SecurityFocus

Dictionary based AP probes Oct 11 2009 09:54PM
Rob Fuller (jd mubix gmail com) (3 replies)

Re: Dictionary based AP probes Oct 12 2009 02:40PM
Jon Janego (jonjanego gmail com) (1 replies)

Re: Dictionary based AP probes Oct 12 2009 05:29PM
Rob Fuller (jd mubix gmail com) (2 replies)

Re: Dictionary based AP probes Oct 12 2009 10:43PM
Carl Vincent (carl vincent hypermediasystems com)

Re: Dictionary based AP probes Oct 12 2009 09:22PM
Mike Kershaw (dragorn kismetwireless net) (1 replies)

Re: Dictionary based AP probes Oct 12 2009 10:38PM
Rob Fuller (jd mubix gmail com)

Re: Dictionary based AP probes Oct 12 2009 08:10AM
Robin Wood (dninja gmail com) (1 replies)

Re: Dictionary based AP probes Oct 12 2009 02:34PM
Joshua Wright (jwright hasborg com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robin Wood wrote:
> 2009/10/11 Rob Fuller <jd.mubix (at) gmail (dot) com [email concealed]>:
>> I don't know enough about the inner workings of 802.11 to know if this
>> would work, but is there a tool out there that will do a dictionary
>> attack on a non broadcasting AP by sending out probes?
>
> If there isn't then I'm sure it shouldn't be too hard to write one with Lorcon.

This was implemented a long time ago in Wellenreiter as a Perl function,
but it wasn't useful then, and as Mike pointed out, it's much simpler to
patiently sniff with Kismet or force a deauth/disassoc and watch the
client reconnect.

- -Josh
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iEYEARECAAYFAkrTPmoACgkQapC4Te3oxYyqGwCfYlz3gVG0jFtS9plgtRmD2L4X
Q48An2rxATZMB/jQCxF9RQs7pbYzfaoL
=io0n
-----END PGP SIGNATURE-----

[ reply ]

Re: Dictionary based AP probes Oct 12 2009 04:37AM
Mike Kershaw (dragorn kismetwireless net)