Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

DENIAL OF SERVICE IN WIRELESS NETWORKS

advertisement

MAANAS GODUGUNUR

SHASHANK PARAB

SAMPADA KARANDIKAR

Introduction to 802.11

Introduce DoS

Description of Attacks on OSI model

Study of DDoS

Case Study of Attack Tools

Prevention and Response

Attack Prevention Tools

802.11 wireless networks is one of the most attractive and fast growing networks.

Easy and fast deployment and installation.

Physical and Max data rate specification

 802.11b, using the 2.4 GHz radio spectrum and 11 Mbps max data rate.

802.11a, using the 5 GHz radio spectrum and 54 Mbps max data rate.

802.11g, using the 2.4 GHz radio spectrum and 54 Mbps max data rate.

Security

802.11i Wireless Robust Security Network. This standard defines the wireless network security protocols.

 Strong mutual authentication : The client and access point must cryptographically prove their identities to each other.

 Messages must have data origin protection : It must be possible to prove that sender of a message is genuine and not a man-in-themiddle.

 Messages must have data integrity protection :It must be possible to prove that messages are not altered in transit.

 Messages must have confidentiality :The contents of messages must only be viewable by the sender and receiver.

Denial of Service

Absence of availability

Distributed Denial of Service

Problem with detection

Why is DoS in WLAN interesting?

Wireless applications are demonstrating exponential growth.

Jamming

Physical tampering

Collision

Corrupted ACK control message

Disassociation attacks

Duration field in RTS and CTS frames distribute Medium

Reservation information which is stored in a Net Allocation

Vector (NAV).

Defer on either NAV or “CCA” indicating Medium Busy

CSMA/CA : minimizes the likelihood of two devices transmitting simultaneously.

An attack against this vulnerability exploits the CCA function at the physical layer

Causes all WLAN nodes within range, both clients and access points (AP), to defer transmission of data for the duration of the attack.

When under attack, the device behaves as if the channel is always busy, preventing the transmission of any data over the wireless network.

The gradient portion of the attacker’s frame indicates time reserved by the duration field although no data is actually sent. Continually sending the attack frames back to back prevents other nodes from sending legitimate frames.

Flood the victim’s incoming buffers with a large number of queries or data so that the victim’s access to the network is crippled.

Different protocols used to cause flooding attacks

ICMP

DNS

Reflector is any IP host that will return a packet if sent a packet.

Attacker first locates a very large number of reflectors.

They orchestrate their slaves to send to the reflectors spoofed traffic purportedly coming from the victim, V.

The reflectors will in turn generate traffic from themselves to V.

1) File2Air

File2Air packet injector mainly used for sending deauthentication packets to the router.

2) WLAN-jack a) Use MAC address of Access Point b) Send deauthentication frames c) Send continuously d) Send to broadcast address or specific MAC e) Users are unable to reassociate with AP

Discard out of order segments

Emergency block of IP addresses for critical servers with a separate route

Extremely resilient packet filter

Firewalls like Cisco PIX have a built in capability to differentiate DoS traffic from good traffic.

Switches and Routers should have some rate limiting or ACL capability

 ASIC based Intrusion Prevention System

 Have the granularity to analyze the attacks and act like a circuit breaker in an automated way

 Prevention via Proactive Testing.

Kismet

802.11 layer2 wireless network detector, sniffer, and intrusion detection system.

Can sniff 802.11b, 802.11a, and 802.11g traffic.

Snort

Open source network intrusion prevention and detection system

 Utilizes a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods

Tweety Coaster Little Lady Baby DDoS Shield

 Works on a concept of different accessing time by human visitor and bot attacker.

Can set it up minimum average time between one visitor visits and maximum visits in minimum time.

Related documents
How to Efficiently Communicate When Your Network is Under Attack
How to Efficiently Communicate When Your Network is Under Attack
Click here to view the document.
Click here to view the document.
WAEA
WAEA
ZigBee Based Intelligent Helmet for Coal Miners
ZigBee Based Intelligent Helmet for Coal Miners
Dr. Luk R. Arnaut
Dr. Luk R. Arnaut
Wireless structural health monitoring system(Literature review
Wireless structural health monitoring system(Literature review
wireless - Home and Learn
wireless - Home and Learn
Chapter 10
Chapter 10
Networking Lecture
Networking Lecture
Review Questions
Review Questions
Add dual-band Wireless-AC connectivity Versatile
Add dual-band Wireless-AC connectivity Versatile
Document
Document
Download
advertisement