Penetration Testing mailing list archives
Re: Wireless wep crackin on windows
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 20 May 2004 16:55:04 -0400 (EDT)
From: Ivan Arce <ivan.arce () coresecurity com> Subject: Re: WEP attacks based on IV Collisions Organization: CORE SECURITY TECHNOLOGIES Date: Tue, 11 May 2004 02:49:16 -0300 To: pen-test () securityfocus com Nick Petroni and Bill Arbaugh have outlined an active attack that would give you full access to a WEP encrypted wireless LAN without knowledge of the secret key. It relies on the lack of integrity checks for the wireless packets which lets an attacker inject arbitrary packets into the LAN without being detected. The attack does not require you to crack any WEP key and uses the fact that WEP wrongly uses CRC for integrity checks, this lets an attacker mount an inductive attack to gradually recover additional bits of a pseudorandom stream provided that N bytes are initially recovered with a known plaintext attack. They cite ARP and DHCP requests as effective for this inital recovery. BTW, you dont really need to *inject* packets for the inital recovery. Full description of the attack appeared on: "The Dangers of Mitigating Security Design Flaws: A Wireless Case Study" Nick L. Petroni Jr. and William Arbaugh IEEE Security & Privacy magazine vol1. num 1., January/February 2003 A powerpoint presentation is available at: http://www.cs.umd.edu/~waa/wepwep2-attack.html I am unaware of publicly available tools that implement the attack. This might be old news but I am quite surprised that it is not mentioned as popular and widely used as passive attacks focused on cracking keys. -ivan On Thu, 20 May 2004 securityfocus () arkam it wrote:
Hi all, one of my clients want to see how secure is his wireless network, so had asked me to try to enter his wlan. I've never done wireless pentesting before, so I'm here to ask ^_______^ I'm basically using a windows machine, and i've already used netstumbler with my centrino wireless card to enumerate wlan networks, and with a gps receiver I can locate them on a map. I know there are many tools on linux for wep cracking, just like airsnort and others, but since I have little experience with linux OS, and I've to do this work in a few days, I'm searching for a wep cracker that can run on windows xp. Is there any one? Google did not help me ^_______^ Thanks in advance, -- Luca Dell'Oca CISSP Certified OPSA certified Analyst BS7799 Lead Auditor Arkam snc Via al Lago 68 21026 Gavirate (VA)
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too!
Current thread:
- Wireless wep crackin on windows securityfocus (May 20)
- RE: Wireless wep crackin on windows Jerry Shenk (May 20)
- RE: Wireless wep crackin on windows Chuck Herrin (May 20)
- Re: Wireless wep crackin on windows - corrections Andrew A. Vladimirov (May 21)
- RE: Wireless wep crackin on windows Chuck Herrin (May 20)
- Re: Wireless wep crackin on windows R. DuFresne (May 20)
- RE: Wireless wep crackin on windows Aaron Drew (May 21)
- Re: Wireless wep crackin on windows Andrew A. Vladimirov (May 21)
- RE: Wireless wep crackin on windows Aaron Drew (May 21)
- Re: Wireless wep crackin on windows Max (May 20)
- RE: Wireless wep crackin on windows Aaron Drew (May 21)
- Re: Wireless wep crackin on windows Andrew A. Vladimirov (May 21)
- RE: Wireless wep crackin on windows Aaron Drew (May 21)
- Re: Wireless wep crackin on windows E.Kellinis (May 25)
- RE: Wireless wep crackin on windows Jerry Shenk (May 25)
- Re: Wireless wep crackin on windows Andre Ludwig (May 26)
- RE: Wireless wep crackin on windows Jerry Shenk (May 25)
- <Possible follow-ups>
- RE: Wireless wep crackin on windows pen-test (May 21)
- RE: Wireless wep crackin on windows securityfocus (May 24)
(Thread continues...)
- RE: Wireless wep crackin on windows Jerry Shenk (May 20)