diff options
author | imp <imp@FreeBSD.org> | 2001-08-09 21:59:07 +0000 |
---|---|---|
committer | imp <imp@FreeBSD.org> | 2001-08-09 21:59:07 +0000 |
commit | 50ef5d59f5eb2b291f36ea1fd90dc5eb2b5082de (patch) | |
tree | 6afd6f7f6d9e48a7697b731c2a987e055f2bc56d /usr.sbin/wicontrol | |
parent | c3c304385c58f8adadd0ae9c8e92ee6316a4597b (diff) | |
download | FreeBSD-src-50ef5d59f5eb2b291f36ea1fd90dc5eb2b5082de.zip FreeBSD-src-50ef5d59f5eb2b291f36ea1fd90dc5eb2b5082de.tar.gz |
Add a note that says:
WEP IS INSECURE. DO NOT USE IT.
and point people to details on the attack:
http://www.cs.rice.edu/~astubble/wep/wep_attack.html
and recommend people use ipsec instead if possible.
Approved by: kris
Mandoc police: Please do your worst. I'd like to merge similar text
into ancontrol and ifconfig.
Diffstat (limited to 'usr.sbin/wicontrol')
-rw-r--r-- | usr.sbin/wicontrol/wicontrol.8 | 89 |
1 files changed, 69 insertions, 20 deletions
diff --git a/usr.sbin/wicontrol/wicontrol.8 b/usr.sbin/wicontrol/wicontrol.8 index d081dcd..5ad989a 100644 --- a/usr.sbin/wicontrol/wicontrol.8 +++ b/usr.sbin/wicontrol/wicontrol.8 @@ -38,45 +38,64 @@ .Nd configure WaveLAN/IEEE devices .Sh SYNOPSIS .Nm -.Fl i Ar iface Op Fl o +.Op Fl i +.Ar iface Op Fl oa .Nm -.Fl i Ar iface Fl t Ar tx rate +.Op Fl i +.Ar iface Fl t Ar tx rate .Nm -.Fl i Ar iface Fl n Ar network name +.Op Fl i +.Ar iface Fl n Ar network name .Nm -.Fl i Ar iface Fl s Ar station name +.Op Fl i +.Ar iface Fl s Ar station name .Nm -.Fl i Ar iface Fl c Ar 0|1 +.Op Fl i +.Ar iface Fl c Ar 0|1 .Nm -.Fl i Ar iface Fl q Ar SSID +.Op Fl i +.Ar iface Fl q Ar SSID .Nm -.Fl i Ar iface Fl p Ar port type +.Op Fl i +.Ar iface Fl p Ar port type .Nm -.Fl i Ar iface Fl a Ar access point density +.Op Fl i +.Ar iface Fl a Ar access point density .Nm -.Fl i Ar iface Fl m Ar mac address +.Op Fl i +.Ar iface Fl m Ar mac address .Nm -.Fl i Ar iface Fl d Ar max data length +.Op Fl i +.Ar iface Fl d Ar max data length .Nm -.Fl i Ar iface Fl e Ar 0|1 +.Op Fl i +.Ar iface Fl e Ar 0|1 .Nm -.Fl i Ar iface Fl k Ar key +.Op Fl i +.Ar iface Fl k Ar key .Op Fl v Ar 1|2|3|4 .Nm -.Fl i Ar iface Fl T Ar 1|2|3|4 +.Op Fl i +.Ar iface Fl T Ar 1|2|3|4 .Nm -.Fl i Ar iface Fl r Ar RTS threshold +.Op Fl i +.Ar iface Fl r Ar RTS threshold .Nm -.Fl i Ar iface Fl f Ar frequency +.Op Fl i +.Ar iface Fl f Ar frequency .Nm -.Fl i Ar iface Fl P Ar 0|1 +.Op Fl i +.Ar iface Fl P Ar 0|1 .Nm -.Fl i Ar iface Fl S Ar max_sleep_duration +.Op Fl i +.Ar iface Fl S Ar max_sleep_duration .Nm -.Fl i Ar iface Fl Z +.Op Fl i +.Ar iface Fl Z (zero signal cache) .Nm -.Fl i Ar iface Fl C +.Op Fl i +.Ar iface Fl C (display signal cache) .Sh DESCRIPTION The @@ -221,7 +240,11 @@ Permitted values are .Ar 0 (encryption disabled) or .Ar 1 -(encryption enabled). Encryption is off by default. +(encryption enabled). +Encryption is off by default. +.Pp +Both 128-bit and 64-bit WEP have been broken. +See the BUGS section for details. .It Fl i Ar iface Fl k Ar key "[-v 1|2|3|4]" Set WEP encryption keys. There are four default encryption keys @@ -242,9 +265,15 @@ For WaveLAN Turbo Gold cards, the key can also be 104 bits, which means the key can be specified as either a 13 character text string or 26 hex digits in addition to the formats supported by the Silver cards. +.Pp +Both 128-bit and 64-bit WEP have been broken. +See the BUGS section for details. .It Fl i Ar iface Fl T Ar 1|2|3|4 Specify which of the four WEP encryption keys will be used to encrypt transmitted packets. +.Pp +Both 128-bit and 64-bit WEP have been broken. +See the BUGS section for details. .It Fl i Ar iface Fl r Ar RTS threshold Set the RTS/CTS threshold for a given interface. This controls the @@ -332,8 +361,28 @@ from the signal strength (i.e. less noise and better signal yields better signal quality). .El .Sh SEE ALSO +.Xr ipsec 4 , .Xr wi 4 , .Xr ifconfig 8 +.Sh BUGS +WEP has been broken. +Do not use it. +Use IPSEC instead. +Do not trust access points. +.Pp +The attack on WEP is a passive attack, requiring only the ability to +sniff packets on the network. +The passive attack can be launched at a distance larger, up to many +miles, than one might otherwise expect given a specialized antenna +used in point to point applications. +The attacker can recover the keys from a 128-bit WEP network after +at most 5,000,000 or 6,000,000 packets. +While this may sound like a large number of packets, emperical +evidence suggests that this amount of traffic is generated in a few +hours on a partially loaded network. +.Pp +See http://www.cs.rice.edu/~astubble/wep/wep_attack.html for details +of the attack. .Sh HISTORY The .Nm |