[Dailydave] This guy cracks me up.
Bill Weiss
houdini+dailydave at clanspum.net
Tue Sep 5 09:42:04 EST 2006
Just one question, inlined.
johnny cache(johnycsh at gmail.com)@Mon, Sep 04, 2006 at 07:17:27PM -0700:
> >> 1) set up a netcat udp listener on the victim centrino box. (Why
> >> you actually need a listener is beyond me, but it seems to help)
> >
> >I don't understand what this means. Does it mean that the victim
> >computer *must* be running a netcat udp listener for the attack to
> >work? If so, how would this be exploited in the wild?
>
> No, in theory no open TCP/UDP ports should be required. Your wireless
> device driver has no idea what layer 4 ports are open and it should be
> treating all data packets the same at this point. My guess is that
> having an open port influences the delicate timing I described earlier.
>
(content removed)
>
> If you were to implement this using a patched kernel, or found some
> other way to inject packets at a faster rate, I suspect no open ports
> would be required. Hard to say for sure though.
Have you tried the in-kernel "packet generator"? The docs seem to say
that it can generate traffic quickly. I haven't had a reason to play
with it yet so I can't say if it would serve the purpose.
--
Bill Weiss
More information about the Dailydave
mailing list