Filter
Top Products
Detecting Malformed Frame-Auth
Malformed 802.11 authentication frames that do not conform to the specification can expose vulnerabilities in some
drivers that have not implemented proper error checking. This feature checks for unexpected values in a
Authentication frame.
Detecting a Malformed Frame-HT IE
The IEEE 802.11n HT (High Throughput) IE is used to convey information about the 802.11n network. A 802.11
management frame containing a malformed HT IE can crash some client implementations; potentially representing
an exploitable condition when transmitted by a malicious attacker.
Detecting a Malformed Frame-Large Duration
The virtual carrier-sense attack is implemented by modifying the 802.11 MAC layer implementation to allow random
duration values to be sent periodically. This attack can be carried out on the ACK, data, RTS, and CTS frame types
by using large duration values. This attack can prevent channel access to legitimate users.
Detecting a Misconfigured AP
A list of parameters can be configured that defines the characteristics of a valid AP. This feature is primarily used
when non-Dell APs are used in the network since the Dell controller cannot configure the third-party APs. These
parameters include WEP, WPA, OUI of valid MAC addresses, valid channels, and valid SSIDs.
Detecting a Windows Bridge
A Windows Bridge occurs when a client that is associated to an AP is also connected to the wired network, and has
enabled bridging between these two interfaces.
Detecting a Wireless Bridge
Wireless bridges are normally used to connect multiple buildings together. However, an attacker could place (or have
an authorized person place) a wireless bridge inside the network that would extend the corporate network somewhere
outside the building. Wireless bridges are somewhat different from rogue APs in that they do not use beacons and
have no concept of association. Most networks do not use bridges – in these networks, the presence of a bridge is a
signal that a security problem exists.
Detecting Broadcast Deauthentication
A deauthentication broadcast attempts to disconnect all stations in range. Rather than sending a spoofed deauth to
a specific MAC address, this attack sends the frame to a broadcast address.
Detecting Broadcast Disassociation
By sending disassociation frames to the broadcast address (FF:FF:FF:FF:FF:FF), an attacker can disconnect all
stations on a network for a widespread DoS.
Detecting Netstumbler
NetStumbler is a popular wardriving application used to locate 802.11 networks. When used with certain NICs,
NetStumbler generates a characteristic frame that can be detected. Version 3.3.0 of NetStumbler changed the
characteristic frame slightly.
Detecting Valid SSID Misuse
If an unauthorized AP (neighbor or interfering) is using the same SSID as an authorized network, a valid client may
be tricked into connecting to the wrong network. If a client connects to a malicious network, security breaches or
attacks can occur.
DellPowerConnectW-SeriesArubaOS6.2 | User Guide WirelessIntrusion Prevention | 376