UPDATE: Slides, paper and code
Andrea Bittau (not blurry in real life) gave a demo of the WEP fragmentation attack. The attack only requires one sniffed packet from the WEPed network unlike replay attacks which usually require you to get an ARP packet. He built a simple tool to sniff a packet and then build packets to create a legitimate connection to the access point. At this point a server on the internet is contacted to flood the network with packets at up to 1400 packets per second. This generates a ton of unique IVs and aircrack is called every 100000 packets till the WEP key is cracked. In the demo it took under 5 minutes for the automated process to complete.
Continue reading “TC7 Day 1 – The Fragmentation Attack In Practice”