Filter
Top Products
375 | WirelessIntrusionPrevention DellPowerConnectW-SeriesArubaOS6.2 | User Guide
Detecting Bad WEP Initialization
This is the detection of WEP initialization vectors that are known to be weak. A primary means of cracking WEP
keys is to capture 802.11 frames over an extended period of time and searching for such weak implementations that
are still used by many legacy devices.
Detecting a Beacon Frame Spoofing Attack
In this type of attack, an intruder spoofs a beacon packet on a channel that is different from that advertised in the
beacon frame of the AP.
Detecting a Client Flood Attack
There are fake AP tools that can be used to attack wireless intrusion detection itself by generating a large number of
fake clients that fill internal tables with fake information. If successful, it overwhelms the wireless intrusion system,
resulting in a DoS.
Detecting an RTS Rate Anomaly
The RF medium can be reserved via Virtual Carrier Sensing using an CTS/RTS transaction. The transmitter station
sends a Request To Send (RTS) frame to the receiver station. The receiver station responds with a Clear To Send
(CTS) frame. All other stations that receive these RTS and/or CTS frames will refrain from transmitting over the
wireless medium for an amount of time specified in the
duration
fields of these frames.
Attackers can exploit the Virtual Carrier Sensing mechanism to launch a DoS attack on the WLAN by transmitting
numerous RTS and/or CTS frames. This causes other stations in the WLAN to defer transmission to the wireless
medium. The attacker can essentially block the authorized stations in the WLAN with this attack.
Detecting Devices with an Invalid MAC OUI
The first three bytes of a MAC address, known as the MAC organizationally unique identifier (OUI), is assigned by
the IEEE to known manufacturers. Often clients using a spoofed MAC address do not use a valid OUI and instead
use a randomly generated MAC address.
Detecting an Invalid Address Combination
In this attack, an intruder can cause an AP to transmit deauthentication and disassociation frames to all of its
clients. Triggers that can cause this condition include the use of broadcast or multicast MAC address in the source
address field.
Detecting an Overflow EAPOL Key
Some wireless drivers used in access points do not correctly validate the EAPOL key fields. A malicious EAPOL-Key
packet with an invalid advertised length can trigger a DoS or possible code execution. This can only be achieved
after a successful 802.11 association exchange.
Detecting Overflow IE Tags
Some wireless drivers used in access points do not correctly parse the vendor-specific IE tags. A malicious
association request sent to the AP containing an IE with an inappropriate length (too long) can cause a DoS and
potentially lead to code execution. The association request must be sent after a successful 802.11 authentication
exchange.
Detecting a Malformed Frame-Assoc Request
Some wireless drivers used in access points do not correctly parse the SSID information element tag contained in
association request frames. A malicious association request with a null SSID (that is, zero length SSID) can trigger a
DoS or potential code execution condition on the targeted device.