From 79e3c3c42f92f8cb7ffe1fa4a7dfab36e7016623 Mon Sep 17 00:00:00 2001 From: Mathy Vanhoef Date: Sun, 25 Oct 2020 19:36:10 +0400 Subject: [PATCH] fragattack: minor rewording --- research/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/research/README.md b/research/README.md index 82aab2b26..b9d9832a8 100644 --- a/research/README.md +++ b/research/README.md @@ -282,8 +282,8 @@ device and are further discussed below the table. | `ping I,P,P` | Send a fragmented ping: both fragments are sent in plaintext. | `linux-plain` | Mixed plaintext/encrypted fragmentation attack specific to Linux. |
*[Broadcast fragment attack (§6.4)](#id-test-broadcastfrag)*
-| `ping I,D,P --bcast-ra` | Send a ping request in plaintext broadcasted 2nd fragment after connecting. -| `ping D,BP --bcast-ra` | Same as above, but the ping is inject during the handshake (check with tcpdump). +| `ping I,D,P --bcast-ra` | Send a unicast ping in a plaintext broadcasted 2nd fragment once connected. +| `ping D,BP --bcast-ra` | Same as above, but the ping is sent during the handshake (check with tcpdump). |
*[A-MSDUs EAPOL attack (§6.5)](#id-test-cloackamsdu)*
| `eapol-amsdu BP` | Send A-MSDU disguised as EAPOL during handshake (check result with tcpdump). | `eapol-amsdu I,P` | Same as above, except the frame is injected after obtaining an IP. @@ -330,7 +330,7 @@ mitigations are discussed in Section 7.2 of the paper. The last two tests are used to simulate our A-MSDU injection attack: - `amsdu-inject`: This test simulates the A-MSDU injection attack described in Section 3.2 of the paper. In particular, - it sends an A-MSDU frame whose starts is also a valid LLC/SNAP header (since this is also what happens in our reference + it sends an A-MSDU frame whose start is also a valid LLC/SNAP header (since this is also what happens in our reference attack). - `amsdu-inject-bad`: Some devices incorrectly parse A-MSDU frames that start with a valid LLC/SNAP header causing the