MDK3 is a WiFi tool that can be used for DOS Attack on APs or Beacon Flood among many other things. Now, MDK3 is available in BackTrack5. Here's the link to ASPj's website for MDK3.
MDK3 Features as listed on ASPj's Website :-
Bruteforce MAC Filters
Bruteforce hidden SSIDs (some small SSID wordlists included)
Probe networks to check if they can hear you
intelligent Authentication-DoS to freeze APs (with success checks)
FakeAP - Beacon Flooding with channel hopping (can crash NetStumbler and some buggy drivers)
Disconnect everything (aka AMOK-MODE) with Deauthentication and Disassociation packets
WPA TKIP Denial-of-Service
WDS Confusion - Shuts down large scale multi-AP installations
# mdk3
First lets see the how the Beacon Flood (Fake AP) works.
There are 3 types of packets in 802.11 :-
- Management
- Control
- Data
Beacon Frame is a subtype of Management Frames --> Subtype 8
Beacon Frames are broadcast frames which are sent out periodically by APs to broadcast their presence.
Everything is in plaintext inside a Beacon Frame. So, if we spoof a Beacon Frames, WiFi devices in the vicinity will report a new AP.
# mdk3 --help b
The Beacon Flood will create a Fake Access Point in the sense that it starts broadcasting Beacon frames using your WiFi card. So, all of the clients in the vicinity will detect a new AP.
The reason for doing a Beacon Flood could be several. It can be used for the MITM attack, or also a DOS,
since creating a fake AP with an SSID that already exists in range, cause the crash of wifi driver and its
scanner in the victim.
List of APs in range :-
# airodump-ng mon0 -c 6 -> To find list of APs in range
# mdk3 mon0 b -n mogambo -a -c 6 -> Start Beacon Flood on Channel 6 on interface mon0 with SSID mogambo
The Fake AP appears in the list of APs in range :-
MDK3 Features as listed on ASPj's Website :-
Bruteforce MAC Filters
Bruteforce hidden SSIDs (some small SSID wordlists included)
Probe networks to check if they can hear you
intelligent Authentication-DoS to freeze APs (with success checks)
FakeAP - Beacon Flooding with channel hopping (can crash NetStumbler and some buggy drivers)
Disconnect everything (aka AMOK-MODE) with Deauthentication and Disassociation packets
WPA TKIP Denial-of-Service
WDS Confusion - Shuts down large scale multi-AP installations
# mdk3
BEACON FLOOD (FAKE AP)
First lets see the how the Beacon Flood (Fake AP) works.
There are 3 types of packets in 802.11 :-
- Management
- Control
- Data
Beacon Frame is a subtype of Management Frames --> Subtype 8
Beacon Frames are broadcast frames which are sent out periodically by APs to broadcast their presence.
Everything is in plaintext inside a Beacon Frame. So, if we spoof a Beacon Frames, WiFi devices in the vicinity will report a new AP.
# mdk3 --help b
The Beacon Flood will create a Fake Access Point in the sense that it starts broadcasting Beacon frames using your WiFi card. So, all of the clients in the vicinity will detect a new AP.
The reason for doing a Beacon Flood could be several. It can be used for the MITM attack, or also a DOS,
since creating a fake AP with an SSID that already exists in range, cause the crash of wifi driver and its
scanner in the victim.
List of APs in range :-
# airodump-ng mon0 -c 6 -> To find list of APs in range
# mdk3 mon0 b -n mogambo -a -c 6 -> Start Beacon Flood on Channel 6 on interface mon0 with SSID mogambo
The Fake AP appears in the list of APs in range :-
No comments:
Post a Comment