This tool detects then ATTACKS evil twin access points Mohamed Idris has created a tool to help network administrators discover and DoS rogue access points. The EvilAP Defender open source tool published to GitHub can be run by admins at intervals to determine if attackers are attempting to get their users to connect to malicious networks. Those evil twin attack networks are …
This post has been deleted by its author
The legality bootnote can also be interpreted as a possible / likely cover for such a DOS:
"against something you don't own"
The underlying principle of any fake AP is to persuade people that it is the AP that you own. Of course it's demonstrable that you saw through the subterfuge but that would require the fake owner going public about his activities. In the more likely case that he doesn't want any more trouble you can just validly argue that you were carrying out a legitimate vulnerability to DoS attack on your own system!
isn't it a strange legal system that such a prosecution could even take place.
i imagine it's the same as being prosecuted for causing distress to a thief when you caught him and booted him out of your house.
i guess it could be argued that the evil twin is not on your premises and technically not even on your network. i'm not sure what the legal defence is against that.
Problem with DDoS attacking potential attackers is that you'll congest the network, causing others problems, without the guarantee that you have averted a future attack vector.
Also others will see you as a DDoS'er and opening yourself to legitimate, if not legal, vigilante attacks.
Some laws make sense.
So what's a clever alternative to DOSing?
Why not use a few extra strategically placed probes to triangulate the perpetrator, by means of GPS on each probe and simple maths...
Of course, the perp would have to be inside the area 'covered' by the probes. But I'm sure we could come up with a clever means of locating those outside... Wardriving for crime-stopping anyone?
I.e., just assign whichever you like to a virtual machine. But that might be a bad move because then some traffic might get mixed up between routers, leading to all kinds of confusion in network traffic. So if you want to intercept traffic, it would probably be better to use a different MAC from the one the router you're spoofing is using--otherwise, you might wake up the admins, who would come investigating after lost packages.
I'm not an expert on this particular kind of attack, but that's my tuppence as a long-time sysadmin.
Come on guys ... there are no legal issues with this :)
The tool doesn't attack the hacker. It denies the users of the wireless network (my users) from connecting to the attacker machine! It sends what we call de-authentication packets to the users who may fall victim to the Evil Access Point (AP). This is exactly what the attacker does to enforce users to connect to his Evil AP. The attacker keeps sending these de-authentication packets to deny the users from connecting to their legitimate AP. This will enforce them to connect to his EvilAP.
The tool does the same ... it sends these packets to the users of the legitimate network to enforce them to not connect to the Evil AP. This packet type doesn't affect the routers or any other networking devices. This packet is only understandable by wireless cards. It only asks the user to re-authenticate to the AP. Sending these packets for long time will keep the user de-authenticated. This way the attacker will not be able to get any connection from the users of the legitimate network until the Admin react to the EvilAP.
Ok replying to a REALLY old thread here but I'm reading up on this in general.
I agree you aren't attacking the AP as such but you would be denying anyone connecting to it, so is it no longer functioning? Are you denying service? Yes, obviously that is the point of the Deauth.
So it is kind of a DoS on equip you don't own but for the greater good...I think it's grey at best.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
