maanas godugunur shashank parab sampada karandikar
Post on 12-Jan-2016
227 Views
Preview:
TRANSCRIPT
MAANAS GODUGUNURSHASHANK PARABSAMPADA KARANDIKAR
Introduction to 802.11 Introduce DoSDescription of Attacks on OSI modelStudy of DDoSCase Study of Attack ToolsPrevention and ResponseAttack Prevention Tools
802.11 wireless networks is one of the most attractive and fast growing networks.
Easy and fast deployment and installation. Physical and Max data rate specification
802.11b, using the 2.4 GHz radio spectrum and 11 Mbps max data rate.
802.11a, using the 5 GHz radio spectrum and 54 Mbps max data rate.
802.11g, using the 2.4 GHz radio spectrum and 54 Mbps max data rate.
Security 802.11i Wireless Robust Security Network. This standard
defines the wireless network security protocols.
Strong mutual authentication : The client and access point must cryptographically prove their identities to each other.
Messages must have data origin protection : It must be possible to prove that sender of a message is genuine and not a man-in-the-middle.
Messages must have data integrity protection :It must be possible to prove that messages are not altered in transit.
Messages must have confidentiality :The contents of messages must only be viewable by the sender and receiver.
Denial of Service Absence of availability
Distributed Denial of Service Problem with detection
Why is DoS in WLAN interesting? Wireless applications are demonstrating
exponential growth.
Jamming
Physical tampering
Collision
Corrupted ACK control message
Disassociation attacks
Duration field in RTS and CTS frames distribute Medium Reservation information which is stored in a Net Allocation Vector (NAV).
Defer on either NAV or “CCA” indicating Medium Busy
CSMA/CA : minimizes the likelihood of two devices transmitting simultaneously.
An attack against this vulnerability exploits the CCA function at the physical layer
Causes all WLAN nodes within range, both clients and access points (AP), to defer transmission of data for the duration of the attack.
When under attack, the device behaves as if the channel is always busy, preventing the transmission of any data over the wireless network.
The gradient portion of the attacker’s frame indicates time reserved by the duration field although no data is actually sent. Continually sending the attack frames back to back prevents other nodes from sending legitimate frames.
Flood the victim’s incoming buffers with a large number of queries or data so that the victim’s access to the network is crippled.
Different protocols used to cause flooding attacks
ICMP DNS
Reflector is any IP host that will return a packet if sent a packet. Attacker first locates a very large
number of reflectors. They orchestrate their slaves to send to
the reflectors spoofed traffic purportedly coming from the victim, V.
The reflectors will in turn generate traffic from themselves to V.
1) File2Air File2Air packet injector mainly used for sending
deauthentication packets to the router.
2) WLAN-jacka) Use MAC address of Access Pointb) Send deauthentication framesc) Send continuouslyd) Send to broadcast address or specific MACe) Users are unable to reassociate with AP
Discard out of order segments
Emergency block of IP addresses for critical servers with a separate route
Extremely resilient packet filter
Firewalls like Cisco PIX have a built in capability to differentiate DoS traffic from good traffic.
Switches and Routers should have some rate limiting or ACL capability
ASIC based Intrusion Prevention System
Have the granularity to analyze the attacks and act like a circuit breaker in an automated way
Prevention via Proactive Testing.
Kismet 802.11 layer2 wireless network detector, sniffer, and intrusion
detection system. Can sniff 802.11b, 802.11a, and 802.11g traffic.
Snort Open source network intrusion prevention and detection system Utilizes a rule-driven language, which combines the benefits of
signature, protocol and anomaly based inspection methods
Tweety Coaster Little Lady Baby DDoS Shield Works on a concept of different accessing time by human visitor and
bot attacker. Can set it up minimum average time between one visitor visits and
maximum visits in minimum time.
top related