A security technician is attempting to access a wireless network protected with WEP. The technician does not
know any information about the network. Which of the following should the technician do to gather information
about the configuration of the wireless network?
Spoof the MAC address of an observed wireless network client
Ping the access point to discover the SSID of the network
Perform a dictionary attack on the access point to enumerate the WEP key
Capture client to access point disassociation packets to replay on the local PC’s loopback
With ARP spoofing (also known as ARP poisoning), the MAC (Media Access Control) address of the data is
faked. By faking this value, it is possible to make it look as if the data came from a network that it did not. This
can be used to gain access to the network, to fool the router into sending data here that was intended for
another host, or to launch a DoS attack. In all cases, the address being faked is an address of a legitimate
user, and that makes it possible to get around such measures as allow/deny lists.
Note: As an example, the initialization vector (IV) that WEP uses for encryption is 24-bit, which is quite weak
and means that IVs are reused with the same key. By examining the repeating result, it was easy for attackers
to crack the WEP secret key. This is known as an IV attack.