RE: V/Scan for Wireless LANs

From: Whiteside, Larry [contractor] (BAE14@SSP.NAVY.MIL)
Date: Fri Jul 18 2003 - 12:47:49 EDT

• Next message: Mark Wolfgang: "Re: V/Scan for Wireless LANs"
• Previous message: David Nester: "RE: V/Scan for Wireless LANs"
• Maybe in reply to: Ian Chilvers: "V/Scan for Wireless LANs"
• Next in thread: Mark Wolfgang: "Re: V/Scan for Wireless LANs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Ian,

Try WEPcrack or Airsnort. Both are for Linux, but both are very nice tools. WEPCrack was the first to crack WEP, but Airsnort seems to be a bit more user friendly. I have not seen a solution for windows. Happy Cracking!

L
***************************
Larry Whiteside Jr.

-----Original Message-----
From: Ian Chilvers [mailto:Ian.Chilvers@prolateral.com]
Sent: Friday, July 18, 2003 8:19 AM
To: pen-test@securityfocus.com
Subject: V/Scan for Wireless LANs

Hi all

We've been asked to perform a vulnerability assessment for a company that
has a Wireless LAN. The W/LAN is running WEP with a random key generated,
rather than a dictionary word.

Are there any tools out there that can brute force a WEP.

Take this example. A person parks the car in the car park and sniffs the
air waves with a product like NetStumbler. He discovers the W/LAN but with
WEP.

Is there a tool he can use to discover the WEP key (possible by brute force)

If there isn't such a tool, how does this sound for an idea.

Run a app that starts at binary 0's and counts upto 128bits of 1's
For each sequence listen to see if there are any sensible packets or even
send out a DHCP discover request to see if you get a reply. This would then
possibly give you the WEP key.

Any comments

Ian....

---------------------------------------------------------------------------
KaVaDo is the first and only company that provides a complete and an
integrated suite of Web application security products, allowing you to:
 - assess your entire Web environment with a Scanner,
 - automatically set positive security policies for real-time protection,
   and
 - maintain such policies at the Application Firewall without compromising busines performance.
 
For more information on KaVaDo and to download a FREE white paper on Web applications - security policy automation, please visit:
http://www.kavado.com/ad.htm
----------------------------------------------------------------------------

---------------------------------------------------------------------------
KaVaDo is the first and only company that provides a complete and an
integrated suite of Web application security products, allowing you to:
 - assess your entire Web environment with a Scanner,
 - automatically set positive security policies for real-time protection,
   and
 - maintain such policies at the Application Firewall without compromising busines performance.
 
For more information on KaVaDo and to download a FREE white paper on Web applications - security policy automation, please visit:
http://www.kavado.com/ad.htm
----------------------------------------------------------------------------

• Next message: Mark Wolfgang: "Re: V/Scan for Wireless LANs"
• Previous message: David Nester: "RE: V/Scan for Wireless LANs"
• Maybe in reply to: Ian Chilvers: "V/Scan for Wireless LANs"
• Next in thread: Mark Wolfgang: "Re: V/Scan for Wireless LANs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:37 EDT