|
Wireless Security
Dictionary based AP probes Oct 11 2009 09:54PM Rob Fuller (jd mubix gmail com) (3 replies) Re: Dictionary based AP probes Oct 12 2009 02:40PM Jon Janego (jonjanego gmail com) (1 replies) Re: Dictionary based AP probes Oct 12 2009 05:29PM Rob Fuller (jd mubix gmail com) (2 replies) Re: Dictionary based AP probes Oct 12 2009 10:43PM Carl Vincent (carl vincent hypermediasystems com) |
|
|
Privacy Statement |
> Thanks everyone who has responded, I will definitely be checking out
> MDK3 in the not so distant future. I do have one question though, a
> bunch of you have said that doing this isn't really useful or
> practical. I'm wondering why? If I'm doing a PenTest when there isn't
> any hosts connected to the client's wifi AP and it's 'cloaked', I
> could be missing an attack vector. I'm probably missing something so
> please let me know if I've overlooked something.
If you think an attacker who put a hidden AP in your network is going to
leave it as a dictionary word, well... have fun then. I don't think
it's a possibility that warrants the DAYS of replaying dictionary files.
It simply is not a realistic situation.
If you think you're going to brute force the SSID without a dictionary,
then you're wrong. 32 characters, nothing technically forbidden from
use in a SSID, 2^256 possibilities.
-m
--
Mike Kershaw/Dragorn <dragorn (at) kismetwireless (dot) net [email concealed]>
GPG Fingerprint: 3546 89DF 3C9D ED80 3381 A661 D7B2 8822 738B BDB1
There's too much blood in my caffeine system!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
iEYEARECAAYFAkrTnhYACgkQ17KIInOLvbHHtgCghvokjW56rYWsMpCHBOQeePxO
DjMAoLvwtgP49Y6feD7VbVHh7HN4p8dj
=KP+6
-----END PGP SIGNATURE-----
[ reply ]