This attack, when successful, can obtain 1500 bytes of PRGA (pseudo random generation algorithm). This attack does not recover the WEP key itself, but merely obtains the PRGA. The PRGA can then be used to generate packets with packetforge-ng which are in turn used for various injection attacks. It requires at least one data packet to be received from the access point in order to initiate the attack. Basically, the program obtains a small amount of keying material from the packet then attempts to send ARP and/or LLC packets with known content to the access point (AP). If the packet is successfully echoed back by the AP then a larger amount of keying information can be obtained from the returned packet. This cycle is repeated several times until 1500 bytes of PRGA are obtained or sometimes less then 1500 bytes.
The original paper, The Fragmentation Attack in Practice, by Andrea Bittau provides a much more detailed technical description of the technique. A local copy is located here. Here are presentation slides of a related paper. A local copy of the slides is located here. Also see the paper “The Final Nail in WEP’s Coffin” on this page.
Download File Here:
Tidak ada komentar:
Posting Komentar