[ Milos Stojanovic @ 28.11.2004. 23:31 ] @
| (Originalni text) Citat: Problem: Association and disassociation frames sent as clear text, without authentication. Simple to spoof disassociation attacks. This is considered to be less effective than a deauthentication attack as recovery from disassociation requires the client to only reassociate with an access point it is already authenticated to. Mitigation: Authentication (cryptographic signing) of management frames (including disassociation frames) limits the authority of the source of those frames. In other words, only the specific client and the access point would be able to disassociate the client. (Note: this protection not currently part of standard implementations. Requires modification of firmware and/or use of third party software.) Za ovaj napad je dovoljno neprestano slati određene layer2 pakete APu i onemogućiti korisniku (korisnicima) da se zakači (zakače) na node. Kako se zaštititi od ovoga? Ovde kaže "requires modification of firmware and/or use of third party software". To znači da jednostavno neki APovi mogu da se zaštite od ovoga a drugi ne, ili je samo potreban neki dodatan software? Ne verujem da samo software može da pomogne. Vaše mišljenje/rešenje? Na sreću, koliko sam ja mogao da vidim, postoje disassociate attackeri samo za *nix, tako da gomila script kiddiesa sa Windowsom neće moći sa ovim da se igra. |