). While the MAC address as assigned by the manufacturer is printed on the device, the address can be changed in software.
ifconfigor a similar configuration tool. Other hosts, as well as X, will discover (through ARP, for example) that there are two machines with the same IP address.
libdnet(libdnet. sourceforge.net/) and
config.imgvia TFTP, an attacker receives the binary image of the AP configuration. The image includes the administrator’s password required by the HTTP user interface, the WEP encryption keys, MAC address, and SSID. Yet another AP returns the WEP keys, MAC filter list, administrator’s password when sent a UDP packet to port 27155 containing the string “
monkey_jackthat automates the MITM attack. This is programmed well so that the odds of it winning in the race condition mentioned above are improved.
monkey_jackthat automates the MITM attack.
Wlan_jackis a DoS tool that accepts a target source and BSSID to send continuous deauthenticate frames to a single client or an entire network (broadcast address).
Essid_jacksends a disassociate frame to a target client in order to force the client to reassociate with the network, thereby giving up the network SSID.
- AirSnort (www.airsnort.shmoo.com ) can break WEP by passively monitoring transmissions and computing the encryption key when enough packets have been gathered.
- Ethereal (www.ethereal.com ) is a LAN analyzer, including wireless. One can interactively browse the capture data, viewing summary and detail information for all observed wireless traffic.
- FakeAP (ww.blackalchemy.to/project/fakeap) can generate thousands of counterfeit 802.11b access points.
- HostAP (www.hostap.epitest.fi) converts a station that is based on Intersil's Prism2/2.5/3 chipset to function as an access point.
- Kismet (www.kismetwireless.net) is a wireless sniffer and monitor. It passively monitors wireless traffic and dissects frames to identify SSIDs, MAC addresses, channels and connection speeds.
- Netstumbler (www.netstumbler.com) is a wireless access point identifier running on Windows. It listens for SSIDs and sends beacons as probes searching for access points.
- Prismstumbler (prismstumbler.sourceforge.net/) can find wireless networks. It constantly switches channels and monitors frames received.
- The Hacker’s Choice organization (www.thc.org) has LEAP Cracker Tool suite that contains tools to break Cisco LEAP. It also has tools for spoofing authentication challenge-packets from an AP. The WarDrive is a tool for mapping a city for wireless networks with a GPS device.
- StumbVerter (www.sonar-security.com/sv.html) is a tool that reads NetStumbler's collected data files and presents street maps showing the logged WAPs as icons, whose color and shape indicating WEP mode and signal strength.
- Wellenreiter (http://www.wellenreiter.net/) is a WLAN discovery tool. It uses brute force to identify low traffic access points while hiding the real MAC address of the card it uses. It is integrated with GPS.
- WEPcrack (www.wepcrack.sourceforge.net) cracks 802.11 WEP encryption keys using weaknesses of RC4 key scheduling.