On Tue, Sep 11, 2001 at 11:37:59PM +0200, Thomas Michael Wanka wrote:
| Hi,
| 
| On 11 Sep 2001, at 8:10, Steven M. Bellovin wrote:
| > It doesn't work.  More precisely, it's very easily cryptanalyzed;
| > there's running code, etc.  A passive eavesdropper can crack 128-bit
| > WEP with very little effort.
| 
| thanks, until now I only was aware, that WEP implementations are 
| not compatible when using products of different manufacturers. 
| 
| Do you have sources for more information about this (crack tests 
| and such) and recommendations for alternatives? A client requested 
| a connection between two buildings in a city and I did not evaluate 
| the risks of wireless networks until now.

There are plenty of websites with information on WEP (in)security.
Search google for a lot of these. I, for one, can tell you from 
first hand experience that it is in fact *EXTREMELY* easy to 
crack WEP encryption as I did a proof-of-concept test on my own
wireless LAN. See http://airsnort.sourceforge.net/ as one
example. Airsnort is a (i think linux-specific, but I'm not sure)
tool to sniff encrypted packets from the ether and subsequently
crack the password used for it's encryption.

Airsnort is one of many. See google and browse some *BSD and 
security mailinglists - these are sure to turn up lots of 
information. More theoretical information on WEP and it's
RC4 implementation in 
http://www.eyetap.org/~rguerra/toronto2001/rc4_ksaproc.pdf
(requires PDF reader).

Trying the proof of concept helped me understand WEP and it's
security flaws in great detail. You should try it out to know
what the problems are. For a building to building connection,
as you mentioned, risks are greatly reduced, because of the
use of a directional antenna (which makes it harder to sniff
your medium). Your best bet for security would be using an
unencrypted Wireless LAN (why bother) but using a secured
tunnel from the one building to the other :


[root@building1] # pppd pty "ssh -t -e none building2 pppd"

This starts pppd on your building1-box and opens an ssh
connections to your building2-machine and starts pppd there
too. The two pppd's then start talking to each other. That
is, if the machines are setup for passwordless [RD]SA
authentication. Security is reached when using a floppy
with the appropriate keys and walking from the first
buidling to the second.

Make sure the pppd's on both ends are configured correctly,
here's what I used :

On the building1-machine :
[root@building1] # cat /etc/ppp/options
# Options for a ppp-tunnel with proxy-arp to building2
silent
10.0.0.1:
defaultroute
proxyarp
[root@building1] #

On the building2-machine :
[root@home] # cat /etc/ppp/options
# Options for a ppp-tunnel with proxy-arp to building1
ipcp-accept-local
ipcp-accept-remote
proxyarp
noauth
[root@building2] #


Of course, there are better tunneling solutions. This is the
one I found the easiest to set up when doing more proof-of-
concepts ;).

Just my 0.02 Euro's (or 2 eurocents)

Paul 'WEiRD' de Weerd