Mdk3 Secret Destruction Mode

It's a combination of different attacks.
Cisco still has a bunch of support tickets running.
Their Intrusion Detection System crashed because of this special attack.
And with the IDS the routing tables at the whole university got mixed up for
about half an hour.

So, TRY THIS AT HOME, but not anywhere else.

The combination is:
- Running beacon flood mode to generate fake APs with the same name as your
victim
- Auth-DoS the original AP with intelligent mode
- Use the amok mode to kick the clients
And for the next version of mdk3
- Use the upcoming WIDS confusion mode to cross-connect kicked clients to
real and fake APs making all security systems go FUBAR.

In this 802.11-hell, there should be nobody able to access the network.
Because:
-> They get kicked when they connect (Amok mode)
-> They will see thousands of APs, unable to know which is the one to connect,
thus they are just trying around blindly (beacon flood)
-> The original AP may be too busy to handle the real clients because of the
Auth-DoS

Fake Shared Key Authentication
This is world's first fully functional code to enable fake authentication on networks using Shared Key Authentication. You do NOT need to know the key to authenticate, all you need is a keystream that has been chopped with aireplay-ng's chopchop attack. Hirte, another developer from the aircrack-ng community successfully included this code into the aircrack suite.
Fixed in Version 0.2:
- Show error when network does not use Shared Key Authentication
- Get Capability Field from Beacon Frame. (Using the standard capabilities failed for some APs)

ska-0.2.tar.bz2
ska-0.1.tar.bz2

Fragmentation Attack
And another world premiere from me. First implementation of the Fragmentation Attack on Linux. This attack needs a special driver and card, that is able to handle the IEEE802.11 fragmentation correctly, your driver may not work or may need to be updated/modified. The output of this tool is a file in the aircrack-ng keystream format (.xor). The output can be used in the same way like the output of the chopchop attack in aireplay-ng. With that keystream you can build an ARP packet (arpforge-ng or for the 0.6.2 release packetforge-ng). This packet can then be injected into the target wifi system, generating either answers and/or replies increasing the IV count. For an example attack, see the README in the tarball. afrag has already been integrated into aireplay-ng, best idea is to get the aircrack-ng SVN version for the newest fragmentation attack code.

afrag-0.1.tar.bz2