1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
MDK4 TODO List
Support both 2.4 to 5 GHz
Change the frequency hopping mechanism
Sniffing beacon frames sent by APs nearby, collect exists channels to hop.
802.11 packets replay
A friendly console interface
MDK3 TODO List
* Write complete docs
* Update manpage
802.11 allows you to fragment each packet into as many as 16 pieces. It would be nice if we could use fragmentated packets in every attack.
if you want to make the WIDS vendors hate you, also match the sequence numbers of the victims
* Done for TKIP QoS reinjection
* NOT done for deauth
* NOT done for eapol Logoff
Ad-hoc compatibility?
* Works for Probing
* Deauth should work (untested)
* AuthDos untested (does this even work?)
-> do STA flooding instead
Intelligent AuthDOS with Shared Key Auth
SSID Bruteforce: Read Wordlist from stdin
CTS control frame flooding
* Fuzzing mode modifying incoming packets or creating random ones
* Beacon Flooding should also have an options to send probe requests and responses (unicast + broadcast probes) to annoy IDS ;)
* Match Sequence Numbers for all attacks that impersonate somebody (like, almost all attacks do) for MAXIMUM WIDS PAIN!
EAP attacks:
802.1X EAP-Failure
Observing a valid 802.1X EAP exchange, and then sending the station a forged EAP-Failure message.
802.1X EAP-of-Death
Sending a malformed 802.1X EAP Identity response known to cause some APs to crash.
802.1X EAP Length Attacks
Sending EAP type-specific messages with bad length fields to try to crash an AP or RADIUS server.
Above table was taken from
http://searchsecurity.techtarget.com/general/0,295582,sid14_gci1167611,00.html?track=wsland
|
