Protected WLAN
Marko Vojinovic
vvmarko at gmail.com
Sun May 22 05:48:14 UTC 2011
On Sunday 22 May 2011 04:57:42 JD wrote:
> On 05/21/11 20:05, Mikkel L. Ellertson wrote:
> > On 05/21/2011 09:22 PM, JD wrote:
> >> On routers using MAC filtering,
> >> How quickly do the crackers guess a correct MAC address
> >> and connect (assuming they somehow got your passphrase)?
> >
> > They do not usually guess. The use a program that monitors the
> > traffic, and captures the MAC address of any system that connects to
> > the router. They then use one of these to connect.
>
> So, the initial connection request goes in the clear!
> Now that's security!! :)
AFAIK, the MAC addresses of access point and its clients are never encrypted.
Meaning, it's not just initial connection request that goes in the clear, it's
*entire* communication between a client and an AP that has world-visible MAC
addresses of both. Every packet.
So you may catch a MAC address of a client which has initiated the connection
yesterday when you were not around, if it is still connected. :-)
You can try it yourself, to see what's going on in the wifi world around you:
1) yum install aircrack-ng
2) open a terminal, become root
3) use airmon-ng to put your wireless hardware into promiscuous mode
4) use airodump-ng to start looking at the wifi trafic around you
5) read both AP and clients MAC addresses on your screen, dynamically
You may wish to read man pages for airmon-ng and airodump-ng to learn the
details. ;-)
Best, :-)
Marko
More information about the users
mailing list