DENIAL OF SERVICE IN WIRELESS NETWORKS

1
DENIAL OF SERVICEIN WIRELESS NETWORKS

• MAANAS GODUGUNURSHASHANK PARABSAMPADA
  KARANDIKAR

2
OUTLINE

• Introduction to 802.11
• Introduce DoS
• Description of Attacks on OSI model
• Study of DDoS
• Case Study of Attack Tools
• Prevention and Response
• Attack Prevention Tools

3
INTRODUCTION TO 802.11

• 802.11 wireless networks is one of the most
  attractive and fast growing networks.
• Easy and fast deployment and installation.
• Physical and Max data rate specification
• 802.11b, using the 2.4 GHz radio spectrum and 11
  Mbps max data rate.
• 802.11a, using the 5 GHz radio spectrum and 54
  Mbps max data rate.
• 802.11g, using the 2.4 GHz radio spectrum and 54
  Mbps max data rate.
• Security
• 802.11i Wireless Robust Security Network. This
  standard defines the wireless network security
  protocols.

4
ESSENTIAL TO 802.11 SECURITY ..

• Strong mutual authentication The client and
  access point must cryptographically prove their
  identities to each other.
• Messages must have data origin protection It
  must be possible to prove that sender of a
  message is genuine and not a man-in-the-middle.
• Messages must have data integrity protection It
  must be possible to prove that messages are not
  altered in transit.
• Messages must have confidentiality The
  contents of messages must only be viewable by the
  sender and receiver.

5
ABOUT DoS.

• Denial of Service
• Absence of availability
• Distributed Denial of Service
• Problem with detection
• Why is DoS in WLAN interesting?
• Wireless applications are demonstrating
  exponential growth.

6
ATTACKS ON LAYERS OF OSI MODEL
7
PHYSICAL LAYER

• Jamming
• Physical tampering

8
LINK LAYER

• Collision
• Corrupted ACK control message
• Disassociation attacks

9
Data transfer initiation in 802.11

• Duration field in RTS and CTS frames distribute
  Medium Reservation information which is stored in
  a Net Allocation Vector (NAV).
• Defer on either NAV or CCA indicating Medium
  Busy

10
MAC LAYER

• CSMA/CA minimizes the likelihood of two
  devices transmitting simultaneously.
• An attack against this vulnerability exploits the
  CCA function at the physical layer
• Causes all WLAN nodes within range, both clients
  and access points (AP), to defer transmission of
  data for the duration of the attack.
• When under attack, the device behaves as if the
  channel is always busy, preventing the
  transmission of any data over the wireless
  network.

11
DE-AUTHENTICATION ATTACK
12
VIRTUAL CARRIER SENSE ATTACKS
The gradient portion of the attackers frame
indicates time reserved by the duration field
although no data is actually sent. Continually
sending the attack frames back to back prevents
other nodes from sending legitimate frames.
13
TRANSPORT LAYER

• Flood the victims incoming buffers with a large
  number of queries or data so that the victims
  access to the network is crippled.
• Different protocols used to cause flooding
  attacks
• ICMP
• DNS

14
STRUCTURE OF DDoS
15
REFLECTOR ATTACKS

• Reflector is any IP host that will return a
  packet if sent a packet.
• Attacker first locates a very large number of
  reflectors.
• They orchestrate their slaves to send to the
  reflectors spoofed traffic purportedly coming
  from the victim, V.
• The reflectors will in turn generate traffic from
  themselves to V.

16
REFLECTOR ATTACKS
17
CASE STUDY WIRELESS DoS ATTACK TOOLS

• 1) File2Air
• File2Air packet injector mainly used for
  sending deauthentication packets to the router.

18
CASE STUDY WIRELESS DoS ATTACK TOOLS

• 2) WLAN-jack
• a) Use MAC address of Access Point
• b) Send deauthentication frames
• c) Send continuously
• d) Send to broadcast address or specific MAC
• e) Users are unable to reassociate with AP

19
PREVENTION RESPONSE

• Discard out of order segments
• Emergency block of IP addresses for critical
  servers with a separate route
• Extremely resilient packet filter
• Firewalls like Cisco PIX have a built in
  capability to differentiate DoS traffic from good
  traffic.
• Switches and Routers should have some rate
  limiting or ACL capability

20
PREVENTION RESPONSE

• ASIC based Intrusion Prevention System
• Have the granularity to analyze the attacks and
  act like a circuit breaker in an automated way
• Prevention via Proactive Testing.

21
ATTACK PREVENTION TOOLS

• Kismet
• 802.11 layer2 wireless network detector, sniffer,
  and intrusion detection system.
• Can sniff 802.11b, 802.11a, and 802.11g traffic.
• Snort
• Open source network intrusion prevention and
  detection system
• Utilizes a rule-driven language, which combines
  the benefits of signature, protocol and anomaly
  based inspection methods
• Tweety Coaster Little Lady Baby DDoS Shield
• Works on a concept of different accessing time by
  human visitor and bot attacker.
• Can set it up minimum average time between one
  visitor visits and maximum visits in minimum
  time.

22
THANK YOU