Penetration Testing mailing list archives
Re: WEP attacks based on IV Collisions
From: leonardo <billtorvalds1 () yahoo it>
Date: Mon, 7 Jun 2004 00:09:25 +0200
* Thursday 03 June 2004, alle 13:43, pen-test () nym hush com scrive:
This is only true if Shared Key Authentication is in use. Vendors saw this as moronic years ago. I'm not sure how many AP's (if any) use Shared Key Authentication as the default, but every AP I've seen has had Open System Authentication as an option (which essentially just skips that step).
that's good, but Is it the same for clients? if we're still talking about plain 802.11 with WEP then you can always deauthenticate a client and behave like an AP, asking the client to authenticate with Shared Key. Then you just have to send as a challenge text the bytes you want that client to crypt for you. ciao, leonardo. -- 0C5F B8DE 3136 1506 96D0 1806 7674 D513 A66E 7854
Current thread:
- RE: WEP attacks based on IV Collisions Jeremy Junginger (Jun 02)
- Re: WEP attacks based on IV Collisions leonardo (Jun 02)
- <Possible follow-ups>
- RE: WEP attacks based on IV Collisions pen-test (Jun 04)
- RE: WEP attacks based on IV Collisions pen-test (Jun 04)
- Re: WEP attacks based on IV Collisions leonardo (Jun 07)
- Re: WEP attacks based on IV Collisions Andrew A. Vladimirov (Jun 11)
- Re: WEP attacks based on IV Collisions leonardo (Jun 07)