Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: Defending against WPS attacks

  1. #11
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default Re: Defending against WPS attacks

    Quote Originally Posted by ternarybit View Post
    thanks for the input. I did mention disabling WPS is the obvious solution in my OP, I was just curious if there was anything else available to a defender, assuming their router cannot disable WPS (which is the case with a surprising number, sadly).
    IDK if kismet supports running a command when it detects a WPS bruteforce attack, but if it does, it should be easy to make it run airdrop-ng against the attacker's MAC address, or even running a script that connects through telnet/ssh to the AP and adds the attacker's MAC address to the disallowed MAC addresses list.

  2. #12
    Senior Member
    Join Date
    Jul 2009
    Posts
    135

    Default Re: Defending against WPS attacks

    Here's an idea. I'm not that experienced with kismet but if you can have it log to syslog or a file, you can use a tool like swatch to continuously "tail" a file looking for certain data. When it gets a hit or detects some strings/data common to wps attak, swatch can be programmed to do something/run some program or script. This script can parse the log file, obtain the offending mac address, and send some death-packets or add the mac address to a blacklist. Just an example.

  3. #13
    Junior Member
    Join Date
    Jun 2012
    Posts
    42

    Default Re: Defending against WPS attacks

    Quote Originally Posted by thad0ctor View Post
    you could always try flashing a router to DD-WRT firmware which could allow you to then toggle on and off WPS
    This is only partially correct, as DD-WRT will disable WPS on supported routers, but one cannot toggle it on and off because DD-WRT does not support WPS. DD-WRT uses the WPS button to optionally enable/disable the Wi-Fi radio or run specified scripts.

    I think my original inquiry has been misunderstood.

    I understand that the proper way to prevent WPS attacks is to disable it. My original question was if it's possible to defend against an attack in progress without taking the vulnerable AP offline, perhaps through DoS of the attacking machine. It sounds like this is not possible, and the only practical way of defending against WPS attacks is to either disable WPS fully or take the AP offline.

  4. #14
    Junior Member
    Join Date
    Jun 2012
    Posts
    42

    Default Re: Defending against WPS attacks

    Interesting thoughts, Snayler and aerokid240. I'm fairly certain these tactics are possible, even if somewhat impractical. Still, its an interesting concept. Thanks for the input!

  5. #15
    Just burned his ISO
    Join Date
    Sep 2012
    Posts
    1

    Default Re: Defending against WPS attacks

    Quote Originally Posted by strakar View Post
    Well from my point of view, when you start a WPS Attack you usually associate with the AP, what if you use MAC Filtering? I know that its not a strong protection but you can give a lot more trouble to the attacker for him to wait for a legit MAC. Just an idea though
    I don't think this is a good idea, because, all you have to do is sniff the target network and record all MACs. Than, you just change you network driver MAC with one that you recorded before. An example:

    airmon-ng start wlan0 #monitor mode
    airodump-ng mon0 #see all network/traffic aroud you. Chose one and use the channel and bssid in the next command
    airodump-ng -c CHANNELNUMBER --bssid MAC mon0 #now you're sniffing every computer in that network. Save all MAC addresses working in that network. Wait for one goes down. Than...

    ifconfig wlan0 down
    macchanger -m MACVICTIM
    ifconfig wlan0 up

    Now you just connect in that wifi.

  6. #16
    Just burned his ISO
    Join Date
    Aug 2012
    Location
    New Zealand
    Posts
    1

    Default Re: Defending against WPS attacks

    It is well told.

Page 2 of 2 FirstFirst 12

Similar Threads

  1. Book like "The Database Hacker's Handbook: Defending Database Servers"
    By -=Renegade=- in forum OLD General IT Discussion
    Replies: 3
    Last Post: 01-01-2010, 04:18 AM
  2. smtp attacks
    By imported_UG_Cyber in forum OLD Newbie Area
    Replies: 8
    Last Post: 11-13-2008, 04:27 PM
  3. Defending against aireplay-ng deauthentication
    By imported_Deathray in forum OLD General IT Discussion
    Replies: 12
    Last Post: 10-25-2008, 04:50 AM
  4. Is it possible to use MITM attacks on 802.1x?
    By Lord MuffloN in forum OLD Wireless
    Replies: 2
    Last Post: 10-06-2008, 12:04 PM
  5. WPA EAP attacks
    By Andy90 in forum OLD General IT Discussion
    Replies: 1
    Last Post: 02-27-2008, 10:55 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •