Results (
Vietnamese) 1:
[Copy]Copied!
Most WLAN interference is accidental. While anattacker could use a high-powered RF signalgenerator to "jam" transmissions, there are manyless expensive ways to intentionally DoS yourWLAN. For example: 802.11 Control frames can be used to "busy out"a channel so that no other station can transmit.Entering this continuous transmit mode is knownas a Queensland DoS attack. 802.11 Deauthenticate frames can be used todisconnect an individual station, or every stationassociated with a given AP. Sending a continuousstream of these forged frames is known as aDeauth Flood. 802.11 Associate frames consume AP resourcesby creating entries in the AP's association table.Flooding an AP with Associate frames fromrandom station MAC addresses can make the APtoo busy to service real users. Similar attacks can be launched using forged802.1X packets -- for example, 802.1X EAPLogoff Flood, EAP Start Flood, and EAP-of-Deathattacks. Spoofed Block Acknowledgement control framescan be used to disrupt high-throughput multimediastreams in WLANs that use this new 802.11nfeature. These and many other wireless DoS attacks arepossible because only 802.11 data frames can carrycryptographic integrity check or authenticationcodes used to detect forged messages. Theseattacks can be launched using off-the-shelf wirelesscards and readily-available shareware or open source tools, like airereplay and void11. Theattacker just needs to be close enough to yourWLAN to capture a little traffic to identify victims. Fortunately, most WIPS can recognize these DoSattack signatures. A WIPS can alert you to 802.11or 802.1X floods, based on configured ratethresholds. A WIPS can also help you establish aperformance baseline for your WLAN, so that youcan tune attack thresholds. For example, an Associate Flood alert will be generated when aspecific AP receives more than N Associates perminute, when N depends on the normal userbehavior for your network. In addition, a WIPS can help you spot emergingattack patterns. For example, an attacker mayprecede an Evil Twin attack with a Deauth Flood. A WIPS can help you link these two attacks. Anattacker may move from AP to AP, performingsimilar attacks, from different MAC addresses. AWIPS can help you spot this behavior, generatingan escalated alert that draws more immediateattention to the attack in progress. Without a WIPS, some DoS attacks might be chalked up tointermittent performance problems. A WIPS givesyou the ability to look back to see whethersuspicious or known activity occurred around thetime a WLAN failure was reported. For immediate investigation of an attack on aremote site, put a WIPS agent (i.e., an AP assignedto operate in full-time WIPS mode or a dedicatedsensor) into capture mode. By capturing the attackin progress, you can determine affected systemsand gather evidence to support disciplinary or legal actions. You may also want to put MAC addressesinvolved in past attacks on a "watch list" so thathigh priority alerts can prompt fast action if andwhen the attacker returns. Some WIPS evenimplement anti-DoS "strike back" actions that canbe automatically invoked to reduce the severity or duration of a detected DoS attack. As with interference, a WIPS can help youphysically locate DoS attack sources. However,malicious attackers may not stick around long, soon-site searches may prove futile unless conductedquickly. Furthermore, decide in advance whethersearch staff should attempt to identify the culprit, issue a warning, call security, etc. Remember, theattacker may be operating from a public area, like anearby parking lot, where you really have noauthority. Conclusion These measures can be helpful to spot, diagnose,and respond to radio interference and DoS attacks.But none of these steps can completely insulateyour WLAN. If wireless is critical to your business, create a fallback plan. Wired networks routinelyemploy high-availability measures like link diversity,redundant routers, and uninterruptible powersupplies. Apply this thinking to your WLAN as wellby taking advantage of standard RF interferenceavoidance techniques like Dynamic Frequency Selection (DFS) and considering where, when, andhow wired alternatives would be applied when allwireless remedies have been exhausted.
Being translated, please wait..
