Re: tunneling through hotspot firewall

[Daniel Gultsch <daniel () gultsch de>]

On Fri, 24 Apr 2009 00:17:13 -0400
Paul Melson <pmelson () gmail com> wrote:
> You will run into issues with sequence numbers in the 802.11 frames.

I read a paper that the sequence numbers could be checked but usually
aren't. I could google it again but it was something with "mac spoofing
detection sequence numbers" 
However I'm not entirely sure about this. I'm kinda worried about the
flow control on Layer 1 and 2. You know which client can start
transmitting - it's a shared medium and such. As I said before: my
understanding of the above layers 3,4 is good enough that i can tell
it's working but I don't know....

Doesnt sombody on this list know something about WLAN and flow control
on shared media?!

> But why bother impersonating a whitelisted client address when you can
> hijack it altogether with ARP poisoning?

because I want the original client to be still able to use the hotspot
and not knowing there is an attacker.

- daniel

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Tired of using other people's tools? Why not learn how to write your own exploits? 
InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for 
Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well. 

http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html
------------------------------------------------------------------------