Update README.md

efchatz · Feb 14, 2023 · 878db4c · 878db4c
1 parent 7b1f197
commit 878db4c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/README.md b/README.md
@@ -58,7 +58,7 @@
 <!-- ABOUT THE PROJECT -->
 ## About The Project
 
-The Bl0ck attack tool was created based on the publication titled ["Bl0ck: Paralyzing 802.11 connections through Block Ack frames"](#). The following text mentions a summary of these attacks and how they can be used with the Bl0ck tool. A more detailed analysis is mentioned in the relevant publication.
+The Bl0ck attack tool was created based on the publication titled ["Bl0ck: Paralyzing 802.11 connections through Block Ack frames"](https://arxiv.org/abs/2302.05899). The following text mentions a summary of these attacks and how they can be used with the Bl0ck tool. A more detailed analysis is mentioned in the relevant publication.
 
 The Bl0ck attack tool serves the purpose of having an easy and with a terminal argument access to three different attacks we managed to identify, regarding Wi-Fi 5 (802.11ac) and Wi-Fi 6 (802.11ax) networks. These attacks can interrupt the transmission of QoS Data traffic from an AP to the target. This means that the target will not have any Internet or LAN access. The attacks are separated into three cases:
 * Block-Ack Requests (BAR): An attacker sends BAR frames to the AP, spoofing the MAC address of an already connected STA and requesting a Starting Sequence Number (SSN) that is invalid. The behaviour of the AP was to stop responding with QoS Data frames to the source MAC address of these frames, but without disconnecting it. Even after this attack stopped, the legitimate STA while remain connected to that AP, was unable to retrieve QoS Data frames. As a result, the legitimate STA, to have access to QoS Data frames, needed to reconnect to that AP manually. Practically, this means that this STA was unable to retrieve any relevant Data frame, while it remain connected to this AP. As a result, an attacker could exploit further this issue, by executing a Deauthentication/Disassociation or an Evil Twin assault, to trick the targeted STA into changing the wireless network. Some APs behave the same way when they were targeted with BA frames.