Dailydave mailing list archives
Re: WPA attack improved to 1min, MITM
From: Cedric Blancher <blancher () cartel-securite fr>
Date: Thu, 27 Aug 2009 19:08:23 +0200
Le jeudi 27 août 2009 à 12:28 -0400, Mike Kershaw a écrit :
However, beacon frames are still unprotected. As long as the BSSID and WPA IE fields are the same, there's no reason you can't rewrite them to advertise a different channel.
That's a very good point. When I was saying trivial, I was meaning no need to implement something specific to handle that situation. But that's only generating beacons and forwarding frames from one radio to another, no big deal indeed. And it is way easier to do than playing with QoS actually :)
So at the least, it would seem like they've removed QoS as a restriction, so long as they can successfully maintain the repeater (and so long as the client doesn't wander away when it stops getting data packets for 10 minutes, of course).
That's where their "1min improvement" might become useful. Because they don't use 802.11e, they can only inject 1 frame per keystream, against multiple ones (one per usable channel) for original Beck&Tews attack. But their ability to retrieve new ARPs more often partly compensate that. -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread!
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- WPA attack improved to 1min, MITM Dragos Ruiu (Aug 26)
- Re: WPA attack improved to 1min, MITM Mike Patterson (Aug 26)
- Re: WPA attack improved to 1min, MITM Dragos Ruiu (Aug 26)
- Re: WPA attack improved to 1min, MITM Joshua Wright (Aug 26)
- Re: WPA attack improved to 1min, MITM Cedric Blancher (Aug 27)
- Re: WPA attack improved to 1min, MITM Mike Kershaw (Aug 27)
- Re: WPA attack improved to 1min, MITM Cedric Blancher (Aug 27)
- Message not available
- Re: WPA attack improved to 1min, MITM Mike Kershaw (Aug 30)
- Re: WPA attack improved to 1min, MITM Dragos Ruiu (Aug 26)
- Re: WPA attack improved to 1min via MITM Dragos Ruiu (Aug 30)
- Re: WPA attack improved to 1min, MITM Mike Patterson (Aug 26)