WEP Key decrypt Error

Posted on 2006-03-31
Medium Priority
Last Modified: 2013-11-13
0 Fri Mar 31 10:14:28 2006 WEP Key decrypt error. Station MAC Address is XXXX, AP MAC is OOOO and Slot ID is 1.
1 Fri Mar 31 10:14:28 2006 WEP Key decrypt error. Station MAC Address is XXXX, AP MAC is OOOO and Slot ID is 1.
2 Fri Mar 31 10:13:44 2006 Load Profile Updated to Pass for AP MACAddr: XXXX and slotNo: 1  

I'm getting these errors showing up in my trap log on my wireless aeronet cisco router. Its also stating it found a coverage hole. Any idea's on what is causing this?
Question by:selhs
1 Comment
LVL 18

Accepted Solution

Sam Panwar earned 2000 total points
ID: 16348069

I have posted here the encrption of the wep key so i think its help you in your wep error troubleshooting

It's really pretty simple. The AP has a list of up to 4 keys. Each client has a list of up to 4 keys. The trick is that, if all lists are identical in content AND order, then it doesn't matter which keys are selected for transmit at any endpoint. Each WEP-encrypted frame contains an index number with a value from 0-3 that designates which key was used to encrypt the payload. If the receiver has the same last as the sender (in the same order), then the index allows it to find the same key for decryption.

It's that simple. If the lists are different, or differently ordered, then decryption will only work if the sender happens to encrypt with a key that is in the same position on the receiver's list. Using identical lists, all endpoints are free to choose arbitrary different transmit keys.

How the system breaks if encryption isn't working depends on the  authentication method you choose, and to some extent on how the vendor implemented the AP firmware and the client driver. WEP has two forms of
authenticaton: open system, and shared key authentication (only used with WEP). With shared key authentication, the AP sends out a random text string as a challenge, and the client must encrypt it and return it to the AP. If
the AP understands the decrypted frame, then authentication completes. With open system, this step is skipped. Any client that knows the SSID can associate successfully under open system even if it does not use WEP,
because encryption is not used for association except during the challenge step.

So, with open system but broken WEP, your driver might tell you that your client connected to the network - but will not get a DHCP address. With shared key authentication, the driver will probably not indicate a
successful network connection if WEP is not working.

I recommend against using shared key authentication. It provides no additional security over open system (if WEP is enabled, the client still must have the key to do anything, whether it is associated or not). Using
shared key authentication provides any eavesdropper a freebee for key-cracking - one frame from the AP with a couple of hundred bytes of plaintext, followed by a frame from the client with the same text encrypted,
plus the IV and key index use for the encryption. This is a big help.

The only real authentication is provided by WPA using an authentication server (and the client also gets to authenticate the AP, making man-in-the-middle attacks much harder).

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question