any point in 256bit wep encrypted wireless

[StormPC]

In theory its as easy as that, not in reality.. Like I said, changing your MAC address isn't the same as reinstalling windows. All that is done at the hardware level.

You don't understand the first thing about networking or computers if you believe that. What is your point with all of this? That WPA is too difficult to use or that it is unnecessary? I don't get it.

I don't think anybody is talking about changing the actual MAC address, I think they mean there are ways to cloak the actual address and make other devices believe your MAC is something other than what it actually is.

I'll tell you right now, no matter how good you think your security is, when it comes to securing a network, anything that is done can be undone! Security is relative only. There is no such thing as absolute security.

The time it takes to breach a WEP encrypted broadcast depends on how fast and how active the network is. If packets are sent at full 54Mbps speeds and there is at least 2 minutes of activity at this rate even I could figure out the key. Actually, the software I have does it automatically. Takes less than 2 minutes most of the time. WPA is a whole other story, but even WPA has vulnerabilities.

Like I said, if it can be done it can be undone.

The point myself and others are trying to make is that WPA gives you some security along with your privacy, where WEP gives only very limited privacy. You might say WEP is like closing the door and WPA is like locking and deadbolting it. You can still get in but a closed door is easier to open than a well-locked one.

[Paul Adams]

yea, I built one nForce-based system which required you to manually enter the MAC in the bios of its ethernet interface, a testiment to the quality of nVidia engineering.. its not common however, especially for WLAN.

This is also untrue, it is perfectly possible and permitted for an application to change the MAC address of an outgoing packet, I can give you 2 such examples:
- clustering technology requiring a virtual MAC address to receive inbound connections (can be a unicast or multicast MAC)
- virtual machines (can have many, many guest OS's that can use the NIc on the host and the packets on the wire will use whatever the MAC address is specified in the virtual machine)

Many manufacturers have the property "network address" in the properties of the NIC where you can override the predefined value.

[aidanjt]

You don't understand the first thing about networking or computers if you believe that. What is your point with all of this? That WPA is too difficult to use or that it is unnecessary? I don't get it.
...

No, I didn't say anything against WPA at all, I'm saying the average home network doesn't need super-duper 1024-bit key serverside wireless encryption. What I've said is if your network is *THAT* important don't use wireless. What I've said is people are talking about using 12 inches of steel when any prospective attacker is likely to only have a scaple at best. In fact, the guy next door to you is more likely to have a cache of firearms and explosives than the knowledge of cryptology or networking. Yes, there are ways to spoof MAC addresses, but how many people know how to do it?.. how many people know how to aquire WEP secured networks, or WPA is even less so.. how many people know SSL work arounds?.. not common to put it lightly. Bottom line is, either you want security (wires) or you want to walk around your house with your laptop and have a potential security risk.

[StormPC]

I do not have the luxury. I need wireless, as do many others. There is no excuse for not using WPA. It's easier than WEP and works much better.

[Paul Adams]

No, I didn't say anything against WPA at all, I'm saying the average home network doesn't need super-duper 1024-bit key serverside wireless encryption.

When it comes to security, for example firewalls, customers will ask "are we 100% secure?" and the best reply is "you are secure as you can be today" - any claim beyond this would be a lie, otherwise you would never see hotfixes, service releases or whatever even from companies with respected, dedicated, carrier-class solutions.

If we applied your method of thinking then we would "make do" with a lesser form of security when a much better one which is free and identical to configure is available.
Browsers would still use 40-bit encrpyption because, hey, what's the chance that someone smart enough with the right tools is able to capture the traffic, right?

You seem convinced that we are spreading FUD, but if Mr Moby-Dick's signature is quite appropriate: "bad advice is worse than no advice at all".

I am talking about preventing unauthorised, undetected access to a wireless network - not specifically the machines on the WLAN itself.
I am trying to give examples of how automated methods could be used to probe for and gain access to such LANs without any expert knowledge, or necessarily the knowledge of the owner of the machine doing it.

At the same time I am trying to prevent the perpetuation of misinformation and dissuade people from being complacent when it comes to this kind of thing.

2 modified versions of your quote from above with more truth:
"the average home network doesn't need super-duper 1024-bit key serverside wireless encryption...yet"
"the average home network doesn't need super-duper 1024-bit key serverside wireless encryption...but if it is available it may as well be used"

It does not take fantastic skills or even knowledge of how the underlying technology works for someone to execute a program which was written by someone that does - whether or not the user is aware (so a script-kiddie tool or a worm could use this method).
WEP encryption has been proven to be weak, MAC filtering is a trivial "extra feature" which becomes more of an administrative hurdle at a later date.

It's not impossible to imagine a rootkit which is capable of keylogging and self-replication and is "wireless aware" so it is not restricted by wires and is undetectable by any firewall or AV solution.
Such a process could run on an infected system gathering and transmitting data, breaking into nearby WLANs and spoofing the MAC address - there isn't even a reason to believe that it could identify certain brand wireless APs/routers and know the default admin passwords or maybe exploits to modify the configuration (add its own MAC address, disable logging, etc.).

[JimmyBoy]

well, after reading this thread i changed my security from wep to wpa, not entirely sure how it works, but basically now, to connect, rather than entering a network key i had to put a password that i created myself, so i assume its working but how exactly does it work though? perhaps i read it in this thread and my glorious short term memory has forgotten already, but im under the impression it changes something every now n then.

please explain

[Paul Adams]

WPA has been around longer than a lot of people think, there is an article from July 2003 giving an overview of how it works here

In essence, WEP uses a static key - so once obtained you can get access to the WLAN indefinitely.
WPA uses dynamic encryption - the keys change frequently so there is a much smaller chance to be able to decrypt a session, as there is an initial key which you dictate then there has to be a point at session setup where this static key (or "pre-shared key", PSK) is used, but very briefly.

For the best kind of security, which isn't applicable for most home users, you can use a back-end authentication server so the user has to authentication with their credentials (e.g. domain logon) or certificates are used - this is then the same kind of handshake as Kerberos or SSL so is secure from the start.

And then there is the new WPA2 , just to make things more interesting
But rather than go into it here, follow that link and there are many docs over at www.wi-fi.org.

[StormPC]

Great posts Paul, thanks!

[Kumagoro]

This is how easy it is to change your MAC address.

For Win XP,
http://www.klcconsulting.net/smac/
http://students.washington.edu/natetrue/macshift/ (i use this)

For 98 (which is very easy and needs no prog)

http://www.klcconsulting.net/Change_MAC_w98.htm