WLAN guerilla, various attacks with DoS effect

WLAN guerilla, various attacks with DoS effect
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
WLAN guerilla, various attacks with DoS effect keme 04-04-2005
Posted by keme on April 4, 2005, 3:06 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I am the IT manager in a school where many students use their own portables.
Every so often an alien WLAN service (not our SSID) turns up, with a fake
MAC address. The MAC address changes frequently (from 5 min. down to 10 sec.
intervals). Normally they appear as "peer to peer" but also occasionally as
"infrastructure" (access point).
This has three distinct effects on our network:
- The fake network has a stronger signal than access points, so new clients
will associate to a "no service" network.
- The fake network jams other radio channels, effectively blocking ordinary
traffic for those already associated to an access point.
- For each new MAC address used, one IP address is taken from our DHCP pool.

I have done some searches, and it looks like the tools needed for this
activity can be found on a linux ("knoppix") CD named "Net auditor".

The DHCP lease time is reduced to a minimum, to reduce the lasting effect of
DHCP drain (due to policy imposed from school authorities we cannot use NAT,
so using large "private" address ranges is not an option). I use Ethereal
and Netstumbler for data collection and attempting "radio search", but I
have far from sufficient resources to fight the problem from this end. From
reactions to my search activity I have concluded that the culprit is a
student (or group af students), but that's about as far as I get. I have
informed the student body about the gist of my findings, to make use of the
"street justice", as it were...

Any suggestions for tools and alternate approaches? I find NetStumbler is a
fairly useful program, but it has its shortcomings , and so does Ethereal
(no surprise, them being free software apps developed for slightly different
purpose). All input is welcome.




Posted by keme on April 8, 2005, 1:19 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

keme skrev i meldingen ...
....
>From
>reactions to my search activity I have concluded that the culprit is a
>student (or group af students), but that's about as far as I get. I have
>informed the student body about the gist of my findings, to make use of the
>"street justice", as it were...
....

The "social engineering" seems to have had an effect (or maybe the culprits
are just bored with this, and planning something else...). The problem is
much smaller than it was, but still occurs sometimes (2-3 times a week, up
to 10 min activity, affecting the network for about 40 minutes).

Any input is still welcome




Similar ThreadsPosted
DEF CON 14 is now in effect! The Call for Papers is open. February 22, 2006, 9:21 pm
Man in the middle in Wlan October 13, 2005, 9:49 am
state of wlan August 23, 2007, 2:13 am
go phish attacks November 6, 2004, 5:21 am
reporting attacks? February 20, 2005, 9:42 am
Working of some DOS attacks July 15, 2005, 2:45 am
SQL Injection Attacks by Example June 7, 2006, 7:05 pm
Defend Your PC Against Video Attacks November 19, 2005, 4:41 pm
constant attacks - whom to contact? June 22, 2006, 4:22 pm
Multi stage attacks on networks? April 29, 2004, 4:40 pm

The site map in XML format XML site map

Contact Us | Privacy Policy