Hosted by Darren Kitchen and Shannon Morse. New episodes Tuesdays.
Put together by a band of IT ninjas, security professionals and hardcore gamers, Hak5 isn't your typical tech show. We take on hacking in the old-school sense, covering everything from network security, open source and forensics, to DIY modding and the homebrew scene. Then we wrap it all up with a... Read More
Back in studio with Shannon this week. Darren has answers to your WiFi deauthorization attack questions and a demo of a nifty deuth watching script. Shannon's all about free and open source alternatives to online backup services like Backupify. Can these tools keep your cloud data secure?
This week we're answering viewer questions regarding last week's wireless deauthorization attacks.
How does Deauth work if a client connected to an AP using encryption? -Mark B
The answer lies in the fact that 802.11b/a/n/g management frames, special packets used to establish and maintain communications, are all sent unencrypted. These include:
And finally our favorite...
I was wondering how do I prevent the de authorize attacks and man-in-the-middle attacks on my laptop or computer -Test Account
Short of rewriting your wireless radio's firmware to ignore deauthorization packets I'm at a loss when it comes to preventing the attack. If you know of a way please get in touch. That said, deauth attacks are quite simple to detect.
Viewer Tinman2k wrote in with a simple python script that uses airmon-ng and scappy to scan for associations, authentications and deauthentications.
You'll need to begin by placing your card into monitor mode. For example: airmon-ng wlan0 start. Then pass your monitor interface to readAuthDeauth.py
#!/usr/bin/env python ###################################################### # authWatch.py v. 0.1 (Quick, Dirty and Loud) - by TinMan # Place card in monitor mode and set the channel. # If you want channel hopping, run airodump-ng in # another terminal. Will add channel hopping # in the next version. ###################################################### # # Usage: python authWatch.py# import sys from scapy import * interface = sys.argv[1] def sniffReq(p): if p.haslayer(Dot11Deauth): # Look for a deauth packet and print the AP BSSID, Client BSSID and the reason for the deauth. print p.sprintf("Deauth Found from AP [%Dot11.addr2%] Client [%Dot11.addr1%], Reason [%Dot11Deauth.reason%]") # Look for an association request packet and print the Station BSSID, Client BSSID, AP info. if p.haslayer(Dot11AssoReq): print p.sprintf("Association request from Station [%Dot11.addr1%], Client [%Dot11.addr2%], AP [%Dot11Elt.info%]") # Look for an authentication packet and print the Client and AP BSSID if p.haslayer(Dot11Auth): print p.sprintf("Authentication Request from [%Dot11.addr1%] to AP [%Dot11.addr2%]") print p.sprintf("------------------------------------------------------------------------------------------") sniff(iface=interface,prn=sniffReq)
One of these day the monkeys will rise up and conquer the net as we know it. That's why having good backups of your online data is important. So rather than getting screwed when gmail, google docs, flickr, delicious, twitter and wordpress go down, let's use free and open source software to make proper backups.
Online services like Backupify make it easy to backup your cloud data -- but it's just from one cloud to another (Amazon S3). If you'd like a local copy of your data check out these programs
6 days ago
Employers want social media passwords, US gets a #CPO, and #TheOnion! All that and more this time on #ThreatWire! http://t.co/SrZpicvnt6
8 days ago
#Installing #Solar panels, #Google #Chrome #extensions, and more on @Hak5! http://t.co/QppYLgZpi5
8 days ago
Legalizing #Internet eavesdropping, #LivingSocial is #hacked, and more on this weeks #ThreatWire! http://t.co/xyIxzy8kes
8 days ago
@thescribe I didn't! They were disabled and enabled throughout the segment. Each one has a different icon. - @Snubs
8 days ago
@myraitnetwork thank you!
24 days ago
#PGP #Encrypt your email, back up your #Gmail Account with #Ubuntu, text #messaging your #WiFi #Pineapple On #Hak5! http://t.co/KSZeO4GEPU
