Forum

If I have just static wep configured on an access point in infrastructure mode can someone attack my clinet connected to the access point. Can a potential attacker get at my machine through the access point without hijacking my client?

The answer to my question is no. If you cannot authenticate to the access point then you cannot perform a peer to peer attack. You need to get the wep key in order to authenticate to the access point.

Are you talking about authentication or association to an access point? If the AP is using Open Authentication then WEP is not involved at all; only having a matching SSID is verified during Open Authentication.

During association, both the client and AP must either be using or not using WEP. This is indicated by a bit in the association request/response frames. The WEP key itself is not checked during association, so a client using WEP can successfully associate with an AP that has a different WEP key. In this case, the client and AP would not be able to decrypt the payload of each other's data frames, but control and management frames would be passed and accepted between the the client and AP.

Now, can you use only control and managment frames to somehow gain access to a client past layer 2? Hmmmmm...