RE: Wireless Pent-Test

["Maxime Rousseau" <m.rousseau () cgi com>]

The short answer to your question, imho, is WEP is NOT secure.

Its failure comes from poor usage of RC4. Details are covered in the
paper "Weaknesses in the Key Scheduling Algorithm of RC4" by Fluhrer,
Mantin, and Shamir.

A tool automates this attack already : http://wepcrack.sourceforge.net/

In short your vulnerability is a factor of your traffic. The higher the
numbers of packets travelling on your wireless lan, the faster a passive
sniffing attacker can crack your WEP key. Once you have the good amount
of packets, the WEP cracking itself is somewhere in the seconds range.

If you want to test this out, you can use sniffing tools such as :
http://airsnort.shmoo.com/


Good luck.

-M

-----Original Message-----
From: Cesar Diaz [mailto:cesadiz () yahoo com] 
Sent: 4 octobre, 2003 21:16
To: pen-test () securityfocus com
Subject: Wireless Pent-Test

[snip]

My question is, how do I test WEP and document wether or not it's
secure?  Any way to sniff for WEP keys, or to brute force attack a WEP
session?  If there is, how hard is it to set up?  How much of a risk of
a wireless connection with WEP enabled to be comprimised other than a
dedicated, brute force attack?


---------------------------------------------------------------------------
Tired of constantly searching the web for the latest exploits?
Tired of using 300 different tools to do one job?
Get CORE IMPACT and get some rest.
www.coresecurity.com/promos/sf_ept2
----------------------------------------------------------------------------