RE: V/Scan for Wireless LANs

Fri, 18 Jul 2003 10:25:38 -0700 

Ian,
 
There are some tools that will work to try to find a WEP key but they require a lot of 
data and time.  They exploit known vulnerabilities in the WEP algorithm to find the 
keys.  However it could take as much as 500 meg of data.  I don't have the links 
handy.  Sorry.
 
As far as brute forcing.  ok idea but not very doable.  to iterate through all 
cobinations would be 2^128 possibilities which gets you to about 
3.4028236692093846346337460743177e+38 possible combinations.  If you assumed you could 
do 1 per second - which would be tough if you wait for DHCP to respond it would take 
you 10790283070806014188970529154990 years to get through all the combinations.  Thats 
a long time.  :)  If somebody could check my math that would be great.
 
Thanks,
afm

        -----Original Message----- 
        From: Ian Chilvers [mailto:[EMAIL PROTECTED] 
        Sent: Fri 7/18/2003 7:18 AM 
        To: [EMAIL PROTECTED] 
        Cc: 
        Subject: V/Scan for Wireless LANs
        
        

        Hi all
        
        We've been asked to perform a vulnerability assessment for a company that
        has a Wireless LAN.  The W/LAN is running WEP with a random key generated,
        rather than a dictionary word.
        
        Are there any tools out there that can brute force a WEP.
        
        Take this example.  A person parks the car in the car park and sniffs the
        air waves with a product like NetStumbler.  He discovers the W/LAN but with
        WEP.
        
        Is there a tool he can use to discover the WEP key (possible by brute force)
        
        If there isn't such a tool, how does this sound for an idea.
        
        Run a app that starts at binary 0's and counts upto 128bits of 1's
        For each sequence listen to see if there are any sensible packets or even
        send out a DHCP discover request to see if you get a reply.  This would then
        possibly give you the WEP key.
        
        Any comments
        
        Ian....
        
        
        
        ---------------------------------------------------------------------------
        KaVaDo is the first and only company that provides a complete and an
        integrated suite of Web application security products, allowing you to:
         - assess your entire Web environment with a Scanner,
         - automatically set positive security policies for real-time protection,
           and
         - maintain such policies at the Application Firewall without compromising 
busines performance.
        
        For more information on KaVaDo and to download a FREE white paper on Web 
applications - security policy automation, please visit:
        http://www.kavado.com/ad.htm
        ----------------------------------------------------------------------------

Reply via email to