Hi, I have a lot of routers now at the Labs from donations/family/friends/etc.. and found that some of them aren't vulnerable to the general WEP attack with the aircrack-ng suite. The Cisco routers are, and I can Fake Authenticate, and wait for the ARP call from the router. Onece i get it I inject fine. But, I have a few netgear and some others that After I successfully Authenticate and Associate, nothing happens. The router doesn't send a single ARP.
After a while Airodump-ng shows me (STATION) disappear and I have to reauthenticate (which works well).. any ideas on how to generate the ARP? (This is a clientless attack btw) (and I can physically generate it by unplugging a wired machine from the switch and plugging it back in after a second or two, or simply doing a dhclient call from another Ubuntu machine, but I was wondering is there a way to do it without physical access? or is that not possible? - thanks guys - Trev.