This guy cracks me up. Lyndon Sutherland

["johnny cache" <johnycsh () gmail com>]

> Hey there,

> I am curious about winning the race, where you mention the beacon packet
> of another AP within proximity ending up on the stack. Wouldn't this
> race be difficult to win in a real life environment where there is even
> moderate numbers of wireless networks or APs and activity? Or, am I
> missing something?

It's hard to win using the ad-hoc technique I explained because there is no
synchronization between the cards. If card A sends dis-assocs every 4000 usecs,
and card B sends data packets with a payload every 5000 usecs, eventually the
card B will transmit right after A.

Beacons are usually sent out ever 100,000 usecs. If you were actually
synchronizing
transmissions (or in kernel land) this is plenty of time to get your
two packets in
one after another.

> Secondly, I am curious, but without the listener on the victim machine,
> how much would this reduce the likelihood of the attack working?

Intuitively it shouldn't matter at all. Your layer2 device driver has no idea
whether your have a layer 4 UDP open or not. Practically I don't think i ever
run the race without a listener open.

The only real explanation I have as to why this matters is that it
influences the delicate timing mentioned above. Of course, it could be
something else. Like I said, reversing the driver
and figuring this out just seemed infintely unlikely.

Good questions though. Its nice to talk about technical things and not
politics or slander for a bit.

So, anyone else out there think im an idiot doing a dis-service to the entire
computer security industry? Got any more funny 80's analogies MindsX?
-jc
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave