| skipped 8 lines |
9 | 9 | | also known as AP isolation. The attack can also be used to bypass Dynamic ARP inspection (DAI), |
10 | 10 | | and can likely also be used to bypass other methods that prevent clients from attacking each other. |
11 | 11 | | The attack is also known as the _security context override attack_, see Section 5 of our |
12 | | - | [USENIX Security '23 paper](https://www.usenix.org/conference/usenixsecurity23/presentation/schepers). |
| 12 | + | [USENIX Security '23 paper](https://papers.mathyvanhoef.com/usenix2023-wifi.pdf). |
13 | 13 | | |
14 | 14 | | Concrete examples of possible affected networks are: |
15 | 15 | | |
| skipped 85 lines |
101 | 101 | | to which client packets should be sent, i.e., routed, to. |
102 | 102 | | |
103 | 103 | | For extra details on the attack, see the _security context override attack_ (Section 5) in our paper |
104 | | - | [Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues](https://www.usenix.org/conference/usenixsecurity23/presentation/schepers). |
| 104 | + | [Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues](https://papers.mathyvanhoef.com/usenix2023-wifi.pdf). |
105 | 105 | | |
106 | 106 | | |
107 | 107 | | # 3. Possible mitigations |
| skipped 574 lines |