Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: DOS Attack on WPA/WPA2 APs

  1. #1
    Member joker5bb's Avatar
    Join Date
    Feb 2010
    Posts
    166

    Default DOS Attack on WPA/WPA2 APs

    How would you perform denial of service attack on WPA/WPA2 wireless APs?

    so it will fail the Michael Test and kick all the clients that were connected to the AP

    An issue that WPA does not fix yet is potential denial of service (DoS) attacks. If someone, such as a hacker or disgruntled employee, sends at least two packets each second using an incorrect encryption key, then the access point will kill all user connections for one minute. This is a defense mechanism meant to thwart unauthorized access to the protected side of the network.
    how would i send at least two packets each second using an incorrect encryption key?

    is there a tool to do this?
    Last edited by joker5bb; 04-08-2010 at 06:03 PM.

  2. #2
    Member joker5bb's Avatar
    Join Date
    Feb 2010
    Posts
    166

    Default Re: DOS Attack on WPA/WPA2 APs

    # DoS attack through MIC failures

    * Intercept a packet with valid TSC (possible)
    * Modify packet and corresponding values of FCS, ICV (easy)
    * Send modified packet twice in one minute (easy)

    any idea?

  3. #3
    Member CKing's Avatar
    Join Date
    Mar 2010
    Location
    downtown, riverfront
    Posts
    83

    Default Re: DOS Attack on WPA/WPA2 APs

    airdrop or aireplay?

  4. #4
    Member MosGuy's Avatar
    Join Date
    Jan 2010
    Location
    Ontario, Canada
    Posts
    120

    Default Re: DOS Attack on WPA/WPA2 APs

    There is at least one tool in BT that's capable of performing a DoS against AP's. Why you'd want to DoS your own AP is beyond me. I would search Google, the answer is out there to find.

  5. #5
    Member joker5bb's Avatar
    Join Date
    Feb 2010
    Posts
    166

    Default Re: DOS Attack on WPA/WPA2 APs

    no there is no answer anywhere

  6. #6
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default Re: DOS Attack on WPA/WPA2 APs

    Quote Originally Posted by joker5bb View Post
    no there is no answer anywhere
    Yes there is.

    I should warn you (and anyone else who comes into this thread) that DoS is very very rarely appropriate for a pentest. We've had many discussions on the subject before and, whilst I can't speak for the leaders of this community, I can fairly safely point out that it looks a bit suspect that you are looking into this.

    But for the sake of completeness, a very vague hint: differential cloning.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  7. #7
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: DOS Attack on WPA/WPA2 APs

    Quote Originally Posted by Gitsnik View Post
    I should warn you (and anyone else who comes into this thread) that DoS is very very rarely appropriate for a pentest.
    Agreed. DOS attacks are usually specifically excluded from most boilerplate pentest testing plans.

    Quote Originally Posted by Gitsnik View Post
    We've had many discussions on the subject before and, whilst I can't speak for the leaders of this community, I can fairly safely point out that it looks a bit suspect that you are looking into this.
    Yes it does. Are you intending to DOS someone OP?
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  8. #8
    Member joker5bb's Avatar
    Join Date
    Feb 2010
    Posts
    166

    Default Re: DOS Attack on WPA/WPA2 APs

    its for a social engineering attack

  9. #9
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default Re: DOS Attack on WPA/WPA2 APs

    Quote Originally Posted by joker5bb View Post
    its for a social engineering attack
    I'm going to include these here because it bears repeating (yes I am aware they were PM'd to me)
    im just doing it for pentesting, its only a DoS attack anyway, it would not cause much damage anyway
    Any attack has the potential to do damage, a Denial of Service is one of the worst. If you want a good idea of why I and we say this, have a google for streaker69's comments on SCADA systems. I've contributed to those threads, as has Thorin and lupin, among many other members. DoS attacks are dangerous - if you DoS'd a wireless router near my house you would be taking down a solar-power system which has the potential to generate the wrong values and overload the system (poor design I know). I've seen similar systems with wine vats, car plants and similar.
    there is worse things you could do with backtrack, and how-to is there
    I can give you a knife and you can use it to cut vegetables just as easily as a person - that doesn't make the knife inherently dangerous (well it does because it is sharp, but with the proper care...). However if I gave you a thermo-nuclear weapon...

    That's why there are tools like hydra and aireplay available to us - as pentesters we can use them safely with the proper instruction. There is no "safe" way to deploy a nuke, so there is no nuke included.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  10. #10
    Member MosGuy's Avatar
    Join Date
    Jan 2010
    Location
    Ontario, Canada
    Posts
    120

    Default Re: DOS Attack on WPA/WPA2 APs

    im just doing it for pentesting, its only a DoS attack anyway, it would not cause much damage anyway
    I find this interesting since you're inquiring about DoS attacks. Also in the past you've asked on three separate security related forums wanting tips/help on how to crack WPS. Which tends to come across like you can't find answers yourself and need spoon feeding. I haven't heard of any pen-tester remotely taking that attitude with regards to a DoS. They all certainly know the danger and risks. I suspect "pentesting" was the wrong choice of words.

Page 1 of 2 12 LastLast

Similar Threads

  1. WPA/WPA2 attack
    By Sniffing4Prison in forum OLD Newbie Area
    Replies: 1
    Last Post: 02-28-2010, 11:29 AM
  2. WPA2 getting no where
    By rachetstrap in forum OLD Newbie Area
    Replies: 2
    Last Post: 11-23-2009, 02:19 AM
  3. WPA/WPA2 on BT3?
    By eran88 in forum OLD Newbie Area
    Replies: 6
    Last Post: 11-13-2009, 09:10 AM
  4. using BT3 WPA2 help
    By Rifts in forum OLD Newbie Area
    Replies: 1
    Last Post: 06-20-2009, 09:29 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •