802.11 Wireless Attacks  Home ToC Prev Up Next 
802.11
Attacks
O/S/M Vulnerabilities
WEP Encryption
+Passive Attacks
Active Attacks
IV Reply Attack
Bit-flipping Attack
ManInTheMiddle
MITM Attack
Cisco LEAP
LEAP weaknesses
LEAP attack
ICV issue
Passive WPA PSK
WPA PSK attacks
PSK attack tools
Conclusion
  

Passive Attacks

  • the key scheduling algorithm (KSA) issue - several weak IVs can reveal key bytes after statistical analysis

  • researchers at AT&T/Rice University and the developers of the AirSnort demonstrated this vulnerability and verified that WEP keys can be derived after as few as 4 million frames

  • using dynamic WEP keys can mitigate this vulnerability, but not eliminate

  • WEP injection can be used to inject new packets to increase weak IV (not "pure" passive attack) (a source/destination address and payload remain same, the AP responses with "duplication" error on network layer

  • Passive WPA PSK Dictionary Attack

All these attacks have been practically implemented! Airsnort, dwepcrack, Wepcrack, Aircrack, WepLab
Copyright © 2005 Pavol Lupták, OpenWeekend 2005  Prev Next