QUOTE(EverestX @ Apr 10 2006, 04:04 PM)
Jesus, I bet range on that thing from a decent sized hotel is amazing. But then Again 24Dbi is a pretty healthy boost in range regardless. What did a fancy piece of hardware like that run you? From the looks of it it doesn't appear to be hand built, and if it was, My hats off to you.
The 1 Watt amp is my own creation and the cables etc are all made by me, as for the antenna it's just a slightly modded version of an original. Im actually making a 3 Watt amp now.
As for the range I been running experments by shooting it off the MESA and we are getting signal from over 20 miles a true range test has yet to be done. To run our tests we are using an Atheros (Madwifing) based card setup with two VAP's in AP mode. The connection quality at 20 miles is yet to be fully tested but it's around 28mbps and sitting at around good to excellent quality. If you would like the exact dBi's your going to have to wait a while as I dont currently have access to it.
When it comes to wifi development and expermenting, TiSnetworks which is my "organization" aka group of people with all differnt shades of hats, has been working on a method which we will simply call ghosting. The function of ghosting is to avoid new wifi security systems that are being put into play. One of these security systems is a real threat to wepcracking it works by attacking the attacker with mass DeAuthentication packets, when you are cracking a wep key you must associate with the access point in order to inject packets. (One Method of WEP Cracking)
The security system lies dormant and is not visable to kismet scans. When the "cracker" comes in he will only see his target AP. Sure it looks like what would normally be a piece of cake yet when the cracker starts his attack he is forced to DeAuth a client on that WLAN in order to begen the replay of ARP packets to generate IV's for the cracking procces. The security system will detect this DeAuth Packet and switch into an aware state and will begen passively monitoring wifi connections for strage activity such as a dramatic rise in Data packets. It then proceeds to lock onto the sender (the cracker) and begens creating massive amounts of fake access points on the attackers current wifi channel. These fake APs seem to only be a nuisance at first but soon they will start generating massive amounts of DeAuth packets all set on the Broadcast channel so basically everything on the atatckers channel will be hit, but it will stop the attack cold turkey.
TiSnetworks has found a way to evade this security system by confusing it. We generate a massive amount of fake "cleints" and attach them to the access point then when the security system becomes active our clients play a bit of a game with the security system by confusing it and in turn masking the real attacker. To avoid the broadcast DeAuths we were able to make modifications to both our drivers and aircrack to ignore DeAuth packets and basically send them to null. =)
Well, thats about all I can tell you for now. Hopefully you dont feel bad by this point for reading it all and possibly gaining nothing.
