• Hi all,

    I'm trying to test and demonstrate some wifi attacks. I was able to run the below attacks using tools in Backtrack / Kali Linux.

    - AP Flood Attack
    - ChopChop Attack
    - AP Impersonation
    - AP Spoofing
    - Deauth Broadcast

    But I have more in my list. Could someone help me to find the proper tools / methods to run all the below attacks:

    802.11n 40MHz Intolerance
    AP Flood Attack
    Block ACK DoS Attack
    ChopChop Attack
    Client Flood Attack
    CTS Rate Anomaly
    Disconnect Station Attack
    EAP Rate Anomaly
    FATA-Jack Attack
    Invalid Address Combination
    Malformed Frame - Assoc Request
    Malformed Frame - Auth
    Malformed Frame - HT IE
    Malformed Frame - Large Duration
    Omerta Attack
    Overflow EAPOL Key
    Overflow IE
    Power Save DoS Attack
    Rate Anomalies
    RTS Rate Anomaly
    TKIP replay Attack
    AP Impersonation
    AP Spoofing
    Beacon Wrong Channel
    Hotspotter Attack


  • Rajaguru,

    Personally I am just curious which Enterprise WIDS / WIPS system are you testing?

    (We show these tools mentioned below in Globeron CWSP instructor led classes)

    As long as these wireless tools are used the proper way:

    • In compliance with the law in your country
    •       See video:
    • Become a Certified Wireless Security Professional (CWSP)
    • Become a Globeron WhiteCap, I run regularly Wireless Security training classes
    •       or you can do our version
    • Use the tools to test WIDS or WIPS features (in APs, Controllers), but are not really WIPS systems (just a tick in the box for tender compliance)
    • or better are Enterprise WIPS systems which have 250+ alarm, proper Security management tools, profiling and forensic analysis
    •       (so that you can roll-back to see at which time and how long you did the "attack" or wireless security vulnerability assessment

    These are typically the leading WIDS or WIPS vendors  (the last WIPS only comparison report by Gartner was in 2012):

    • Zebra Technologies - AirDefense  (aka Motorola AirDefense Services Platform) with Hardware AP/Sensors Radios
    • AirTight Networks (aka SpectraGuard and aka OEM Hewlett Packard - HP RF Manager) with Hardware AP/Sensors Radios
    • Netscout AirMagnet Enterprise (AME)  (aka Fluke Networks/AirMagnet Enterprise) with dedicated Hardware Sensors or Software Sensors (on laptops)


    • Cisco Prime NCS Infrastructure 3.0  (subset of AirMagnet Enterprise. Need to double check this, it was in version 2.0)
    • HP/Aruba AirWave Management System (aka RAPIDS)
    • AirPatrol
    • Other vendors:
    •      Aerohive Networks 
    •      Cisco Meraki - AirMarshall
    •      and all other vendors I for
    •      or if an AP (or Controller) has a "WIPS" feature built-in, it is just a very small subset (not really the way to manage security)


    First of all get the right dongles and the right drivers to put the dongles into "monitor mode"

    (eg. chipset .11n like Atheros using in Proxim WD8494 dongles,  RealTek 2870 dongles 1x1, 2x2 or 3x3 MIMO

    and a few more for .11ac)

    • You mentioned Kali Linux / Backtrack already, which can be expanded by using linux based tools/scripts
    • using Python or Metasploit   (download Kali linux .iso and other tools via apt-update)
    • OSWA (Organisational Wireless Security Auditor) from ThinkSecure in Singapore  (.iso is downloadable)
    • PenToo    (Rick Farina is a developer here for the platform), see one of his speeches at the Wireless LAN Professional Conferences
    •   (one of the 150 videos, search for Rick Farina he has a few)
    • Silica Immunity platform
    • Hardware platform
    •       Nemesis   (based on Linux / Python)
    •       PineApple by Hak5  (based on Linux)

  • Tom can you remove the "angela456" post above? Thanks.

Page 1 of 1
  • 1