Thursday, June 22, 2006

Wireless notes

The following is mostly for my benefit...

I cleaning out various pieces of luggage, I discovered some of my notes from this year's ShmooCon, specifically the Wi-Fi Trickery lecture. Here's some disjointed notes:

  • raw injection can corrupt a WIDS
  • FakeAP is only effective against novice wardrivers (as a defense) and WIDS (inserts bad or junk info into the database)
  • FakeAP can be detected by looking at timestamps (usually too low), sequence numbers (often reset or too low), and other misbehaving parameters.
  • A good number of frames are not normally analyzed by WIDS (e.g., ACK frames), thereby allowing for the existance of covert channels

The tools/topics discussed in the lecture included: Enhanced FakeAP, GlueAP, MitM attacks and covert channels.