Results 1 to 6 of 6

Thread: kills associated client network performance

  1. #1
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    6

    Default kills associated client network performance

    I'm running Backtrack 2 final on my HD. I have a PROXIM ORiNOCO 802.11b/g Gold (Model: 8470-WD). I can crack my own 64 bit WEP key after about 4 hours and collecting about 300,000 IVS. Problem is while collecting the IVS the client that I deauthed is pretty much useless as far as using the internet. As soon as I stop the collection process the client is fine and can resume internet activity. Does anyone have any ideas why this is haapening? Here are the commands I am executing.

    1. airmon-ng start wifi0 "per backtrack wiki:To set monitor mode type "airmon-ng start wifi0" and then use ath1"
    2. kismet "after starting kismet a "kis" virtual device shows up in iwconfig - not sure why"
    3. airodump-ng -w bowhunter ath1
    4. aireplay-ng -0 3 -e bowhunter -a 00:16:01:27:7C:62 -c 00:06:25:4A:B1:21 ath1
    5. aireplay-ng -3 -e bowhunter -b 00:16:01:27:7C:62 -h 00:06:25:4A:B1:21 ath1
    6. aircrack-ng -a 1 -s -f 4 -n 64 -m 00:16:01:27:7C:62 bowhunter-01.cap

    Great CD by the way - Thanks, appreciate all the hard work that went into the CD!

  2. #2
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Perhaps you could answer your own question by telling us what "deauth" means.

    +1 nomination for idiots corner

  3. #3
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    6

    Default

    Maybe I am confused but I thought the "deauth" was very short and the client should not even notice it happened to them.

  4. #4
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    6

    Default

    Can someone explain what is suppose to happen when the deauth/packet injection option is executed? From the client PC perspective I thought "most people" would not notice anything happened to them. Isn't that the point - to do this in stealth mode? My client PC is hammered so much during the packet injection process it can not serf the internet. In my case that is about 4 hours to collect enough IVS "300,000" to crack the 64 bit WEP key. The commands are at the beginning of this thread. I would like to know if I am thinking wrong or if they could be executed in a more none intrusive manner.

    Thanks for the help!

  5. #5
    Member
    Join Date
    Mar 2007
    Posts
    335

    Default

    the whole point of injecting is to knock the client off the net. 10 sec of injecting is all you'l need. Tutorial here http://forums.remote-exploit.org/sho...t=1556&page=11 you want the client to be connected, then the Data will fly.

  6. #6
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    6

    Default

    The excellent forum article mentioned is where I formulated the executed commands at the beginning of this post. I understand the deauth should be very short, in my case "3" deauths issued. But for some reason when I do the packet injection and can watch the ARP count increase and the "data" count rising in airodump-ng the PC which I deauthed becomes pretty much un-useable during the entire capture process. That is what I am trying to solve.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •