From: SKC (skc@indigotwilight.com)
Date: Fri Jul 18 2003 - 13:41:02 EDT
Oh yeah and use reinj.c to create enough packets to get the weak
initialization vectors for cracking WEP.
On 7/18/03 12:51, "Morgan, Andy" <Andy.Morgan@agiliti.com> wrote:
> Ian,
>
> There are some tools that will work to try to find a WEP key but they require
> a lot of data and time. They exploit known vulnerabilities in the WEP
> algorithm to find the keys. However it could take as much as 500 meg of data.
> I don't have the links handy. Sorry.
>
> As far as brute forcing. ok idea but not very doable. to iterate through all
> cobinations would be 2^128 possibilities which gets you to about
> 3.4028236692093846346337460743177e+38 possible combinations. If you assumed
> you could do 1 per second - which would be tough if you wait for DHCP to
> respond it would take you 10790283070806014188970529154990 years to get
> through all the combinations. Thats a long time. :) If somebody could check
> my math that would be great.
>
> Thanks,
> afm
>
> -----Original Message-----
> From: Ian Chilvers [mailto:Ian.Chilvers@prolateral.com]
> Sent: Fri 7/18/2003 7:18 AM
> To: pen-test@securityfocus.com
> Cc:
> Subject: V/Scan for Wireless LANs
>
>
>
> Hi all
>
> We've been asked to perform a vulnerability assessment for a company that
> has a Wireless LAN. The W/LAN is running WEP with a random key generated,
> rather than a dictionary word.
>
> Are there any tools out there that can brute force a WEP.
>
> Take this example. A person parks the car in the car park and sniffs the
> air waves with a product like NetStumbler. He discovers the W/LAN but with
> WEP.
>
> Is there a tool he can use to discover the WEP key (possible by brute force)
>
> If there isn't such a tool, how does this sound for an idea.
>
> Run a app that starts at binary 0's and counts upto 128bits of 1's
> For each sequence listen to see if there are any sensible packets or even
> send out a DHCP discover request to see if you get a reply. This would then
> possibly give you the WEP key.
>
> Any comments
>
> Ian....
>
>
>
> ---------------------------------------------------------------------------
> KaVaDo is the first and only company that provides a complete and an
> integrated suite of Web application security products, allowing you to:
> - assess your entire Web environment with a Scanner,
> - automatically set positive security policies for real-time protection,
> and
> - maintain such policies at the Application Firewall without compromising
> busines performance.
>
> For more information on KaVaDo and to download a FREE white paper on Web
> applications - security policy automation, please visit:
> http://www.kavado.com/ad.htm
> ----------------------------------------------------------------------------
>
>
>
---------------------------------------------------------------------------
KaVaDo is the first and only company that provides a complete and an
integrated suite of Web application security products, allowing you to:
- assess your entire Web environment with a Scanner,
- automatically set positive security policies for real-time protection,
and
- maintain such policies at the Application Firewall without compromising busines performance.
For more information on KaVaDo and to download a FREE white paper on Web applications - security policy automation, please visit:
http://www.kavado.com/ad.htm
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:37 EDT