lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5c41be6e0704060840q36026378o607e0b062631d40c@mail.gmail.com>
Date: Fri, 6 Apr 2007 11:40:45 -0400
From: "kevin horvath" <kevin.horvath@...il.com>
To: "Michael Holstein" <michael.holstein@...ohio.edu>
Cc: Code Breaker <cbreaker@...il.com>, full-disclosure@...ts.grok.org.uk
Subject: Re: Question Regarding Wireless Frames

> Recently i come to know about a network where becon frames where
> blocked.
Do you mean not beaconing the SSID as mentioned by Michael or do you mean
they being blocked by a wireless IDS?

With the limited knowledge about this stuff i am wondering is
> there any other kind of frames from which we can identify the
> accesspoint over a wirless network?

Well if its just not beaconing with the SSID (aka no ssid broadcasting) then
follow Michaels steps or just do a tcpdump or use wireshark to filter the
frames  and look into the frame control.  If its due to a Wirless IDS you
should still be able to see some traffic but you will probably see alot of
deauths also if its trying to prevent rogues.

> Thanks for any help.
your welcome.

As for Michaels comment
>The only bummer is you can't change *your*
>mac with ifconfig like you can with other cards.

Sure you can.  You have to do it on the primary wifi0 and not a vap (athx).
shut it first, then change it (ifconfig or tool such as macchanger), then
bring it back up.

hope this helps.

Kevin

On 4/6/07, Michael Holstein <michael.holstein@...ohio.edu> wrote:
>
> You mean SSID not broadcast?
>
> Look for the client's network-specific probe request. Kismet (and
> others) do this automagically. Windows quite helpfully issues probe
> requests for *all* the networks it has past associations for.
>
> You can also use aircrack-ng to force-deauth a client and just watch for
> them to reauth, since the mac-layer stuff isn't encrypted.
>
> IMHO, the Atheros chipsets work best for this sort of stuff. Get the
> patches to allow raw frames from aircrack's website
> (aircrack-ng.org/patches). The only bummer is you can't change *your*
> mac with ifconfig like you can with other cards.
>
> ~Mike.
>
> Code Breaker wrote:
> > Hi All,
> >
> > Recently i come to know about a network where becon frames where
> > blocked.With the limited knowledge about this stuff i am wondering is
> > there any other kind of frames from which we can identify the
> > accesspoint over a wirless network?
> > Thanks for any help.
> >
> > --
> > _code
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