DOS Attack on WPA/WPA2 APs

[joker5bb]

How would you perform denial of service attack on WPA/WPA2 wireless APs?

so it will fail the Michael Test and kick all the clients that were connected to the AP

An issue that WPA does not fix yet is potential denial of service (DoS) attacks. If someone, such as a hacker or disgruntled employee, sends at least two packets each second using an incorrect encryption key, then the access point will kill all user connections for one minute. This is a defense mechanism meant to thwart unauthorized access to the protected side of the network.

how would i send at least two packets each second using an incorrect encryption key?

is there a tool to do this?

[joker5bb]

# DoS attack through MIC failures

* Intercept a packet with valid TSC (possible)
* Modify packet and corresponding values of FCS, ICV (easy)
* Send modified packet twice in one minute (easy)

any idea?

[CKing]

airdrop or aireplay?

[MosGuy]

There is at least one tool in BT that's capable of performing a DoS against AP's. Why you'd want to DoS your own AP is beyond me. I would search Google, the answer is out there to find.

[joker5bb]

no there is no answer anywhere

[Gitsnik]

no there is no answer anywhere

Yes there is.

I should warn you (and anyone else who comes into this thread) that DoS is very very rarely appropriate for a pentest. We've had many discussions on the subject before and, whilst I can't speak for the leaders of this community, I can fairly safely point out that it looks a bit suspect that you are looking into this.

But for the sake of completeness, a very vague hint: differential cloning.

[lupin]

I should warn you (and anyone else who comes into this thread) that DoS is very very rarely appropriate for a pentest.

Agreed. DOS attacks are usually specifically excluded from most boilerplate pentest testing plans.

We've had many discussions on the subject before and, whilst I can't speak for the leaders of this community, I can fairly safely point out that it looks a bit suspect that you are looking into this.

Yes it does. Are you intending to DOS someone OP?

[joker5bb]

its for a social engineering attack

[Gitsnik]

its for a social engineering attack

I'm going to include these here because it bears repeating (yes I am aware they were PM'd to me)

im just doing it for pentesting, its only a DoS attack anyway, it would not cause much damage anyway

Any attack has the potential to do damage, a Denial of Service is one of the worst. If you want a good idea of why I and we say this, have a google for streaker69's comments on SCADA systems. I've contributed to those threads, as has Thorin and lupin, among many other members. DoS attacks are dangerous - if you DoS'd a wireless router near my house you would be taking down a solar-power system which has the potential to generate the wrong values and overload the system (poor design I know). I've seen similar systems with wine vats, car plants and similar.

there is worse things you could do with backtrack, and how-to is there

I can give you a knife and you can use it to cut vegetables just as easily as a person - that doesn't make the knife inherently dangerous (well it does because it is sharp, but with the proper care...). However if I gave you a thermo-nuclear weapon...

That's why there are tools like hydra and aireplay available to us - as pentesters we can use them safely with the proper instruction. There is no "safe" way to deploy a nuke, so there is no nuke included.

[MosGuy]

im just doing it for pentesting, its only a DoS attack anyway, it would not cause much damage anyway

I find this interesting since you're inquiring about DoS attacks. Also in the past you've asked on three separate security related forums wanting tips/help on how to crack WPS. Which tends to come across like you can't find answers yourself and need spoon feeding. I haven't heard of any pen-tester remotely taking that attitude with regards to a DoS. They all certainly know the danger and risks. I suspect "pentesting" was the wrong choice of words.