|
|
MITM detection
Attack detection by detecting modified 802.11 sequence numbers.
Each 802.11 frame has a sequence number and number of fragments (0 in case of no fragments)
Frames with forged MAC address have the sequence number out of sequence order of the correct frames
The sequence number is usually generated by firmware of the wireless adapter, therefore it is complicated for the attacker to spoof it.
But it is still possible (!) - by modification of the reverse engineered code of the wireless adapter firmware, allowing the attacker to modify a sequence number
Most of the wireless manufacturers use various modifications of the Intersil driver - possible leakage of firmware source code
|