1$FreeBSD: src/tools/tools/net80211/wesside/README,v 1.2 2006/08/07 17:08:05 keramida Exp $ 2 3This is an implementation of the frag attack described in: 4http://tapir.cs.ucl.ac.uk/bittau-wep.pdf 5It will only work with Atheros. It could be made to work with other cards, but 6it is more difficult. 7 8wesside's features: 9=================== 10* Channel hops, finds a WEP wifi, finds a MAC to spoof if necessary and 11 associates. 12* Waits for a packet. Uses fragmentation to recover some keystream. 13* Discovers the network's IP using the linear keystream expansion technique in 14 order to decrypt an ARP packet. 15* Generates traffic on the network for weak IV attack: 16 - Either by flooding with ARP requests. 17 - Or, by contacting someone on the Internet [udps] and telling it to flood. 18* Uses aircrack periodically to attempt to crack the WEP key. The supplied 19 aircrack is modified to work with wesside. 20* Binds to a tap interface to allow TX. RX works if a dictionary is being built 21 [dics] and a packet with a known IV traverses the network. 22 23Examples: 24========= 25For the skiddies: 26./wesside 27 28To cause the Internet to flood: 29[Internet box]~$ ./udps 500 30./wesside -s ip_of_internet_box 31 32To build a dictionary: 33[Internet box]~# ./dics source_ip_of_box 100 34./wesside -s ip_of_internet_box 35Use tap3 as if it were the wifi. 36