I cleaning out various pieces of luggage, I discovered some of my notes from this year's ShmooCon, specifically the Wi-Fi Trickery lecture. Here's some disjointed notes:
- raw injection can corrupt a WIDS
- FakeAP is only effective against novice wardrivers (as a defense) and WIDS (inserts bad or junk info into the database)
- FakeAP can be detected by looking at timestamps (usually too low), sequence numbers (often reset or too low), and other misbehaving parameters.
- A good number of frames are not normally analyzed by WIDS (e.g., ACK frames), thereby allowing for the existance of covert channels
The tools/topics discussed in the lecture included: Enhanced FakeAP, GlueAP, MitM attacks and covert channels.