Wireless Vulnerabilities & Exploits
Wireless Vulnerabilities & Exploits
WVE ID: WVE-2005-0056
Type: Exploit
Status: Candidate
Classification:
Other
Description:
FakeAP is a tool that can be used to automatically spoof a large number of access points in order to confuse wardrivers.
Discussion:
FakeAP is a Perl script for Linux that utilizes cards compatible with the HostAP driver to create the illusion of many APs operating in the vicinity. It accomplishes this by putting a wireless card into Master mode which causes the card to function as an AP. FakeAP then cycles the card through varous MAC addresses and SSIDs. This will cause any 802.11 discovery tools being operated in the area to show many APs operating in the area.
By default FakeAP will randomly generate AP MAC addreses with the 00:00:0C, 00:00:CE, and 00:00:EF vendor prefixes along with the SSIDs "Access Point", "tsunami", "host", "airport", and "linksys". However, a list of vendor OUIs and words to use for SSIDs can be used.
In addition, FakeAP allows one to adjust the probably of it creating WEP encrypted networks. In order to evade detection through trilateration it also allows the output power of the card's radio to be varied within a user-supplied range.
It should be noted that an attacker can also modify FakeAP to generate AdHoc networks as well as fake stations.
Credits
Author:
Stuart
Stock
(stuart@blackalchemy.to)
: Black Alchemy Labs
Author:
Ken
Beames
(ken@blackalchemy.to)
: Black Alchemy Labs
References
URL:
http://www.blackalchemy.to:8060/project/fakeap/index.php
Released: 2002-08-04
Submitter
Andrew
Lockhart
(alockhart@networkchemistry.com)
: Network Chemistry
Submitted: Thu Dec 01 13:36:45 -0800 2005
Candidate Date: Thu Dec 01 13:37:29 -0800 2005
