Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

S-38.310 Thesis Seminar on Networking Technology Topic: Investigation of Denial of

advertisement 
S-38.310 Thesis Seminar on Networking
Technology
Topic:
Investigation of Denial of
Service(Dos) attack in Wireless LAN
Author: Jing Jin
Instructor: Michael Hall
Supervisor: Prof. Sven-Gustav Häggman
S-72 Communication Engineering laboratory
1
Presentation Outline
•
•
•
•
•
Wireless LAN(WLAN) background knowledge
Denial of Service (DoS) background knowledge
Different kinds of DoS tools and attacks
The threats of DoS over WLAN
The current defending strategies
2
Objectives and Scope
The objective of this Thesis is to
• describe the current research on Denial of
Service (DoS) attacks in Wireless LAN
(WLAN)
• to evaluate the possible solution against
DoS attacks in Wireless LAN
3
WLAN Architecture
4
IEEE 802.11 Standards
• 802.11b is the most popular one, it operates at
speeds of up to 11Mbps in 2.4GHz frequency
band
• 802.11a/g standards operate at up to 54Mbps in
5GHz frequency band
• All of them follow the same MAC layer protocol
• Security is the biggest problem of 802.11
standards.
• Here we concentrate more on 802.11b
5
HIPERLAN & HIPERLAN/2
• Developed by ETSI BRAN
• The purpose is to allow flexible wireless data
networks without the need for an existing wired
infrastrcture
• HIPERLAN type 1 provide 20Mbit/s with 5GHz
range, multimedia application are possible
• HIPERLAN/2 is specified for short range radio
access in 5GHz band for mobile terminals
• High-speed transmission, connection-oriented,
QoS support, security support
• However, it is not widely used worldwide
6
Chinese WLAN standard-WAPI (1)
• WLAN Authentication and Privacy Infrastructure (WAPI)
is the Chinese proprietary encryption standard for IEEE
802.11
• WAPI addresses weaknesses in the original Wi-Fi
secuirty specification.
• WAPI is similar in IEEE 802.11 standards but different
security protocol,which is called GB 15629.11. However,
WAPI is not part of IEEE 802.11 standards
• The major difference betweeen them is in authentication
and privacy
• WAPI and IEEE 802.11 are not compatible
7
Chinese WLAN standard-WAPI (2)
• WAPI requires both the wireless device(STA)
and the access point (AP) to authenticate
themselves
• The authentication is done by presenting their
public key based certificate to a third party
• Once both the STA and the AP are
authenticated, an Encryption Negotiation
process is started
8
DoS attacks (1)
• ISO 7498-2 defines DoS as ”The prevention of
authorized access to resources or the delaying
of time critical operations.”
• DoS is a threat that prevents legitimate users
getting access to the information or resource
that they need
• According to CERT/CC (CERT Coordination
Center) report, DoS incidents grew at a rate
around 50% per year greater than growth of
Internet hosts
• DoS attacks over the Internet can be target at a
user, a host computer or a network
9
DoS attack (2)
In a DoS attack, an attacker attempts
• To inhibit legitmate network traffic by
flooding the network with useless traffic
• To deny access to a service by disrupting
connections between two parties
• To block the access of a particular
individual to a service
• To disrupt the specific system or service
itself
10
Distributed DoS(DDoS)
• A new form of DoS, also called multiple DoS
• A multitude of compromised system attack a
single target
• In order to facilitate DDoS, the attacker needs to
have thousands of compromised hosts, the
process is automated
• DDoS attacks become more effective and
difficult to prevent
• Common DDoS tools: Trinoo, TFN, Stacheldraht
11
DoS attacking tools
• Trinoo
• Stacheldraht
12
Trinoo
• Trinoo is not a virus, but an attack tool released in late
December 1999 that performs a distributed Denial of
Service attack. Trinoo daemons were originally found in
Solaris 2.x systems.
•
Trinoo also has a client component that is used to
control the master component. This lets the hacker
control multiple master components remotely. The client
can communicate with the master component by sending
various commands.
13
Trinoo architecture
attacker
master
daemon
attacker
master
daemon
daemon
master
daemon
daemon
14
Stacheldraht (German for ”barbed
wire”) (1)
• Adds encryption between the communication of
the attacker and masters; adds automated
update of agents
15
Stacheldraht (2)
• The methods used to install the handler/agent
will be the same as installing any program on a
compromised UNIX system
• Ability to upgrade the agents on demand.
Employs “rcp” command using a stolen account
at some site as a cache.
