Filter
Top Products
379 | WirelessIntrusionPrevention DellPowerConnectW-SeriesArubaOS6.2 | User Guide
Detecting a Block ACK DoS
The Block ACK mechanism that was introduced in 802.11e, and enhanced in 802.11nD3.0, has a built-in DoS
vulnerability. The Bock ACK mechanism allows for a sender to use the ADDBA request frame to specify the
sequence number window that the receiver should expect. The receiver will only accept frames in this window.
An attacker can spoof the ADDBA request frame causing the receiver to reset its sequence number window and
thereby drop frames that do not fall in that range.
Detecting a ChopChop Attack
ChopChop is a plaintext recovery attack against WEP encrypted networks. It works by forcing the plaintext, one
byte at a time, by truncating a captured frame and then trying all 256 possible values for the last byte with a
corrected CRC. The correct guess causes the AP to retransmit the frame. When that happens, the frame is truncated
again.
Detecting a Disconnect Station Attack
A disconnect attack can be launched in many ways; the end result is that the client is effectively and repeatedly
disconnected from the AP.
Detecting an EAP Rate Anomaly
To authenticate wireless clients, WLANs may use 802.1x, which is based on a framework called Extensible
Authentication Protocol (EAP). After an EAP packet exchange and the user is successfully authenticated, the EAP-
Success is sent from the AP to the client. If the user fails to authenticate, an EAP-Failure is sent. In this attack,
EAP-Failure or EAP-Success frames are spoofed from the access point to the client to disrupting the authentication
state on the client. This confuses the client’s state causing it to drop the AP connection. By continuously sending
EAP Success or Failure messages, an attacker can effectively prevent the client from authenticating with the APs in
the WLAN.
Detecting a FATA-Jack Attack Structure
FATA-Jack is an 802.11 client DoS tool that tries to disconnect targeted stations using spoofed authentication
frames that contain an invalid authentication algorithm number.
Detecting a Hotspotter Attack
The Hotspotter attack is an evil-twin attack which attempts to lure a client to a malicious AP. Many enterprise
employees use their laptop in Wi-Fi area hotspots at airports, cafes, malls etc. They have SSIDs of their hotspot
service providers configured on their laptops. The SSIDs used by different hotspot service providers are well known.
This enables the attackers to set up APs with hotspot SSIDs in close proximity of the enterprise premises. When
the enterprise laptop Client probes for hotspot SSID, these malicious APs respond and invite the client to connect
to them. When the client connects to a malicious AP, a number of security attacks can be launched on the client. A
popular hacking tool used to launch these attacks is Airsnarf.
Detecting a Meiners Power Save DoS Attack
To save on power, wireless clients will "sleep" periodically, during which they cannot transmit or receive. A client
indicates its intention to sleep by sending frames to the AP with the Power Management bit ON. The AP then
begins buffering traffic bound for that client until it indicates that it is awake. An intruder could exploit this
mechanism by sending (spoofed) frames to the AP on behalf of the client to trick the AP into believing the client is
asleep. This will cause the AP to buffer most, if not all, frames destined for the client.