nexmon – Blame information for rev 1
?pathlinks?
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 1 | office | 1 | MDK3 TODO List |
| 2 | |||
| 3 | * Write complete docs |
||
| 4 | * Update manpage |
||
| 5 | |||
| 6 | 802.11 allows you to fragment each packet into as many as 16 pieces. It would be nice if we could use fragmentated packets in every attack. |
||
| 7 | if you want to make the WIDS vendors hate you, also match the sequence numbers of the victims |
||
| 8 | * Done for TKIP QoS reinjection |
||
| 9 | * NOT done for deauth |
||
| 10 | * NOT done for eapol Logoff |
||
| 11 | Ad-hoc compatibility? |
||
| 12 | * Works for Probing |
||
| 13 | * Deauth should work (untested) |
||
| 14 | * AuthDos untested (does this even work?) |
||
| 15 | -> do STA flooding instead |
||
| 16 | Intelligent AuthDOS with Shared Key Auth |
||
| 17 | SSID Bruteforce: Read Wordlist from stdin |
||
| 18 | CTS control frame flooding |
||
| 19 | |||
| 20 | * Fuzzing mode modifying incoming packets or creating random ones |
||
| 21 | |||
| 22 | * Beacon Flooding should also have an options to send probe requests and responses (unicast + broadcast probes) to annoy IDS ;) |
||
| 23 | |||
| 24 | * Match Sequence Numbers for all attacks that impersonate somebody (like, almost all attacks do) for MAXIMUM WIDS PAIN! |
||
| 25 | |||
| 26 | EAP attacks: |
||
| 27 | |||
| 28 | 802.1X EAP-Failure |
||
| 29 | Observing a valid 802.1X EAP exchange, and then sending the station a forged EAP-Failure message. |
||
| 30 | |||
| 31 | 802.1X EAP-of-Death |
||
| 32 | Sending a malformed 802.1X EAP Identity response known to cause some APs to crash. |
||
| 33 | |||
| 34 | 802.1X EAP Length Attacks |
||
| 35 | Sending EAP type-specific messages with bad length fields to try to crash an AP or RADIUS server. |
||
| 36 | |||
| 37 | Above table was taken from |
||
| 38 | http://searchsecurity.techtarget.com/general/0,295582,sid14_gci1167611,00.html?track=wsland |