A security technician is attempting to access a wireless network protected with WEP. The
technician does not know any information about the network. Which of the following should the
technician do to gather information about the configuration of the wireless network?

A.
Spoof the MAC address of an observed wireless network client

B.
Ping the access point to discover the SSID of the network

C.
Perform a dictionary attack on the access point to enumerate the WEP key

D.
Capture client to access point disassociation packets to replay on the local PC’s loopback

Explanation:
With ARP spoofing (also known as ARP poisoning), the MAC (Media Access Control) address of
the data is faked. By faking this value, it is possible to make it look as if the data came from a
network that it did not. This can be used to gain access to the network, to fool the router into
sending data here that was intended for another host, or to launch a DoS attack. In all cases, the
address being faked is an address of a legitimate user, and that makes it possible to get around
such measures as allow/deny lists.
Note: As an example, the initialization vector (IV) that WEP uses for encryption is 24-bit, which is
quite weak and means that IVs are reused with the same key. By examining the repeating result, it
was easy for attackers to crack the WEP secret key. This is known as an IV attack.