Wireless Security
Dictionary based AP probes Oct 11 2009 09:54PM
Rob Fuller (jd mubix gmail com) (3 replies)
Re: Dictionary based AP probes Oct 12 2009 02:40PM
Jon Janego (jonjanego gmail com) (1 replies)
Re: Dictionary based AP probes Oct 12 2009 05:29PM
Rob Fuller (jd mubix gmail com) (2 replies)
Re: Dictionary based AP probes Oct 12 2009 10:43PM
Carl Vincent (carl vincent hypermediasystems com)
Re: Dictionary based AP probes Oct 12 2009 09:22PM
Mike Kershaw (dragorn kismetwireless net) (1 replies)
On Mon, Oct 12, 2009 at 01:29:52PM -0400, Rob Fuller wrote:
> Thanks everyone who has responded, I will definitely be checking out
> MDK3 in the not so distant future. I do have one question though, a
> bunch of you have said that doing this isn't really useful or
> practical. I'm wondering why? If I'm doing a PenTest when there isn't
> any hosts connected to the client's wifi AP and it's 'cloaked', I
> could be missing an attack vector. I'm probably missing something so
> please let me know if I've overlooked something.

If you think an attacker who put a hidden AP in your network is going to
leave it as a dictionary word, well... have fun then. I don't think
it's a possibility that warrants the DAYS of replaying dictionary files.
It simply is not a realistic situation.

If you think you're going to brute force the SSID without a dictionary,
then you're wrong. 32 characters, nothing technically forbidden from
use in a SSID, 2^256 possibilities.

-m

--
Mike Kershaw/Dragorn <dragorn (at) kismetwireless (dot) net [email concealed]>
GPG Fingerprint: 3546 89DF 3C9D ED80 3381 A661 D7B2 8822 738B BDB1

There's too much blood in my caffeine system!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)

iEYEARECAAYFAkrTnhYACgkQ17KIInOLvbHHtgCghvokjW56rYWsMpCHBOQeePxO
DjMAoLvwtgP49Y6feD7VbVHh7HN4p8dj
=KP+6
-----END PGP SIGNATURE-----

[ reply ]
Re: Dictionary based AP probes Oct 12 2009 10:38PM
Rob Fuller (jd mubix gmail com)
Re: Dictionary based AP probes Oct 12 2009 08:10AM
Robin Wood (dninja gmail com) (1 replies)
Re: Dictionary based AP probes Oct 12 2009 02:34PM
Joshua Wright (jwright hasborg com)
Re: Dictionary based AP probes Oct 12 2009 04:37AM
Mike Kershaw (dragorn kismetwireless net)


 

Privacy Statement
Copyright 2010, SecurityFocus