16
Stacheldraht Network
client
client
handler
agent
handler
agent
agent
handler
agent
agent
17
DoS is a big WLAN issue
• To initiate a DoS attack, the attacker sends a
continuous stream of meaningless information to
access points (APs) in WLAN
• It causes WLAN unusable
• DoS over WLAN may be as simple as RF
generator in 2.4GHz band to aim the RF channel
• DoS over WLAN may also be sophisticated as
spoofing 802.11 disassociation management
frames to wireless terminals
18
Brute force
DoS attacks are mainly implemented by
Brute force
There are two forms of brute force:
- Packet-based brute force attack
It brings significant overhead of network
- Very strong radio signals
Disrupt the network
19
Brute force implementation
• Packet-based brute force attack:
- use other computers on the network to send
useless packets all the time
• Very strong radio signals
- use a very powerful transmitter in a relatively
close range
However, the use of very strong radio signal is
risky because the WLAN owners can find the
attacker by AirMagnet tool.
20
Types of DoS attacks over
WLAN(1)
DoS attacks target many different layers of
the wireless network
• Application layer(~OSI layer 7)
- sending large amount of legitimate
requests to an application
• Transport layer(~OSI layer 4)
- sending many TCP connection requests
to a host
21
Types of DoS attacks over
WLAN(2)
• Network layer (~OSI layer 3)
- conducted by sending a large amount of
IP data to a network
• Data link layer (~OSI layer 2)
- data link attacks are launched to disable
the ability of hosts to access the local
network.
- target either a host or a network
22
Types of DoS attacks over
WLAN(3)
• Physical layer( ~OSI layer 1)
- ”backhoe attack”, a heavy-equipment
operator accidentally cut a communication
cable, take down services potentially
- creating a device that produces lots of
noise at 2.4GHz frequency is both easy
and cheap
- Cordless phones have the capability to
take an 802.11 network offline
23
2.4GHz or 5GHz freuqncy??
• 2.4GHz WLANs can experience interference
from cordless phones, microwaves...and 5GHz
system is relatively free from interfering sources.
• Interoperability: 2.4G and 5GHz systems are not
directly compatible.
• 5GHz systems can provide enhanced security
over 2.4GHz systems because of less range.
• Densely-populated environments and multimedia applications will benefit from the use of
5GHz. 2.4GHz products are inexpensive and
capable of supporting most application
requirements.
24
Defenses(1)
• Network Ingress and Egress Filtering
• Rate limiting and Unicast reverse path
forwarding (ip verify unicast reverse_path, rate
limit)
• Audit Hosts for DDoS tools (find_dos)
• Audit Networks for DDoS tools (RID)
• Have an Incident Response Team (IRT)
• Have/enforce policies
• Buy Insurance !
25
Defenses (2)
• Both technical and management solutions
are put into considerations
• Wi-Fi Protected Access(WPA) is a new
WLAN security standard for 802.11
networks which is comprised of Temporal
Key Integrity Protocol(TKIP) encryption
and 802.1x technolgy.
• However, WPA is vulnerable to DoS
attacks.
26
Defenses (3)
The ways to respond to a DoS attack:
• Absorb the attack
- plans additional capacity before an attack
begins
• Degrade services
-noncritical services can be degraded, or disable
them if necessary
• Shut down services
- Shut down services until the attack has
subsided
27
Defenses (4)
•
•
•
•
•
The fundamental protection solutions against
DoS:
updating firewalls
installing up-to-date patches
turn off network services when they are not in
use
deploy DoS detection tools, such as AirDefense,
AirMagnet
perform extensive site surveys before deploying
APs
28
Conclusions (1)
• There is no comprehensive solution
against DoS attacks over WLAN currently
• Take external coutnermeasures, such as
tracing the attacks, enforcing related law,
and enterprise usage policy systems
• 5GHz range networks are both practical
and market-rewarding
29
Conclusion (2)
• WLANs are not as vulnerable as the wired
LAN to the DoS attacks
• If attackers cut down the power of the
wired LAN, all the wired networks are
down
• However, WLAN can be switched to the ad
hoc configuration with laptops or other
battery powered computers
30
Future research works
• Simulation study and countermeasure
policies by using Ethernet to construct
environment for testing DoS behaviors
over WLAN
• How to develop and integrate an effective
wireless security policy in an enterprise
• New technologies, such as DNA
fingerprints, may improve the network
authentication
31
Related documents
How to Efficiently Communicate When Your Network is Under Attack
How to Efficiently Communicate When Your Network is Under Attack
dos_nanog
dos_nanog
Chabot College January 1995 Removed Fall 2006
Chabot College January 1995 Removed Fall 2006
Denial of Service Attacks
Denial of Service Attacks
Download
advertisement