2

As I've understood Andrea Bittau's fragmentation attack, an attacker can obtain a keystream of arbitrary length if he can first obtain a very small keystream of about 8 bytes. I understand that this small keystream can be obtained by intercepting an arbitrary, encrypted packet sent between the AP and a client, and XOring with the partially known plaintext of this arbitrary packet (common headers, etc.).

However, if the AP has no clients, how can that first, encrypted packet be elicited from the AP for interception? There are several guides out there with practical tutorials for how to do this, but I never see it explicitly mentioned how the AP is lured into sending the first, encrypted packet.

It would be great if someone could help me out on this. I've been stuck on this problem for far too long.

I use the word "packet" to describe several frames aggregated into one frame. I'm not talking about the transport layer. I don't know if this is something only my lecturer does.

Magnus
  • 377
  • 2
  • 10

1 Answers1

1

This attack will only work with WEP in open authentication. This means the attacker can authenticate to the system without any prior knowledge.

Then you have a client. One which the AP will (sometimes) send ARPs to; there's your encrypted data packet. The tutorials you'll find will mention the need for faking authentication.

J.A.K.
  • 4,793
  • 13
  • 30
  • Really? The ARP request from the AP to the attacker will be encrypted, even though the attacker is merely authenticated, but not WEP associated with the AP? – Magnus Oct 19 '16 at 13:22