Implement a better method for determining whether or not traffic to and from a particular device is (still) being successfully decrypted

schloss / insecurity-demos

A packaged, graphical user interface for demonstrating various digital security threats and mitigations in a training room context.

4 stars 2 forks source link

Implement a better method for determining whether or not traffic to and from a particular device is (still) being successfully decrypted #84

Open poser opened 10 years ago

poser commented 10 years ago

Counting eapol packets might still be a good way to flag a device as "green" (if we determine, for example, that some exceptionally quiet devices do not send or receive any other traffic after reauthenticating), but we should still be able to treat a single encrypted packet as a sign that we have somehow gotten out of sync and should therefore re-flag the corresponding device as "red."