wds
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
wds [2008/05/09 23:52] – Remove the unneeded double-dash note. netrolller3d | wds [2018/03/11 19:08] (current) – Removed links to trac mister_x | ||
---|---|---|---|
Line 24: | Line 24: | ||
It is recommended that you experiment with your home wireless access point to get familiar with these ideas and techniques. If you do not own a particular access point, please remember to get permission from the owner prior to playing with it. | It is recommended that you experiment with your home wireless access point to get familiar with these ideas and techniques. If you do not own a particular access point, please remember to get permission from the owner prior to playing with it. | ||
- | I would like to acknowledge and thank the [[http:// | + | Please send any constructive feedback, positive or negative. Additional troubleshooting ideas and tips are especially welcome. |
- | + | ||
- | Please send me any constructive feedback, positive or negative. Additional troubleshooting ideas and tips are especially welcome. | + | |
===== Solution ===== | ===== Solution ===== | ||
Line 108: | Line 106: | ||
* The WDS sends out probe packets for the specific AP as well as " | * The WDS sends out probe packets for the specific AP as well as " | ||
* The client line above only reflects the probes and probe responses. | * The client line above only reflects the probes and probe responses. | ||
- | |||
- | |||
==== Attacks which work ==== | ==== Attacks which work ==== | ||
Line 116: | Line 112: | ||
Although fake authentication does work, each BSSID can be used as an authenticated MAC on the other unit. So fake authentication is not required. | Although fake authentication does work, each BSSID can be used as an authenticated MAC on the other unit. So fake authentication is not required. | ||
+ | airtun-ng can inject plaintext and WEP packets into a WDS link. That's even possible when airtun-ng only sees one of the two WDS nodes! (Note that in this case only clients behind this node are reachable) | ||
==== Attacks which do not work ==== | ==== Attacks which do not work ==== | ||
Line 128: | Line 125: | ||
==== Enhancements required ==== | ==== Enhancements required ==== | ||
- | This is list of software changes required to support WDS attacks. Once aircrack-ng version 1 is released, this section will become a trac ticket. | + | This is list of software changes required to support WDS attacks: |
* aircrack-ng: | * aircrack-ng: | ||
Line 136: | Line 133: | ||
* All tools: Ability to specify all four address fields on the command line | * All tools: Ability to specify all four address fields on the command line | ||
* aireplay-ng: | * aireplay-ng: | ||
- | * aireplay-ng: | + | * aireplay-ng: |
Line 170: | Line 167: | ||
The existing aircrack-ng tools can capture this and break the WEP key. | The existing aircrack-ng tools can capture this and break the WEP key. | ||
- |
wds.1210369936.txt.gz · Last modified: 2008/05/09 23:52 by netrolller3d