hacker
119
edits
More actions
moved ARP and MAC links to wikipedia
No edit summary |
(moved ARP and MAC links to wikipedia) |
||
|
Luckily WEP has another vulnerability we can exploit to generate encrypted traffic on the network. A replay attack is when you retransmit an encrypted message with the hopes that the destination will accept it. There is no check in WEP to ensure that it won't decode and pass on already decoded packets. The retransmitted packet will obviously use the same IV each time, but if a host on the network responds then it's response will use a new IV each time.
To usefully exploit this flaw you need a packet that a host will respond to. Most networks have lots of these; it's part of being an Ethernet network. [[Wikipedia:Address Resolution Protocol|ARP]]
The KoreK attack combined with the replay vulnerability can crack a 40-bit WEP key in under 30 minutes. 104-bit WEP in under an hour.
| |||