Help Regarding Jasager/karma

[boris_grishenko]

Hi all

I'm new to jasager/karma thing.. i've got a couple of questions regarding "How Karma Works"

1. For Karma to Reproduce/Replicate a Victim's WEP enabled network, karma needs the wep key of the network.... Is this statement right or wrong ?

2. When karma spoofs a victim's Network, does it spoofs the name of the network (i.e the SSID) alone or the MACADDRESS of the victim's AP also...

so that an IDS could be configured to match each networks SSID to its MACADDRESS, and if diiferent MACADDRESS is found for a SSID (in case of a attack) respective actions could be taken...

Questions might be noobish, save my day pls :P

[digininja]

1. yes it would but once you configure a WEP key then it would lock out all the other users so Karma becomes pointless

2. Just SSID as it doesn't know the MAC address of the real AP

The IDS comment is right but the point of Karma is that you run it away from the office so the target probes for the office wireless and gets yours. Your IDS, unless it was a HIDS, wouldn't be anywhere in site so wouldn't have a say in the connection.

[boris_grishenko]

ahhh, Thanks digininja, that cleared my doubts... and yes the IDS is going to be a Host Based one..

[digininja]

With some supplicants you can tie them directly to the MAC address of the AP so you wouldn't need to worry about using the HIDS then. At least not to detect this attack

[boris_grishenko]

Well, I agree with what you've said.. The IDS not only detects karma/jasager attack, but also detects a comprehensive list of wireless attacks....