Forum

Hi all,

I'm trying to test and demonstrate some wifi attacks. I was able to run the below attacks using tools in Backtrack / Kali Linux.

- AP Flood Attack
- ChopChop Attack
- AP Impersonation
- AP Spoofing
- Deauth Broadcast

But I have more in my list. Could someone help me to find the proper tools / methods to run all the below attacks:

802.11n 40MHz Intolerance
AP Flood Attack
Block ACK DoS Attack
ChopChop Attack
Client Flood Attack
CTS Rate Anomaly
Disconnect Station Attack
EAP Rate Anomaly
FATA-Jack Attack
Invalid Address Combination
Malformed Frame - Assoc Request
Malformed Frame - Auth
Malformed Frame - HT IE
Malformed Frame - Large Duration
Omerta Attack
Overflow EAPOL Key
Overflow IE
Power Save DoS Attack
Rate Anomalies
RTS Rate Anomaly
TKIP replay Attack
AP Impersonation
AP Spoofing
Beacon Wrong Channel
Hotspotter Attack

Thanks,
Rajaguru

Rajaguru,

Personally I am just curious which Enterprise WIDS / WIPS system are you testing?

(We show these tools mentioned below in Globeron CWSP instructor led classes)

As long as these wireless tools are used the proper way:

• In compliance with the law in your country
•       See video:  http://www.globeron.com/freedownload/services/Singapore-Jan-5-2007-WirelessHacking-StraitsTimes-news.flv
• Become a Certified Wireless Security Professional (CWSP)
• Become a Globeron WhiteCap, I run regularly Wireless Security training classes
•       or you can do our www.globeron.com/onlinetraining version
• Use the tools to test WIDS or WIPS features (in APs, Controllers), but are not really WIPS systems (just a tick in the box for tender compliance)
• or better are Enterprise WIPS systems which have 250+ alarm, proper Security management tools, profiling and forensic analysis
•       (so that you can roll-back to see at which time and how long you did the "attack" or wireless security vulnerability assessment

These are typically the leading WIDS or WIPS vendors  (the last WIPS only comparison report by Gartner was in 2012):

• Zebra Technologies - AirDefense  (aka Motorola AirDefense Services Platform) with Hardware AP/Sensors Radios
• AirTight Networks (aka SpectraGuard and aka OEM Hewlett Packard - HP RF Manager) with Hardware AP/Sensors Radios
• Netscout AirMagnet Enterprise (AME)  (aka Fluke Networks/AirMagnet Enterprise) with dedicated Hardware Sensors or Software Sensors (on laptops)

Others:

• Cisco Prime NCS Infrastructure 3.0  (subset of AirMagnet Enterprise. Need to double check this, it was in version 2.0)
• HP/Aruba AirWave Management System (aka RAPIDS)
• AirPatrol
• Other vendors:
•      Aerohive Networks 
•      Cisco Meraki - AirMarshall
•      and all other vendors I for
•      or if an AP (or Controller) has a "WIPS" feature built-in, it is just a very small subset (not really the way to manage security)

Tools:

First of all get the right dongles and the right drivers to put the dongles into "monitor mode"

(eg. chipset .11n like Atheros using in Proxim WD8494 dongles,  RealTek 2870 dongles 1x1, 2x2 or 3x3 MIMO

and a few more for .11ac)

• You mentioned Kali Linux / Backtrack already, which can be expanded by using linux based tools/scripts
• using Python or Metasploit   (download Kali linux .iso and other tools via apt-update)

• OSWA (Organisational Wireless Security Auditor) from ThinkSecure in Singapore  (.iso is downloadable)

• PenToo    (Rick Farina is a developer here for the platform), see one of his speeches at the Wireless LAN Professional Conferences
• https://vimeo.com/keithrparsons/videos   (one of the 150 videos, search for Rick Farina he has a few)

• Silica Immunity platform

• Hardware platform
•       Nemesis   (based on Linux / Python)
•       PineApple by Hak5  (based on Linux)

Tom can you remove the "angela456" post above? Thanks.