2

Ran into an interesting situation with Kismet and Airmon-ng while observing a client wireless network.

Basically, I'm observing the network using airmon-ng, and I have my BSSID and frequency set to the specific network I'm looking at. When I view the airmon output (the .csv file with several columns like BSSID, first time seen, channel, speed, etc) it has "WPA WEP OPN" in the 'Privacy' column, and "WEP" in the 'cipher' column. Even more curious, the 'Authentication' column had nothing in it. I've never seen this before, and was wondering if the InfoSec crowd had seen it.

Looks like this:

|Last time seen         |channel  |Speed     |Privacy      |Cipher   |Authentication     
|<Date and Time>        |6        |54        |WPA WEP OPN  |WEP      |<blank>

A bit of background:

  1. The network itself is an ad-hoc network, which is being used to support a mesh network.
  2. The vendor encryption is poorly documented, but is said to use '256 bit AES'. Doesn't mention if it's WEP or WPA, which is why I'm concerned.
  3. Before pulling it up in airmon-ng, I used a Windows computer to just view it.. Shows up as 'WEP' in inSSIDer, no mention of WPA.

If anyone has seen this before, I'd appreciate the help. Thanks!

Mike

MToecker
  • 686
  • 4
  • 13

1 Answers1

2

WEP uses RC-4 for encryption, so by saying their encryption is AES means it has to be WPA2, not WEP or WPA. Almost all vendors offer WEP as an option in order to support legacy devices though, so that's not really an indicator. The fact that SSIDer showed it as WEP windows asked for a WEP key indicates it is simply a WEP-enabled access point.

GdD
  • 17,291
  • 2
  • 41
  • 63
  • Agree, but why not then simply say "It's WEP". Why the merry chase trying to get a yes/no on whether or not its WEP? – MToecker Oct 14 '13 at 14:17
  • I don't know, you'd want to ask the aircrack devs. You may want to update your question on that, it's not Kismet output you are quoting... – GdD Oct 14 '13 at 14:28