From: Jerry Shenk (jshenk@decommunications.com)
Date: Tue May 25 2004 - 19:20:14 EDT
I don't believe the WEP key is passed across the network. This will
however cause multiple associations and might generate extra traffic.
It might also enable the attacker (running Evil Twin) to pass encrypted
packets through to another Access Point.
I think the main use for this attack is for networks that do LEAP. In
that case, the username and password hash are passed through the air and
are susceptible to a brute force or dictionary attack. Other
EAP-related authentication schemes may also be vulnerable to this but
most of them use a better hash encryption than LEAP does....at least it
seems so for the moment;)
-----Original Message-----
From: E.Kellinis [mailto:me@cipher.org.uk]
Sent: Tuesday, May 25, 2004 2:28 PM
To: securityfocus@arkam.it; pen-test@securityfocus.com
Subject: Re: Wireless wep crackin on windows
Hello,
There is another method to find the key without trying to crack wep
data,
You can use Evil Twin access point attack.
You setup another access point near by and you try to provide
stronger signal and exactly the same channel (and same SSID)
as the AP under attack , when this happen Clients will try to
connect to your access point that mimic a legitimate. Using this method
you might be able to retreive the WEP password.
All the needed info (SSID , channel etc) for this attack can be provided
by
many
WLAN analysis tools for windows .
I haven't done it, but it sounds reasonable
thx
Manos
=========================================================
*PK:http://www.cipher.org.uk/files/pgp/cipherorguk.public.key.txt
=========================================================
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:55 EDT