RE: V/Scan for Wireless LANs

From: Stanley, Tim (Tim.Stanleyat_private)
Date: Fri Jul 18 2003 - 13:07:19 PDT

Next message: R. DuFresne: "RE: V/Scan for Wireless LANs"

Previous message: Chris Harrington: "Re: V/Scan for Wireless LANs"
Maybe in reply to: Ian Chilvers: "V/Scan for Wireless LANs"
Next in thread: slugbait: "Re: V/Scan for Wireless LANs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I broke WEP in 7 hours by forcing new IVs. By forcing new IVs you are
inducing a limited denial of service attack.

If you have the dictionaries I mentioned earlier and reasonable amount of
skill, you can normally crack the WEP in about 20-30 seconds.

========================= 
Timothy D. Stanley, CISSP
(719) 590-5118
tim.stanleyat_private  


-----Original Message-----
From: Calderone, Denis [mailto:Denis.Calderoneat_private] 
Sent: Friday, July 18, 2003 11:42 AM
To: pen-testat_private
Subject: RE: V/Scan for Wireless LANs


A side question for the group on this topic,

Has anybody successfully used WEPcrack or Airsnort to crack a 128bit key?
I've never tried.

thanks

Denis Calderone

-----Original Message-----
From: Whiteside, Larry [contractor] [mailto:BAE14at_private]
Sent: Friday, July 18, 2003 12:48 PM
To: Ian Chilvers; pen-testat_private
Subject: RE: V/Scan for Wireless LANs

Ian,

Try WEPcrack or Airsnort. Both are for Linux, but both are very nice tools.
WEPCrack was the first to crack WEP, but Airsnort seems to be a bit more
user friendly. I have not seen a solution for windows. Happy Cracking!

L
***************************
Larry Whiteside Jr.


-----Original Message-----
From: Ian Chilvers [mailto:Ian.Chilversat_private]
Sent: Friday, July 18, 2003 8:19 AM
To: pen-testat_private
Subject: V/Scan for Wireless LANs


Hi all

We've been asked to perform a vulnerability assessment for a company that
has a Wireless LAN.  The W/LAN is running WEP with a random key generated,
rather than a dictionary word.

Are there any tools out there that can brute force a WEP.

Take this example.  A person parks the car in the car park and sniffs the
air waves with a product like NetStumbler.  He discovers the W/LAN but with
WEP.

Is there a tool he can use to discover the WEP key (possible by brute force)

If there isn't such a tool, how does this sound for an idea.

Run a app that starts at binary 0's and counts upto 128bits of 1's For each
sequence listen to see if there are any sensible packets or even send out a
DHCP discover request to see if you get a reply.  This would then possibly
give you the WEP key.

Any comments

Ian....



---------------------------------------------------------------------------
KaVaDo is the first and only company that provides a complete and an
integrated suite of Web application security products, allowing you to:
 - assess your entire Web environment with a Scanner,
 - automatically set positive security policies for real-time protection,
   and
 - maintain such policies at the Application Firewall without compromising
busines performance.

For more information on KaVaDo and to download a FREE white paper on Web
applications - security policy automation, please visit:
http://www.kavado.com/ad.htm
----------------------------------------------------------------------------


---------------------------------------------------------------------------
KaVaDo is the first and only company that provides a complete and an
integrated suite of Web application security products, allowing you to:
 - assess your entire Web environment with a Scanner,
 - automatically set positive security policies for real-time protection,
   and
 - maintain such policies at the Application Firewall without compromising
busines performance.

For more information on KaVaDo and to download a FREE white paper on Web
applications - security policy automation, please visit:
http://www.kavado.com/ad.htm
----------------------------------------------------------------------------

---------------------------------------------------------------------------
KaVaDo is the first and only company that provides a complete and an 
integrated suite of Web application security products, allowing you to:
 - assess your entire Web environment with a Scanner,
 - automatically set positive security policies for real-time protection, 
   and
 - maintain such policies at the Application Firewall without compromising
busines performance.
 
For more information on KaVaDo and to download a FREE white paper on Web
applications - security policy automation, please visit:
http://www.kavado.com/ad.htm
----------------------------------------------------------------------------

---------------------------------------------------------------------------
KaVaDo is the first and only company that provides a complete and an 
integrated suite of Web application security products, allowing you to:
 - assess your entire Web environment with a Scanner,
 - automatically set positive security policies for real-time protection, 
   and
 - maintain such policies at the Application Firewall without compromising busines performance.
 
For more information on KaVaDo and to download a FREE white paper on Web applications - security policy automation, please visit:
http://www.kavado.com/ad.htm
----------------------------------------------------------------------------

Next message: R. DuFresne: "RE: V/Scan for Wireless LANs"
Previous message: Chris Harrington: "Re: V/Scan for Wireless LANs"
Maybe in reply to: Ian Chilvers: "V/Scan for Wireless LANs"
Next in thread: slugbait: "Re: V/Scan for Wireless LANs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jul 18 2003 - 14:21:53 PDT