AP WEP Vulnerablility when there are no associated clients

I'm looking at my Wireless AP using a laptop & kismet (from the auditor collection) from across the street.

I can see encrypted/broadcast packets from the AP and although i have a client connected, the signal's low enough that kismet doesnt show any clients associated with the AP.

Using airodump to collect packets the IV's come in rather slowly. Because the laptop cannot see any clients, i was unable to find any good arp packets that can be used with aireplay to inject assoc requests.

Are there other packets that can be injected to generate a bunch of traffic that dont require the FromDS = 0 and ToDS = 1

Can i assume then that it would take a very long time for someone to crack my WEP or are there other tools that can be used to inject packets into my network resulting in my AP responding the tons of IV's nessecary to crack the key?

simply... what's the likelyhood that someone can inject packets and crack my AP's WEP if there are no clients associated with it?

By my understanding they would just have to collect traffic for days and days before they get enough IV's to crack it instead of a few minutes if they can use aireplay.

Reply to
Loading thread data ...

Try using arpforge

See above and if not, as soon as you start using your network, they just deauth you then capture the arp upon reauth and then inject. 20 mins later they're done and you're cracked.

But if you're not going to use it, just turn it off! :) I presume you have an AP because you want to use it at some point?

See above. Can you just switch to WPA and just move away from WEP?


Reply to
David Taylor

Thanks, I'll read up on that.

Well let's assume my computer is using the network, but the signal is too weak to be detected from across the street. As in, only packets from the AP are being detected. Without a mac address or any information on my client how could they send a deauth packet? and then capture the reauth if they did somehow guess the correct MAC address?

They can't right?

It's not something i'm terribly concerned about. I -can- switch routers to one that has WPA. The two questions were more hypothetical for my own understanding of the way things work.

Rephrasing: Apart from using arpforge as you mentioned above, What are the requirements for cracking an AP's WEP if there are no clients associated with it? As in, would they have to just sit and collect the slowly incoming IV's (1pkt/~10sec) for days and days until they got lucky?

Thanks for your reply.

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.