[Asterisk-biz] VOIPSupply.com - New Product Announcements

Harry McGregor hmcgregor at espri.arizona.edu
Wed Aug 17 14:02:35 MST 2005 

On Wed, 2005-08-17 at 15:54 -0400, Jimmy Smith wrote:
> #1 lesson 
> 
> most people you are talking about wont even know what wep is..
> 
> people that do howver understand that packet injection is a key to
> getting a wep key in under 7 seconds instead of 2 weeks.
> 
> injection is cause by pushing packets on the network
> like you are away for the weekend so i call your home number 10000
> times to oforce router sending packets to your wifi device..

2 seconds I don't know about, but WEP is week, and has it's problems.

Even at that, it's like a little padlock on your storage shed.  No lock,
it's entering, small lock and bolt cutters, it's breaking and entering,
much more jail time.

> 
> ok where do you live..
> 
> ill hijack you wep key and sniff your network.
> 
> you go online banking dont you ?

If you don't trust it over OPEN wifi, don't trust it over the internet,
and vise versa.

Online banking should be https.  All open wifi does is give you the same
LAN security as you have on the Internet, NONE.

> or you file tax reports ?
> anything ?
> 
> 
> once i got that precious info you know what i could do..
> 
> impersonate, steal etc etc
> 
> im not talking about listening to your aavg yap yap on the phone .
> 
> honeslty i ont run wep and wont open it for wifi phones.. so i guess
> im stuck on ATA soluion untill people wake up..
> 
> 
> FYI i caught a guy last year who sniffed my wep and spamed millions of
> people using my connection wich got me in big trouble..

That would be unusual.   Considering the number of unsecure APs, the
chances of someone breaking your 128Bit wep key, just to use your house
to SPAM from is unlikely.

> now do you see where im going at ?
> 
> WAP or die

Any why the heck do you keep calling it WAP, it WPA, Wireless Protected
Access.

> ...
> 
> Would you trust unencrypted or hackable restaurant creeditcard
> merchant temrinals ?

Um, you should have application layer protection.

Do you know how easy it is to take over a network switch and redirect
traffic to your laptop.  Do you know how many companies have unprotected
network jacks?

Wireless is not the problem, application level encryption is.  I would
be interested in more work being done on encrypted SIP and IAX than I
would in WPA on handset.  End to End encyption is needed, not just
handset to the Wireless AP...

			Harry

More information about the asterisk-biz mailing list