![]() The capture point is in the software and the macs are always 0000 but if you capture them at the switch after they come out the machine they have the correct address. Certain ethernet drivers are using a hardware acceleration. Most the reason I suspect this 00000 one is a false positive is you see that all the time in wireshark captures. ![]() So any software that runs even on the router need to find a way to determine successful connection compared to ones that the router rejects. This is one the known denial of service attacks against wireless. ![]() Even so the router actually does accept connections from any mac address but then quickly terminates them. Because these are windows based tools and microsoft has disabled the ability to put a wireless nic into promiscuous mode they can't be doing that. The only way a tool could see data being send and received to a router was to capture wireless data. You see all kinds of garbage broadcast packets in a network so you have to be very careful to think they mean anything. Of course if a device does not send them out they can not detect them. I am going to bet they are monitoring ARP broadcast and other broadcast packets. They can only tell things the PC running the monitoring software can detect. They in no way can really tell what is connecting between the router and external machine. It would be really nice if they were a little more clear how they think they can do this. I am going to bet this is false positive from the tools. There are tools that can brute force the WPS pin in 10hrs.ĭD-WRT has much better monitoring tools it can actually produce reports itself of connected machine and such. I would set the disable router pin option and really hope it does disable this.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |