MAANAS GODUGUNURSHASHANK PARABSAMPADA KARANDIKAR

Introduction to 802.11 Introduce DoSDescription of Attacks on OSI modelStudy of DDoSCase Study of Attack ToolsPrevention and ResponseAttack Prevention Tools

802.11 wireless networks is one of the most attractive and fast growing networks.

Easy and fast deployment and installation. Physical and Max data rate specification

802.11b, using the 2.4 GHz radio spectrum and 11 Mbps max data rate.

802.11a, using the 5 GHz radio spectrum and 54 Mbps max data rate.

802.11g, using the 2.4 GHz radio spectrum and 54 Mbps max data rate.

Security 802.11i Wireless Robust Security Network. This standard

defines the wireless network security protocols.

Strong mutual authentication : The client and access point must cryptographically prove their identities to each other.

Messages must have data origin protection : It must be possible to prove that sender of a message is genuine and not a man-in-the-middle.

Messages must have data integrity protection :It must be possible to prove that messages are not altered in transit.

Messages must have confidentiality :The contents of messages must only be viewable by the sender and receiver.

Denial of Service Absence of availability

Distributed Denial of Service Problem with detection

Why is DoS in WLAN interesting? Wireless applications are demonstrating

exponential growth.

Jamming

Physical tampering

Collision

Corrupted ACK control message

Disassociation attacks

Duration field in RTS and CTS frames distribute Medium Reservation information which is stored in a Net Allocation Vector (NAV).

Defer on either NAV or “CCA” indicating Medium Busy

CSMA/CA : minimizes the likelihood of two devices transmitting simultaneously.

An attack against this vulnerability exploits the CCA function at the physical layer

Causes all WLAN nodes within range, both clients and access points (AP), to defer transmission of data for the duration of the attack.

When under attack, the device behaves as if the channel is always busy, preventing the transmission of any data over the wireless network.

The gradient portion of the attacker’s frame indicates time reserved by the duration field although no data is actually sent. Continually sending the attack frames back to back prevents other nodes from sending legitimate frames.

Flood the victim’s incoming buffers with a large number of queries or data so that the victim’s access to the network is crippled.

Different protocols used to cause flooding attacks

ICMP DNS

Reflector is any IP host that will return a packet if sent a packet. Attacker first locates a very large

number of reflectors. They orchestrate their slaves to send to

the reflectors spoofed traffic purportedly coming from the victim, V.

The reflectors will in turn generate traffic from themselves to V.

1) File2Air File2Air packet injector mainly used for sending

deauthentication packets to the router.

2) WLAN-jacka) Use MAC address of Access Pointb) Send deauthentication framesc) Send continuouslyd) Send to broadcast address or specific MACe) Users are unable to reassociate with AP

Discard out of order segments

Emergency block of IP addresses for critical servers with a separate route

Extremely resilient packet filter

Firewalls like Cisco PIX have a built in capability to differentiate DoS traffic from good traffic.

Switches and Routers should have some rate limiting or ACL capability

ASIC based Intrusion Prevention System

Have the granularity to analyze the attacks and act like a circuit breaker in an automated way

Prevention via Proactive Testing.

Kismet 802.11 layer2 wireless network detector, sniffer, and intrusion

detection system. Can sniff 802.11b, 802.11a, and 802.11g traffic.

Snort Open source network intrusion prevention and detection system Utilizes a rule-driven language, which combines the benefits of

signature, protocol and anomaly based inspection methods

Tweety Coaster Little Lady Baby DDoS Shield Works on a concept of different accessing time by human visitor and

bot attacker. Can set it up minimum average time between one visitor visits and

maximum visits in minimum time.