Page 1 of 2

injection-immune hotspots

PostPosted: Wed Nov 29, 2006 2:12 am
by Aggabee
So I've recently "stumbled" upon a bunch of new Actiontec hotspots that seem to be completely immune to packet injection. Even with an established client they do not accept injected packets of any kind. Either they reject ARP packets without prior traffic (even on open-authentication) or they reject packets with the same IV. Its kind of wierd that they are still putting effort into securing WEP instead of just switching over to WPA.

PostPosted: Wed Nov 29, 2006 4:01 am
by streaker69
Aggabee wrote:So I've recently "stumbled" upon a bunch of new Actiontec hotspots that seem to be completely immune to packet injection. Even with an established client they do not accept injected packets of any kind. Either they reject ARP packets without prior traffic (even on open-authentication) or they reject packets with the same IV. Its kind of wierd that they are still putting effort into securing WEP instead of just switching over to WPA.


So, in other words, you've just admitted to attacking public Hotspots in a public forum frequented by LEO's and TLA's?

Way to go whackjob.

PostPosted: Wed Nov 29, 2006 4:58 am
by Monitr7
Aggabee wrote:So I've recently "stumbled" upon a bunch of new Actiontec hotspots that seem to be completely immune to packet injection.


So you say you "stumbled" upon them, eh? EEEEEH? Nudge, nudge, wink, wink, knowwhatimean, saynomore?

Aggabee wrote:Its kind of wierd that they are still putting effort into securing WEP instead of just switching over to WPA.


Kinda "weird", eh? "Weird"? Knowwhatimean? So, uh, you been messing around with it, eh? "Injecting"? Right, right, say no MORE!

PostPosted: Wed Nov 29, 2006 6:07 am
by The Others
Monitr7 wrote:So you say you "stumbled" upon them, eh? EEEEEH? Nudge, nudge, wink, wink, knowwhatimean, saynomore?

...

Kinda "weird", eh? "Weird"? Knowwhatimean? Eh? EEEEEEH? So, uh, you been messing around with it, eh? "Injecting"? Right, right, say no MORE!


Tip of the hat guvnor, say no more. Down the docks to see a man about a dog, know what I mean?

PostPosted: Wed Nov 29, 2006 6:35 am
by Monitr7
A nod's as good as a wink to a blind man, knowwhatimean, nudge, nudge, wink, wink?

Your wife; she's a goer, eh? Woah. Wooooaah!

PostPosted: Wed Nov 29, 2006 7:07 am
by The Others
Gary lager! £20 saved is £20 earned. Trouble and strife with the old bread knife, know what I mean?

PostPosted: Wed Nov 29, 2006 7:11 am
by Thorn
Well now that you two are on speaking terms again, can we expect another show? And who has custody of Tony?

PostPosted: Wed Nov 29, 2006 7:51 am
by The Others
I'm going international tomorrow, but will back next week. We could always look into an amicable agreement regarding my appearance on a show at that point. As long as there's a victi, I mean guest, of course.

As for Tony, M7 still has him. I hope...

PostPosted: Wed Nov 29, 2006 7:59 am
by Aggabee
streaker69 wrote:So, in other words, you've just admitted to attacking public Hotspots in a public forum frequented by LEO's and TLA's?


three letter acronyms?

PostPosted: Wed Nov 29, 2006 8:18 am
by brwrdrvr
Aggabee wrote:three letter acronyms?


Yea, try searching them out. Call them up and tell them what you did. See if they have an answer for you.

PostPosted: Wed Nov 29, 2006 8:19 am
by Thorn
Aggabee wrote:three letter acronyms?
[SIZE="4"]L[/SIZE]aw [SIZE="4"]E[/SIZE]nforcement [SIZE="4"]O[/SIZE]fficers and [SIZE="4"]T[/SIZE]hree [SIZE="4"]L[/SIZE]etter [SIZE="4"]A[/SIZE]]gencies. (FBI, CIA, NSA, etc.) There are a fair amount of the regulars here who qualify under one or the other classification.

You might want to read this notice.

In other words, you might want to smarten up before posting again, Bunky.

PostPosted: Wed Nov 29, 2006 8:28 am
by brwrdrvr
Thorn wrote:[SIZE="4"]L[/SIZE]aw [SIZE="4"]E[/SIZE]nforcement [SIZE="4"]O[/SIZE]fficers and [SIZE="4"]T[/SIZE]hree [SIZE="4"]L[/SIZE]etter [SIZE="4"]A[/SIZE]]gencies. (FBI, CIA, NSA, etc.) There are a fair amount of the regulars here who qualify under one or the other classification.

You might want to read this notice.

In other words, you might want to smarten up before posting again, Bunky.



I thought the OP's name was Corky?

PostPosted: Wed Nov 29, 2006 8:30 am
by Airstreamer
Hey TO --> What ever happened to that camera?

PostPosted: Wed Nov 29, 2006 8:53 am
by Aggabee
brwrdrvr wrote:Call them up and tell them what you did.


What did I do? I attempted to inject packets into a network and failed. I found out that WEP security may actually be better than it once was thought to be. And I thought that you guys, being the network security enthusiasts that you are, and considering that this entire site is DEDICATED TO WIRELESS SECURITY, might want to know. But I guess you guys are more interested in covering your own asses than learning something new.

PostPosted: Wed Nov 29, 2006 9:12 am
by Thorn
Aggabee wrote:What did I do? I attempted to inject packets into a network and failed.
It appears from what you are saying that you attempted to do this on someone else's network, which is illegal.

Feel free to correct this impression if it's wrong.

Aggabee wrote:I found out that WEP security may actually be better than it once was thought to be.
That remains to be seen. You failed at an attempt to break into a WLAN. Period.

Your failure may be due to several factors. If you where doing this on a network you owned and/or controlled, then those factors would be known. As it is, it could be several different things from your conclusion (an AP which resists packet injection) ranging to your own incompetence. As it is the factors are either unknown, or unstated by you.

Aggabee wrote: And I thought that you guys, being the network security enthusiasts that you are, and considering that this entire site is DEDICATED TO WIRELESS SECURITY, might want to know. But I guess you guys are more interested in covering your own asses than learning something new.
It isn't a question about "covering our asses", it is a question about promoting illegal activities.

We are very interested in learning about new or unknown vulnerabilities, but it has to be done properly and ethically. That means doing things under controlled conditions on WLANs that we own or at least have permission to access and experiment on. It doesn't mean going out and committing crimes as part of the experimentation.