Forum

Challenge of the week!

4 posts by 3 authors in: Forums > CWDP & CWAP - Enterprise Wi-Fi Design & Analysis
Last Post: June 6, 2006:
  • By Devinator
    Reply

    Have a client connect to an AP. Use whatever security mechanism you like.

    Install CommView for WiFi on a laptop, capture a beacon from the AP, save it as a template, and then use CommView for WiFi's frame generator tool to customize the beacon to have channel 0 and the same SSID and BSSID of the legitimate AP. Transmit the beacon every 102.4 milliseconds (to simulate a real AP).

    See what happens to the client. Please explain what happened here on the forum.

    thanks!

    Devinator

  • By ben_miller
    Reply

    Sounds like a Beacon poisoning attack. I remember reading about this a few months ago as one of the DoS attacks that will be prevented with 802.11w protected management frames.

  • By Criss_Hyde
    Reply

    Hi Devin:

    What is channel zero?

    Is the fake beacon stream transmitted on the same channel as the original?

    Thanks. /criss

  • By Devinator
    Reply

    Yes, the fake beacon is a replica of the original with a different channel number.

    Here's more info:

    http://www.wirelessve.org/entries/show/WVE-2006-0050

    Yes, the spoofed beacons are transmitted on the same channel as the real beacons.

Page 1 of 1
  • 1