A Question about Fake Authentication

[jasontschk]

Is it possible to do Fake Authentication to my AP which has turned on MAC filtering?
Or have other possible ways to crack my WEP key with no clients other than turns off the filter?

Thanks

[brtw2003]

do a forum search first!

fake_authentication [Aircrack-ng]

scroll down to 'MAC access controls enabled on the AP'...

Or read through dozens of threads within this and in the old backtrack forum!

Good start: http://www.backtrack-linux.org/forum...ve-looked.html
or
http://www.exploit-db.com/papers/296 <<<scroll down to: 'Bypass Mac Filtering'

/brtw2003

[M1ck3y]

Yes you can if you already know the mac address of a legitimate station. If not, your only way is to try a mac bruteforce with Mdk3 for example, but the result of this attack is very unsure as there are many mac addresses to test and it will be very very long.

Use Airodump to sniff the network until a station comes up, this is the best way.

[Snayler]

Use Airodump to sniff the network until a station comes up, this is the best way.

Actually, this isn't the best way, because if you're waiting for someone to connect to the network, it means that the network isn't yours... Right?

[xX_Spiidey_Xx]

*ding ding* for Snayler, our winner.

spoof _your own_ mac addys connected to _your_ network. if you don't know _your_ mac addresses, or don't know how to get _your_ mac addresses, do some reading here for windoze or here for unix/linux.

and don't cry to me that the link is for win98, it's all the same right up to *at least* vista.

[Charles]

The windows version of "ipconfig /all" works in all versions of Windows.

[M1ck3y]

Actually, this isn't the best way, because if you're waiting for someone to connect to the network, it means that the network isn't yours... Right?

My answer was for that:

Is it possible to do Fake Authentication to my AP which has turned on MAC filtering?
Or have other possible ways to crack my WEP key with no clients other than turns off the filter?

So of course he knows if there is mac filtering enabled or not, and if so he also knows the mac address of a valid client because he's talking about his own network. So when I told him this is the best way, this was meant to make him understand that trying to bruteforce his own mac filtered access point will be very hard to do. There is no reason to search for illegal activity since he's talking about his own network from the beginning, and be sure I won't give any advice that would help people to get into a network which is not theirs.