Quote:
|
Originally Posted by KoreK
In the dumps and chopchop output, did you notice any difference between associated attack and non associated attack?
. in chopchop output, "number of frame written" is greater, or above 256.
. in the dumps, excessive retransmission, or the retry flag is set on some frame.
. average time inbetween two chopchop packets
. the way the ap is responding
. Or anything else...
|
Sorry for the delay, had some work to do...
There are some differences between the 2 types of attack.
- Number of frames written is mainly under 100, some are between 100 and 200, and anly a few (about 10 packets) are 260-263 in both attacks
- time vary between <1ms and 10ms (from what I see in the sniffer)
- unassociated attack took 1min16sec, associated attack took 1min26sec
- # of packets sent in unassociated attack is: ~2.7 million
- # of packets sent in associated attack is: ~2.3 million
- ap responds mainly with deauth packets in unassociated attack, no deauth in associated attack.
- ap respond with an ACK to every wrong encrypted packet!?
- noticed servere multicast storms in associated attack
Input file was the DHCP packet mentioned in my last post.
Done with a P3 700MHz, 256MB and Debian Linux with kernel 2.4.25.
cheers