802.11 Wireless Attacks & Detection/Defense  Home ToC Prev Up Next 
802.11 overview
Attacks
Detection
MAC anomalies
+MITM detection
Frame injection
Defense
Conclusion
  

MITM detection

Attack detection by detecting modified 802.11 sequence numbers.

  • Each 802.11 frame has a sequence number and number of fragments (0 in case of no fragments)

  • Frames with forged MAC address have the sequence number out of sequence order of the correct frames

  • The sequence number is usually generated by firmware of the wireless adapter, therefore it is complicated for the attacker to spoof it.

  • But it is still possible (!) - by modification of the reverse engineered code of the wireless adapter firmware, allowing the attacker to modify a sequence number

  • Most of the wireless manufacturers use various modifications of the Intersil driver - possible leakage of firmware source code
Copyright © 2005 Pavol Lupták, ICZ a.s.  Prev Next