Re: WEP attacks based on IV Collisions

["Andrew A. Vladimirov" <mlists () arhont com>]

leonardo wrote:
> * Thursday 03 June 2004, alle 13:43, pen-test () nym hush com scrive:
>
> > This is only true if Shared Key Authentication is in use.  Vendors saw
> > this as moronic years ago.  I'm not sure how many AP's (if any) use Shared
> > Key Authentication as the default, but every AP I've seen has had Open
> > System Authentication as an option (which essentially just skips that
> > step).
>
>
> that's good, but Is it the same for clients? if we're still talking
> about plain 802.11 with WEP then you can always deauthenticate a client
> and behave like an AP, asking the client to authenticate with Shared
> Key. Then you just have to send as a challenge text the bytes you want
> that client to crypt for you.
>
> ciao,
> leonardo.

Now this sounds like a good idea. Your rogue AP will send a nonce,
receive the ciphertext and then the authentication will fail since you
don't know the actual WEP key. However, you will get your
ciphertext/plaintext pair and can get a piece of the keystream for a
given IV by XORing. Then you feed it to WEPWedgie :)

A more boring option would be feeding it to the Wnet's reinj.

The main technical problem here would be forcing the client to associate
with your rogue AP and not the legitimate one. Thus, you'll have to DoS
the legitimate AP when you can, for example by overfilling it's
authentication buffer using Void11.

Cheers,
Andrew

--
Dr. Andrew A. Vladimirov
CISSP #34081, CWNA, CCNP/CCDP, TIA Linux+
CSO
Arhont Ltd - Information Security.

Web: http://www.arhont.com
     http://www.wi-foo.com
Tel: +44 (0)870 44 31337
Fax: +44 (0)117 969 0141
GPG: Key ID - 0x1D312310
GPG: Server - gpg.arhont.com