WEP: Not for Me
WEP: Not for me
by 0x20Cowboy
I know a thing or two about wireless networking and security and, therefore, I assume everyone else does too. But nothing could be further from the truth. In fact, what I found out yesterday is pretty scary.
I recently received a contract to port some applications to the Pocket PC handheld computer. One of the bonuses was that I received a free Pocket PC and, since the application I am working on requires networking, I also got a spanking new Netgear 802.11b MA701 wireless network card (very cool card - I highly recommend it).
These handheld computers are pretty powerful beasts. The one I was given has a 400 MHz processor and 64 MB of internal memory. That's a pretty good box even for a desktop (I didn't say it would run Half-Life, I said it was pretty good) and you can add lots of external items - USB, monitors, keyboards, etc.
The networking is pretty amazing as well. One of the features of the networking card's software is an AP (Access Point) browser, which shows you all the available networks in your general vicinity (much like the one on the Windows desktop). When I first hooked up the wireless card, I started to connect to my access point when suddenly, I saw three other networks - two without WEP enabled.
"Umm... that's odd. Those guys should be more careful," I thought and wrote it off as rare.
Later that evening, my girlfriend wanted to take me to a play (yuck). I talked her into letting me take my new PDA with me, and I scanned for APs on the way to the play (she drove).
Jesus Christ, they were everywhere. I mean everywhere. Every time I hit "scan" I would get four or five in the list. Seventy percent of them did not have WEP enabled and most had the default SSID.
We stopped at a rather long stoplight and one SSID said "linksys". I own a Linksys and I remembered the default setup so... WTF... I clicked "Join." DHCP gave me an IP, I browsed to 192.168.1.1, a dialog popped up, I typed "admin" as the password, and two seconds later I was looking at the router configuration.
Not only did I have an Internet connection, I 0wn3d the AP - all while waiting for the light to change. Depending on how you choose to live, this is either a great and wonderful playground or an absolute nightmare. One could, potentially, just drive around and remain rather anonymous. Not only changing IPs, but changing physical locations, and with the added bonus of a really really small computer you could probably just walk around with and no one would notice it. How hard would it be to track someone bouncing off a couple of servers and changing where they are plugging in from?
When I got home, I did a bit of research on wireless routers and I compiled a list of popular APs and their default settings (see list below). Wireless network router makers need to at least enable WEP by default, the setup utilities need to help Joe Shmoe turn it on, or common users are going to get pimped hard when wireless toys become cheaper.
Here are the default settings for common APs. Anything listed as "NULL" is something I couldn't find. Often, when connecting to an AP, it will tell you the model in the password dialog box.
SSID
Manufacture
Model
Default Address
Login
Password
NULL
Netgear
MR814 (v2)
192.168.0.1
password
NULL
Netgear
WGR614
192.168.0.1
password
NULL
Netgear
WGT624
192.168.0.1
password
NULL
Netgear
WG602 (v2)
192.168.0.227
password
NULL
Netgear
ME103
192.168.0.224
password
NULL
D-Link
DI-624
192.168.0.1
admin
NULL
D-Link
DWL-2000AP
192.168.0.50
admin
NULL
D-Link
DI-774
192.168.0.1
admin
NULL
D-Link
DWL-1700AP
192.168.0.50:2000
admin
root
NULL
D-Link
DWL-1000AP+
192.168.0.50
NULL
NULL
NULL
D-Link
DWL-700AP
192.168.0.50
admin
NULL
D-Link
DI-754
192.168.0.1
Admin
NULL
D-Link
DI-764
192.168.0.1
Admin
NULL
D-Link
DWL-6000AP
192.168.0.50
Admin
NULL
D-Link
DWL-5000AP
192.168.0.50
Admin
NULL
Actiontec
R3010UW
192.168.1.1
admin
NULL
Actiontec
AU802C
192.168.1.240
Admin
Admin
linksys
Linksys
WAP54G
192.168.1.245
admin
Linksys-a
Linksys
WAP55AG
192.168.1.246
admin
linksys
Linksys
WRT54G
192.168.1.1
admin
Linksys-g
Linksys
WRT55AG
192.168.1.1
admin
linksys
Linksys
WRV546
192.168.1.1
admin
admin
linksys
Linksys
BEFW11S4
192.168.1.1
admin
linksys
Linksys
WAP11
192.168.1.251
admin
linksys
Linksys
WAP51AB
192.168.1.250
admin
linksys
Linksys
WAP54A
192.168.1.252
admin
linksys
Linksys
WRT51AB
192.168.1.1
admin