User's Manual
Table Of Contents
- Table of Contents
- List of Figures
- Introduction
- Installing the Wireless Array
- Installation Prerequisites
- Planning Your Installation
- Installation Workflow
- Installing Your Wireless Array
- Powering Up the Wireless Array
- Establishing Communication with the Array
- Entering the License
- Performing the Express Setup Procedure
- The Web Management Interface
- Viewing Status on the Wireless Array
- Configuring the Wireless Array
- Express Setup
- Network
- Services
- VLANs
- Tunnels
- Security
- SSIDs
- Groups
- IAPs
- WDS
- Filters
- Clusters
- Using Tools on the Wireless Array
Wireless Array
330 Configuring the Wireless Array
MIC Error Attack Generating invalid TKIP data to exceed the Array's MIC
error threshold, suspending WLAN service.
Disassociation
Attack (Omerta)
Sending forged disassociation frames to all stations on a
channel in response to data frames.
Deauthentication
Attack
Sending forged deauthentication frames to all stations on
a channel in response to data frames.
Duration Attack
(Duration Field
Spoofing)
Injecting packets into the WLAN with huge duration
values. This forces the other nodes in the WLAN to keep
quiet, since they cannot send any packet until this value
counts down to zero. If the attacker sends such frames
continuously it silences other nodes in the WLAN for long
periods, thereby disrupting the entire wireless service.
Impersonation Attacks
AP
impersonation
Reconfiguring an attacker's MAC address to pose as an
authorized AP. Administrators should take immediate
steps to prevent the attacker from entering the WLAN.
Station
impersonation
Reconfiguring an attacker's MAC address to pose as an
authorized station. Administrators should take immediate
steps to prevent the attacker from entering the WLAN.
Evil twin attack Masquerading as an authorized AP by beaconing the
WLAN's service set identifier (SSID) to lure users.
Sequence
number anomaly
A sender may use an Add Block Address request (ADDBA
- part of the Block ACK mechanism) to specify a sequence
number range for packets that the receiver can accept.
An attacker spoofs an ADDBA request, asking the receiver
to reset its sequence number window to a new range. This
causes the receiver to drop legitimate frames, since their
sequence numbers will not fall in that range.
Type of Attack Description