[kismac] TKIP

  • From: j.cooper1@xxxxxxxxxxx
  • To: kismac@xxxxxxxxxxxxx
  • Date: Wed, 19 May 2004 17:16:44 +0000

I found a network that happened to be a Hidden SSID with WEP enabled..  I know 
this was talked about recently.  Anyway, after about 5 hours and 90k in packs I 
got the SSID.  Though it could of been because of the what I will talk about 

A strange thing happened during this time.  I had the console opened at this 
time and the console showed these messages..

2004-05-17 13:44:19.239 KisMAC[326] WARNING!!! Received a Probe flood from 
00:0B:BE:B2:6D:77.  This usually means this computer uses a cheap stumbler such 
as uStumbler, Macstumbler, or NetStumbler
2004-05-17 13:45:16.429 KisMAC[326] ATTENTION Received a De-authentication 
frame. You might want to check for other WiFi people.
2004-05-17 13:45:17.321 KisMAC[326] Detected WPA response for 0C:0B:BE:B2:6D:77

The MAC address showed up while scanning as <no ssid>, and a probe.  I am 
assuming this is the wardriver, right?

Does this mean KisMAC detectes attacks buy other Wardrivers?  If so what other 
attacks can KisMAC detect?

The last message about WPA, do anyone know what this is?

one last thing..

Now to my real question..  So now I have been scanning for about 15 hours over 
three days, and have collected 350k packets 43k in data packets and 12k Weak 

I try and run every attack on it and nothing seems to work

Kismac didn' show who the vender was, but ethereal did, and it happened to be 
Cisco. So I went to Ciscos web site read about there wireless routers.  Cisco 
has this thing called TKIP. 

TKIP is:
TKIP (Temporal Key Integrity Protocol, also known as WEP key hashing)?This 
feature defends against an attack on WEP in which the intruder uses the 
unencrypted initialization vector (IV) in encrypted packets to calculate the 
WEP key. TKIP removes the predictability that an intruder relies on to 
determine the WEP key by exploiting IVs. 

Could this be the reason why I can crack the WEP?  You would think there would 
be no WeakIV packets if it was turned on right? Do I just need to collect more 
WeajIV packets?  Any Ideas on how to get more info about what type of 
"encryption" is used or If it is standerd WEP? 


Other related posts: