RSS

WiFi Exploitation

13 Nov

I. De-authentication frames
1) Read about the elements of a de-authentication frame and provide a graphic
depicting the contents of a de-authentication frame. Make sure to provide the bit details
for the frame control bits.
2) An attack may require de-authentication in order to capture the handshake during
reauthentication. Explain which parts of the frame you would get from sniffing and which
parts you would be able to construct based on an understanding the specification.
3) In two or three sentences, discuss the payload of the de-authentication frame.
II. WEP
Assume you have started a sniffer and captured some unencrypted WEP management
frames: the plaintext challenge from the Access Point, and the response from the
Station to the Access Point
1. Write a paragraph explaining how you could recover the key stream (not the key)
2. Write a paragraph explaining how you can use the recovered key stream to generate
an
availability attack (One of the WEP weaknesses is important). There are many possible
DoS
attacks, e.g. syn floods, but you must figure out how to use the captured keystream.
3. It isn’t an availability attack if you just do it once! Write a paragraph describing what
you
need to do to continue to maintain the attack on the Access Point? You should mention
the MAC and the IV.
4. Write a short paragraph explaining why your attack is better than requesting access
from
the AP and just sending a random string of bits or reusing a legitimate syn frame?

 
Leave a comment

Posted by on November 13, 2016 in academic writing

 

Tags: , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: