[kismac] TKIP
- From: j.cooper1@xxxxxxxxxxx
- To: kismac@xxxxxxxxxxxxx
- Date: Wed, 19 May 2004 17:16:44 +0000
I found a network that happened to be a Hidden SSID with WEP enabled.. I know
this was talked about recently. Anyway, after about 5 hours and 90k in packs I
got the SSID. Though it could of been because of the what I will talk about
next..
A strange thing happened during this time. I had the console opened at this
time and the console showed these messages..
2004-05-17 13:44:19.239 KisMAC[326] WARNING!!! Received a Probe flood from
00:0B:BE:B2:6D:77. This usually means this computer uses a cheap stumbler such
as uStumbler, Macstumbler, or NetStumbler
2004-05-17 13:45:16.429 KisMAC[326] ATTENTION Received a De-authentication
frame. You might want to check for other WiFi people.
2004-05-17 13:45:17.321 KisMAC[326] Detected WPA response for 0C:0B:BE:B2:6D:77
The MAC address showed up while scanning as <no ssid>, and a probe. I am
assuming this is the wardriver, right?
Does this mean KisMAC detectes attacks buy other Wardrivers? If so what other
attacks can KisMAC detect?
The last message about WPA, do anyone know what this is?
one last thing..
Now to my real question.. So now I have been scanning for about 15 hours over
three days, and have collected 350k packets 43k in data packets and 12k Weak
IVs.
I try and run every attack on it and nothing seems to work
Kismac didn' show who the vender was, but ethereal did, and it happened to be
Cisco. So I went to Ciscos web site read about there wireless routers. Cisco
has this thing called TKIP.
TKIP is:
TKIP (Temporal Key Integrity Protocol, also known as WEP key hashing)?This
feature defends against an attack on WEP in which the intruder uses the
unencrypted initialization vector (IV) in encrypted packets to calculate the
WEP key. TKIP removes the predictability that an intruder relies on to
determine the WEP key by exploiting IVs.
Could this be the reason why I can crack the WEP? You would think there would
be no WeakIV packets if it was turned on right? Do I just need to collect more
WeajIV packets? Any Ideas on how to get more info about what type of
"encryption" is used or If it is standerd WEP?
Jeff
Other related posts:
