fragmentation attack miscellaneous enhancements

[darkAudax]

 Wep0ff has some interesting features that would be of value ported to aireplay-ng. Especially for targetting client workstations

It attempts to use some IPv6 traffic to get packets relayed. I have just started some research into this area. However, it may hold promise as another class of traffic that can be used to obtain a xor file.

One very interest technique is arp scanning a range of IPs to determine the actual IP of the client. It is extremely fast to scan a 169.254.0.0 "B" class. 169.254.0.0 is the default IP assignment range used by WinXP when there is no DHCP response. A great enhancement for aireplay-ng would be to build in the ability to scan networks you specify. The parameter would be IP/CIDR.

As an aside, they pick up double the PRAGA from an initial ARP packet.

d.

[hirte]

interesting material. unfortunately i don't understand russian, but i definately do understand c. :)

simulating an AP for every probed network is already implemeted in a different software packet.

But i like the idea of setting up a fake AP for a probed network and cracking a wep key for a network without being anywhere near the real AP and communicating with the client over this fake AP.

i also thought about a tool that determines if dhcp is set up, the ip range, subnet mask, router mac/ip, dns mac/ip and ips of all the associated clients only giving the bssid and a valid keystream.

Like this enumeration function, the fake AP one could be a standalone tool, so aireplay won't be used for everything.

[anonymous]

freshmeat.net/projects/netdiscover/

nixgeneration.com/~jaime/netdiscover/