about anything for regular stuff.

Then I use another one with WEP and MAC address filtering. The one with WEP will be on a separate LAN with only access to an handful of web sites, like Nintando update and maybe two or three more. I could limit access to this AP when my daughters are around (like 7:00am to 7:00pm).

So an hacker who easily breaks WEP and MAC filtering would end up having access to the Nintendo update web site and nothing else (including on my own network).

Other manual things I could do (some not that great, but still not that bad):

1) I could also have an IDS who would alert me as soon as something looks suspicious. I would then change the password.

2) Change the password every day or so

3) Turn the AP off when I don't use it

What do you guys think of this?
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Sat Jan 15, 2011 1:55 am

Re: What if I am forced to use WEP?

Newegg, in the US had the Linksys WRT54g-L for 40.00 a few weeks ago. I got one off craig's list for about 20.00 USD when I started WiFu. So you should be able to get something cheap.

I'd still automate step 2. Let her know the algorithm... Like odd days, date:day. Even days, day:date.
sunday:05012011 and  monday:0502201.

Like the idea of turning of when not needed.

For the most part, don't have to worry too much about people breaking WEP... I know famous last words. My girlfriend has an older macbook that doesn't support anything other than WEP. So she has WEP, with no filter.
OSWP, Sec+
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 569

Joined: Sat Apr 17, 2010 12:12 pm

Post Sat Jan 15, 2011 8:38 pm

Re: What if I am forced to use WEP?

What about setting up two routers? yours uses wireless and has WPA2, one port on the router hooks into her router on the WAN port and hers is configued for WEP.

Just an Idea.
sectestanalysis.blogspot.com/‎
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Sat Jan 15, 2011 10:17 pm

Re: What if I am forced to use WEP?

@SephStorm: Having 2 routers, one secure and one using WEP is a good idea, as long as your secure one has access to your home network while the insecure one has only access to the Internet. Pluging them together is to me like having only one unsecure router. But maybe that's what you wanted to say.

The key thing here is to completely isolate the unsecure AP from the rest of the network.
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Sat Jan 15, 2011 11:02 pm

Re: What if I am forced to use WEP?

SephStorm's idea might work... if you have the ability to do Access Lists or firewall it off. Then if it has net-access only, and can't run around internal network (different ip address range?) it might be a workable solution for you.
OSWP, Sec+
<<

TheXero

User avatar

Full Member
Full Member

Posts: 112

Joined: Tue Dec 07, 2010 12:24 pm

Post Mon Jan 17, 2011 6:21 am

Re: What if I am forced to use WEP?

Enable MAC Address filtering
Enable Shared Key Authentication (if the DS supports it otherwise open)
Use a long key (26 characters etc)
Change the key on a regular basis (new key every day?)
Turn it off when not in use

The thing is though, WEP can be cracked over the internet, have a look at easside-ng and buddy-ng

Or

You could have 2 routers, and have the WEP router piggy back off of the same internet connection

Good Luck :)

Return to Wireless

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software