Priceless.. I can only imagine what the laundry list of hacks looks like at events like DefCon and such. On Wed, 19 May 2004 14:36:53 -0700, Joseph W. Sullivan <sullivan@xxxxxxx> wrote: > > Thought the group might be interested in this. > > From: Paul Kedrosky <pkedrosky@xxxxxxxxxxx> > Date: May 16, 2004 9:21:41 AM PDT > To: dave@xxxxxxxxxx > Subject: for IP: And a Mac Sniffer in a Pear Tree ... > > The following is a laundry list of just some of the wireless network > attacks > and shenanigans that went on at this week's Networld + Interop trade > show in > Las Vegas. It is from an AirDefense press release > (http://www.airdefense.net/newsandpress/05_13_04.shtm): > > - 189 separate attacks on different devices > - 112 separate MAC spoofing attacks > - 89 Denial of Service attacks > - 42 authentication attacks, likely due to brute force attacks or > misconfigured clients > - 20 separate AirSnarf attacks > - 4 separate Hotspotter attacks > - 3 large Ad-Hoc mesh networks were re-established on day two with an > average of 10 stations connected. > - Another association was made with the Sear Service Toolbox (SST-PR-1) > and > the - network was attacked twice > - One Virtual Routing Redundancy Protocol (VRRP) attack, a routing tool > attack to redirect traffic > - 165 BlueJack attacks > - 12 Blue Snarf attacks > > > > On May 19, 2004, at 10:16 AM, j.cooper1@xxxxxxxxxxx wrote: > > > I found a network that happened to be a Hidden SSID with WEP enabled.. > > I know this was talked about recently. Anyway, after about 5 hours > > and 90k in packs I got the SSID. Though it could of been because of > > the what I will talk about next.. > > > > A strange thing happened during this time. I had the console opened > > at this time and the console showed these messages.. > > > > 2004-05-17 13:44:19.239 KisMAC[326] WARNING!!! Received a Probe flood > > from 00:0B:BE:B2:6D:77. This usually means this computer uses a cheap > > stumbler such as uStumbler, Macstumbler, or NetStumbler > > 2004-05-17 13:45:16.429 KisMAC[326] ATTENTION Received a > > De-authentication frame. You might want to check for other WiFi > > people. > > 2004-05-17 13:45:17.321 KisMAC[326] Detected WPA response for > > 0C:0B:BE:B2:6D:77 > > > > The MAC address showed up while scanning as <no ssid>, and a probe. I > > am assuming this is the wardriver, right? > > > > Does this mean KisMAC detectes attacks buy other Wardrivers? If so > > what other attacks can KisMAC detect? > > > > The last message about WPA, do anyone know what this is? > > > > one last thing.. > > > > Now to my real question.. So now I have been scanning for about 15 > > hours over three days, and have collected 350k packets 43k in data > > packets and 12k Weak IVs. > > > > I try and run every attack on it and nothing seems to work > > > > Kismac didn' show who the vender was, but ethereal did, and it > > happened to be Cisco. So I went to Ciscos web site read about there > > wireless routers. Cisco has this thing called TKIP. > > > > TKIP is: > > TKIP (Temporal Key Integrity Protocol, also known as WEP key > > hashing)-This feature defends against an attack on WEP in which the > > intruder uses the unencrypted initialization vector (IV) in encrypted > > packets to calculate the WEP key. TKIP removes the predictability that > > an intruder relies on to determine the WEP key by exploiting IVs. > > > > Could this be the reason why I can crack the WEP? You would think > > there would be no WeakIV packets if it was turned on right? Do I just > > need to collect more WeajIV packets? Any Ideas on how to get more > > info about what type of "encryption" is used or If it is standerd WEP? > > > > Jeff > > > > >