Attn: rfquinn - KoreK attack?

is this just Improved FMS with traffic injection?

or is it a new attack?

Here's a quote from KoreK himself:

"a) 1995: Wagner discusses potential vulnerability of RC4 (on sci.crypt).
b) 1999: Braindead WEP is born, implementing Wagner's vulnerability
c) 2001: FMS publish WEP paper (citing notably Wagner 1995, in one version of their paper). The amusing thing is that the published attack (that will be implemented later by airsnort, and a bit extended h1kari) is weaker than Wagner's (at least in the earlier stage of cracking).
d) 2001: Arbaugh publishes WEP inductive attack. Once again the published attack is pretty tame compared to the damage that can be inflicted. Arbaugh's inductive attack extends the wep stream. But going the other way (ie decrypting) is as easy. I doubt this was unknown to Arbaugh. No public exploit available.
e) Unreleased tools implements broader FMS attacks. I implement broader FMS attack. Nevertheless they are more or less a generalization (and reimplementation) of Wagner's.
f) I have to finish chopchop (=inverted Arbaugh). A few months ago, I thought I knew something that (almost) nobody knew. I am realizing I am just rediscovering 3-year old and 10-year old vulnerabilities. The joy.

I would not be surprised if the security of a WEP wireless network (on average and under attack) lasts less than 30 minutes."

So, you could either consider KoreK's stuff an improved FMS, or, more accurately, something built off Wagner's ideas.

This is a great thread that covers a wide area of WEP cracking.  It also contains the above quote.

http://forums.netstumbler.com/showthread.php?t=12277&highlight=korek

Do a search on the netstumbler forums for "KoreK".  I'm sure you'll find everything you're looking for.

It's funny that cracking WEP is coming full circle.  Before, with Airsnort, cracking WEP was very tough, and close to impossible with weak IV filtering.  But, everyone knew someone who knew someone who cracked WEP in 30 seconds; and implementing WEP was a waste of time.  Now, it seems that cracking WEP is starting to become almost what everyone thought it was years ago.  I'm just glad 802.11i is finished.

interesting. thanks man.

I've gotten into this wireless stuff sort of late...

wish I had a laptop with wireless card or a PPC/Zaurus running Linux.