User's Manual

ManualsBrandsRiverbed Technology ManualsElectronicsXirrus Wireless Array

341

342

343

344

345

346

347

348

349

350

Table Of Contents

Wireless Array

Configuring the Wireless Array 329

 Denial of Service (DoS) or Availability Attack Detection

A DoS attack attempts to flood an Array with communications requests

so that it cannot respond to legitimate traffic, or responds so slowly that it

becomes effectively unavailable. The Array can detect a number of types

of DoS attacks, as described in the table below.

 Impersonation Detection

These malicious attacks use various techniques to impersonate a

legitimate AP or station, often in order to eavesdrop on wireless

communications. The Array detects a number of types of impersonation

attacks, as described in the table below.

Type of Attack Description

DoS Attacks

Beacon Flood Generating thousands of counterfeit 802.11 beacons to

make it hard for stations to find a legitimate AP.

Probe Request

Flood

Generating thousands of counterfeit 802.11 probe requests

to overburden the Array.

Authentication

Flood

Sending forged Authenticates from random MAC

addresses to fill the Array's association table.

Association

Flood

Sending forged Associates from random MAC addresses

to fill the Array's association table.

Disassociation

Flood

Flooding the Array with forged Disassociation packets.

Deauthentication

Flood

Flooding the Array with forged Deauthenticates.

EAP Handshake

Flood

Flooding an AP with EAP-Start messages to consume

resources or crash the target.

Null Probe

Response

Answering a station probe-request frame with a null SSID.

Many types of popular NIC cards cannot handle this

situation, and will freeze up.