Using Aux ports to send Control frames...
Wed Sep 29 08:26:59 PDT 2004
> Can anyone help me understanding this method? can u plz send a code or
> indicate how to disable AUX ports in hostap and how to read or write
> from it...
> Documents that describes the functionalities of AUX ports or the method
> reffered to would help me in my research...
The premise is that you have to stop the transmit queue after writing
the packet to the device, searching through the AUX device for a magic
value that indicates that start of the packet, and modifying the memory
offset with your custom frame.
In practice, it's quite difficult since you are competing with a race
condition to get the card into the right state for you to be able to
mess with it in a way that it was never intended to do. In my tests,
I'm only able to get a few frames (like 1 or 2) transmitted before my
card ceases to respond altogether, forcing a manual reset.
As I understand it, Cisco and Atheros cards do not have the same
firmware restrictions as the Prism2 series cards, and can inject
arbitrary frames of any time or content without being mangled. This
could allow an attacker to send spoofed frames with in-order sequence
numbers to avoid being detected by WLAN IDS systems, and a slew of other
Did anyone make it to Toorcon this year? There was a presentation
titled "Advanced Packet Injection in 802.11a/b/g Networks" that may shed
some more light on other packet injection opportunities that are
otherwise firmware unencumbered.
jwright at hasborg.com
fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73
Today I stumbled across the world's largest hotspot. The SSID is "linksys".
More information about the Hostap