Specifications
OmniAccess Reference: AOS-W System Reference
312 Part 031652-00 May 2005
Such an attack also enables other attacks that can learn a user’s authentication
credentials. Man-in-the-middle attacks often rely on a number of different
vulnerabilities.
MAC Spoofing
MAC address spoofing is a typical attack on a wireless LAN in which an
attacker will spoof the MAC address of a currently active valid client in an
attempt to be granted that client’s access privileges. The AirJack driver for
Linux allows easy access to such an attack.
To configure detection of MAC address spoofing, navigate to Configuration >
Wireless LAN Intrusion Detection > Man-in-the-Middle > MAC Spoofing
as shown in
the figure below.
FIGURE 15-4 MAC Spoofing
The equivalent CLI configuration for the above example is:
wms
station-policy detect-sta-impersonation enable
Station Disconnection Detection
Spoofed deauthenticate frames form the basis for most denial of service
attacks, as well as the basis for many other attacks such as man-in-the-middle.
A Linux driver called AirJack typically forms the basis for this type of attack,
with tools such as Wireless LAN-Jack and Fata-Jack actually carrying out the
attack. In a station disconnection attack, an attacker spoofs the MAC address
of either an active client or an active AP. The attacker then sends
deauthenticate frames to the target device, causing it to lose its active
association.
To configure detection of station disconnection, navigate to
Configuration >
Wireless LAN Intrusion Detection > Man-in-the-Middle > Disconnect Station
, as
shown in the figure below.