WEP: Not for Me

WEP: Not for me

by 0x20Cowboy

I know a thing or two about wireless networking and security and, therefore, I assume everyone else does too.  But nothing could be further from the truth.  In fact, what I found out yesterday is pretty scary.

I recently received a contract to port some applications to the Pocket PC handheld computer.  One of the bonuses was that I received a free Pocket PC and, since the application I am working on requires networking, I also got a spanking new Netgear 802.11b MA701 wireless network card (very cool card - I highly recommend it).

These handheld computers are pretty powerful beasts.  The one I was given has a 400 MHz processor and 64 MB of internal memory.  That's a pretty good box even for a desktop (I didn't say it would run Half-Life, I said it was pretty good) and you can add lots of external items - USB, monitors, keyboards, etc.

The networking is pretty amazing as well.  One of the features of the networking card's software is an AP (Access Point) browser, which shows you all the available networks in your general vicinity (much like the one on the Windows desktop).  When I first hooked up the wireless card, I started to connect to my access point when suddenly, I saw three other networks - two without WEP enabled.

"Umm... that's odd.  Those guys should be more careful," I thought and wrote it off as rare.

Later that evening, my girlfriend wanted to take me to a play (yuck).  I talked her into letting me take my new PDA with me, and I scanned for APs on the way to the play (she drove).

Jesus Christ, they were everywhere.  I mean everywhere.  Every time I hit "scan" I would get four or five in the list.  Seventy percent of them did not have WEP enabled and most had the default SSID.

We stopped at a rather long stoplight and one SSID said "linksys".  I own a Linksys and I remembered the default setup so... WTF... I clicked "Join."  DHCP gave me an IP, I browsed to 192.168.1.1, a dialog popped up, I typed "admin" as the password, and two seconds later I was looking at the router configuration.

Not only did I have an Internet connection, I 0wn3d the AP - all while waiting for the light to change.  Depending on how you choose to live, this is either a great and wonderful playground or an absolute nightmare.  One could, potentially, just drive around and remain rather anonymous.  Not only changing IPs, but changing physical locations, and with the added bonus of a really really small computer you could probably just walk around with and no one would notice it.  How hard would it be to track someone bouncing off a couple of servers and changing where they are plugging in from?

When I got home, I did a bit of research on wireless routers and I compiled a list of popular APs and their default settings (see list below).  Wireless network router makers need to at least enable WEP by default, the setup utilities need to help Joe Shmoe turn it on, or common users are going to get pimped hard when wireless toys become cheaper.

Here are the default settings for common APs.  Anything listed as "NULL" is something I couldn't find.  Often, when connecting to an AP, it will tell you the model in the password dialog box.

SSID

Manufacture

Model

Default Address

Login

Password

NULL

Netgear

MR814 (v2)

192.168.0.1

password

NULL

Netgear

WGR614

192.168.0.1

password

NULL

Netgear

WGT624

192.168.0.1

password

NULL

Netgear

WG602 (v2)

192.168.0.227

password

NULL

Netgear

ME103

192.168.0.224

password

NULL

D-Link

DI-624

192.168.0.1

admin

NULL

D-Link

DWL-2000AP

192.168.0.50

admin

NULL

D-Link

DI-774

192.168.0.1

admin

NULL

D-Link

DWL-1700AP

192.168.0.50:2000

admin

root

NULL

D-Link

DWL-1000AP+

192.168.0.50

NULL

NULL

NULL

D-Link

DWL-700AP

192.168.0.50

admin

NULL

D-Link

DI-754

192.168.0.1

Admin

NULL

D-Link

DI-764

192.168.0.1

Admin

NULL

D-Link

DWL-6000AP

192.168.0.50

Admin

NULL

D-Link

DWL-5000AP

192.168.0.50

Admin

NULL

Actiontec

R3010UW

192.168.1.1

admin

NULL

Actiontec

AU802C

192.168.1.240

Admin

Admin

linksys

Linksys

WAP54G

192.168.1.245

admin

Linksys-a

Linksys

WAP55AG

192.168.1.246

admin

linksys

Linksys

WRT54G

192.168.1.1

admin

Linksys-g

Linksys

WRT55AG

192.168.1.1

admin

linksys

Linksys

WRV546

192.168.1.1

admin

admin

linksys

Linksys

BEFW11S4

192.168.1.1

admin

linksys

Linksys

WAP11

192.168.1.251

admin

linksys

Linksys

WAP51AB

192.168.1.250

admin

linksys

Linksys

WAP54A

192.168.1.252

admin

linksys

Linksys

WRT51AB

192.168.1.1

admin

Return to $2600 Index

SSID	Manufacture	Model	Default Address	Login	Password
NULL	Netgear	MR814 (v2)	192.168.0.1		password
NULL	Netgear	WGR614	192.168.0.1		password
NULL	Netgear	WGT624	192.168.0.1		password
NULL	Netgear	WG602 (v2)	192.168.0.227		password
NULL	Netgear	ME103	192.168.0.224		password
NULL	D-Link	DI-624	192.168.0.1		admin
NULL	D-Link	DWL-2000AP	192.168.0.50		admin
NULL	D-Link	DI-774	192.168.0.1		admin
NULL	D-Link	DWL-1700AP	192.168.0.50:2000	admin	root
NULL	D-Link	DWL-1000AP+	192.168.0.50	NULL	NULL
NULL	D-Link	DWL-700AP	192.168.0.50	admin
NULL	D-Link	DI-754	192.168.0.1	Admin
NULL	D-Link	DI-764	192.168.0.1	Admin
NULL	D-Link	DWL-6000AP	192.168.0.50	Admin
NULL	D-Link	DWL-5000AP	192.168.0.50	Admin
NULL	Actiontec	R3010UW	192.168.1.1	admin
NULL	Actiontec	AU802C	192.168.1.240	Admin	Admin
linksys	Linksys	WAP54G	192.168.1.245		admin
Linksys-a	Linksys	WAP55AG	192.168.1.246		admin
linksys	Linksys	WRT54G	192.168.1.1		admin
Linksys-g	Linksys	WRT55AG	192.168.1.1		admin
linksys	Linksys	WRV546	192.168.1.1	admin	admin
linksys	Linksys	BEFW11S4	192.168.1.1		admin
linksys	Linksys	WAP11	192.168.1.251		admin
linksys	Linksys	WAP51AB	192.168.1.250		admin
linksys	Linksys	WAP54A	192.168.1.252		admin
linksys	Linksys	WRT51AB	192.168.1.1		admin