wds
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
wds [2008/05/09 23:52] – Remove the unneeded double-dash note. netrolller3d | wds [2010/11/20 23:04] – typo sleek | ||
---|---|---|---|
Line 108: | Line 108: | ||
* The WDS sends out probe packets for the specific AP as well as " | * The WDS sends out probe packets for the specific AP as well as " | ||
* The client line above only reflects the probes and probe responses. | * The client line above only reflects the probes and probe responses. | ||
- | |||
- | |||
==== Attacks which work ==== | ==== Attacks which work ==== | ||
Line 116: | Line 114: | ||
Although fake authentication does work, each BSSID can be used as an authenticated MAC on the other unit. So fake authentication is not required. | Although fake authentication does work, each BSSID can be used as an authenticated MAC on the other unit. So fake authentication is not required. | ||
+ | airtun-ng can inject plaintext and WEP packets into a WDS link. That's even possible when airtun-ng only sees one of the two WDS nodes! (Note that in this case only clients behind this node are reachable) | ||
==== Attacks which do not work ==== | ==== Attacks which do not work ==== | ||
Line 136: | Line 135: | ||
* All tools: Ability to specify all four address fields on the command line | * All tools: Ability to specify all four address fields on the command line | ||
* aireplay-ng: | * aireplay-ng: | ||
- | * aireplay-ng: | + | * aireplay-ng: |
Line 170: | Line 169: | ||
The existing aircrack-ng tools can capture this and break the WEP key. | The existing aircrack-ng tools can capture this and break the WEP key. | ||
- |
wds.txt · Last modified: 2018/03/11 19:08 by mister_x