WEP: Dead Again, Part 1
Source: Michael Ossmann - Posted by Joe Shakespeare   
Wireless Security This article is the first of a two-part series that looks at the new generation of WEP cracking tools for WiFi networks, which offer dramatically faster speeds for penetration testers over the previous generation of tools. In many cases, a WEP key can be determined in seconds or minutes. Part one, below, compares the latest KoreK based tools that perform passive statistical analysis and brute-force cracking on a sample of collected WEP traffic. Next time, in part two, we'll look at active attack vectors, including a method to dramatically increase the rate of packet collection to make statistical attacks even more potent.

Is WEP that bad?
Many security folks and even more wireless folks these days are saying that WEP isn't all that bad. They say that if you use modern equipment that filters weak Initial Vectors (IVs) and change your keys frequently (or at least once in a while), nobody will ever crack your WEP. Sure, maybe some next-generation WEP attacks will arise one day that will change everything, but WEP is okay today for all but the most sensitive networks. Well, that next-generation is already here, heralded by highly functional tools that make WEP look weaker than Barney Fife on guard duty, sleeping on the job.

Let's take a look at some of the new tools that should be in every penetration tester's bag of tricks, rather then delving into the details of why the various attacks work. Time and time again, the industry has shown that it will not reject broken security safeguards until attacks are actually demonstrated in the real world. Here's how to quickly turn some heads.

The way things were
Since the summer of 2001, WEP cracking has been a trivial but time consuming process. A few tools, AirSnort perhaps the most famous, that implement the Fluhrer-Mantin-Shamir (FMS) attack were released to the security community -- who until then were aware of the problems with WEP but did not have practical penetration testing tools. Although simple to use, these tools require a very large number of packets to be gathered before being able to crack a WEP key. The AirSnort web site estimates the total number of packets at five to ten million, but the number actually required may be higher than you think.

Read this full article at Michael Ossmann

Only registered users can write comments.
Please login or register.

Powered by AkoComment!