fragmentation
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
fragmentation [2007/04/29 21:30] – added additional usage and troubleshooting information darkaudax | fragmentation [2008/09/08 23:02] – darkaudax | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Fragmentation Attack ====== | ====== Fragmentation Attack ====== | ||
+ | |||
+ | |||
===== Description ===== | ===== Description ===== | ||
- | This attack, when successful, can obtain 1500 bytes of PRGA (pseudo random generation algorithm). This attack does not recover the WEP key itself, but merely obtains the PRGA. The PRGA can then be used to generate packets with [[packetforge-ng]] which are in turn used for various injection attacks. | + | This attack, when successful, can obtain 1500 bytes of PRGA (pseudo random generation algorithm). This attack does not recover the WEP key itself, but merely obtains the PRGA. The PRGA can then be used to generate packets with [[packetforge-ng]] which are in turn used for various injection attacks. |
+ | |||
+ | Basically, the program obtains a small amount of keying material from the packet then attempts to send ARP and/or LLC packets with known content to the access point (AP). If the packet is successfully echoed back by the AP then a larger amount of keying information can be obtained from the returned packet. | ||
- | Basically, the program obtains a small amount of keying material from the packet then attempts to send ARP and/or LLC packets with known content to the access point (AP). If the packet is successfully echoed back by the AP then a larger amount | + | The original paper, [[http://darkircop.org/ |
- | The original paper by Andrea Bittau at http:// | ||
===== Usage ===== | ===== Usage ===== | ||
Line 90: | Line 93: | ||
* The [[tutorial|tutorials page]] have a number of tutorials which utilize the fragmentation attack. | * The [[tutorial|tutorials page]] have a number of tutorials which utilize the fragmentation attack. | ||
+ | |||
+ | * When to say no to a packet? | ||
+ | |||
+ | |||
===== Usage Troubleshooting ===== | ===== Usage Troubleshooting ===== | ||
- | | + | ===== General ====== |
+ | |||
+ | | ||
* Make sure the MAC you are using for injection is associated with the AP. | * Make sure the MAC you are using for injection is associated with the AP. | ||
* Make sure you are on the same channel as the AP. | * Make sure you are on the same channel as the AP. | ||
* Also see the general aireplay-ng troubleshooting ideas: [[aireplay-ng# | * Also see the general aireplay-ng troubleshooting ideas: [[aireplay-ng# | ||
+ | |||
+ | Although not a direct troubleshooting tip for the fragmentation attack, if you are unable to get the attack to work, there are some alternate attacks you should consider: | ||
+ | |||
+ | * [[korek_chopchop|Korek chopchop Attack]]: This is an alternate technique to obtain PRGA for building packets for subsequent injection. | ||
+ | * [[interactive_packet_replay# | ||
+ | |||
+ | |||
+ | ===== "Not enough acks, repeating" | ||
+ | |||
+ | If you receive a message similar to: | ||
+ | |||
+ | 20: | ||
+ | 20: | ||
+ | 20: | ||
+ | 20: | ||
+ | 20: | ||
+ | 20: | ||
fragmentation.txt · Last modified: 2009/09/05 23:32 by mister_x