Wi-Fi Advanced Stealth presented at BlackhatUSA 2006

by Franck Veysset, Laurent Butti,

Summary : Wireless stealth was somewhat expensive some years ago as we were required to use proprietary radios and so on Thanks to increasingly flexible low-cost 802.11 chipsets we are now able to encode any MAC layer proprietary protocol over 2.4 GHz/5 GHz bands! This could mean stealth to everybody at low-cost!
This presentation will focus on two techniques to achieve a good level of stealth:
a userland technique exploiting a covert channel over valid 802.11 frames;
a driverland technique exploiting some 802.11 protocol tweaks.
These techniques are somewhat weird! Thats one reason they resist the action of scanners and wireless IDS!
The tools that will be released are proof-of-concepts and may be improved both in terms of features and code cleanups!