Differences

This shows you the differences between two versions of the page.

--- fragmentation [2007/01/26 23:49] – cosmetic changes mister_x
+++ fragmentation [2007/04/14 16:38] – cosmetic changes mister_x
@@ Line 1: / Line 1: @@
 ====== Fragmentation Attack ======
 ===== Description =====
-This attack, when successful, can obtain 1500 bits of PRGA (pseudo random genration algorithm). This attack does not recover the WEP key itself, but merely obtains the PRGA. The PRGA can then be used to generate packets with [[packetforge-ng]] which are in turn used for various injection attacks.  It requires at least one data packet needs to be received from the access point in order to initiate the attack.
+This attack, when successful, can obtain 1500 bytes of PRGA (pseudo random generation algorithm). This attack does not recover the WEP key itself, but merely obtains the PRGA. The PRGA can then be used to generate packets with [[packetforge-ng]] which are in turn used for various injection attacks.  It requires at least one data packet needs to be received from the access point in order to initiate the attack.
-Basically, the program obains a small amount of keying material from the packet then attempts to send ARP and/or LLC packets with known content to the access point (AP).  If the packet is successfully echoed back by the AP then a larger amount of keying information can be obtained from the returned packet.  This cycle is repeated a several times until 1500 bits of PRGA are obtained or sometimes less then 1500 bits.
+Basically, the program obtains a small amount of keying material from the packet then attempts to send ARP and/or LLC packets with known content to the access point (AP).  If the packet is successfully echoed back by the AP then a larger amount of keying information can be obtained from the returned packet.  This cycle is repeated a several times until 1500 bytes of PRGA are obtained or sometimes less then 1500 bytes.
-The original paper by Andrea Bittau at http://www.toorcon.org/2005/slides/abittau/paper.pdf provides a much more detailed technical description of the technique.
+The original paper by Andrea Bittau at http://www.toorcon.org/2005/slides/abittau/paper.pdf provides a much more detailed technical description of the technique.  Here are [[http://www.toorcon.org/2005/slides/abittau/slides.pdf|presentation slides]] of this paper.
 ===== Usage =====
@@ Line 37: / Line 38: @@
 ===== Usage Example =====
-Notes:
-  *The source MAC address used in the attack must be associated with the access point.  To do this, you can use [[fake_authentication|fake authentication]] or use a MAC address of existing wireless client.
-  *For madwifi-ng drivers (Atheros chipset), you must change MAC address of your card to the MAC address you will injecting with otherwise the attack will not work.
 Essentially you start the attack with the following command then select the packet you want to try:\\
   aireplay-ng -5 -b 00:14:6C:7E:40:80 -h 00:0F:B5:AB:CB:9D ath0
   Waiting for a data packet...
   Read 96 packets...
@@ Line 81: / Line 79: @@
    Now you can build a packet with packetforge-ng out of that 1500 bytes keystream
-You have successfully obtained the PRAGA which is stored in the file named by the program.  You can now use [[packetforge-ng]] to generate one or more packets to be used for various injection attacks.
+You have successfully obtained the PRGA which is stored in the file named by the program.  You can now use [[packetforge-ng]] to generate one or more packets to be used for various injection attacks.
+===== Usage Tips =====
+  *The source MAC address used in the attack must be associated with the access point.  To do this, you can use [[fake_authentication|fake authentication]] or use a MAC address of an existing wireless client.
+  *For madwifi-ng drivers (Atheros chipset), you must change MAC address of your card to the MAC address you will injecting with otherwise the attack will not work.
+===== Usage Troubleshooting =====
+Also see the general aireplay-ng troubleshooting ideas: [[aireplay-ng#usage_troubleshooting|aireplay-ng usage troubleshooting]].