May 2, 2005

Detecting DOS attacks on your WLAN

Detecting DOS attacks on your WLAN
With the release of the remote-exploit auditor many would be hackers have access to some easy to use WLAN denial of service application. Tools such as void11_penetration can be used to generate extra traffic to attempt a WEP key crack, to hijack one of your WLAN clients for a man in the middle attack or to simply deny access to your WLAN. All the attacker needs is a copy of the bootable auditor CD and a compatible wireless card
Void11 can either flood the WLAN with deauthentication packets and a spoofed access point BSSID causing station associated to the actual access point to drop their connection or flood access points with authentication packets from random stations causing the access point to quickly overload and deny client connections.

So how can you detect if someone is running these tools against your network?
The best way is to use the AirMagnet wireless lan analyzer

The screen capture below shows a void11 de-auth attack in progress.
Notice the tool both detected a spoofed MAC address and the actual attack signature.


If you click on the warning message AirMagnet explains what is happening and how to stop the attack.


By using the find tool you can quickly locate the computer launching the attack and shut it down.

Posted 5 years, 9 months ago on May 2, 2005
The trackback url for this post is http://www.keenansystems.com/newug/bblog/bblog/trackback.php/30/

Comments have now been turned off for this post