Professional Documents
Culture Documents
Wireless Core
Wireless Core
Wireless Core
Presentation Outline
WLAN Architecture
Distributed DoS(DDoS)
A new form of DoS, also called multiple DoS
A multitude of compromised system attack a
single target
In order to facilitate DDoS, the attacker needs to
have thousands of compromised hosts, the
process is automated
DDoS attacks become more effective and
difficult to prevent
Common DDoS tools: Trinoo, TFN, Stacheldraht
11
12
Trinoo
Trinoo is not a virus, but an attack tool released in late
December 1999 that performs a distributed Denial of
Service attack. Trinoo daemons were originally found in
Solaris 2.x systems.
13
Trinoo architecture
attacker
master
daemon
attacker
master
daemon
daemon
master
daemon
daemon
14
15
Stacheldraht (2)
The methods used to install the handler/agent
will be the same as installing any program on a
compromised UNIX system
Ability to upgrade the agents on demand.
Employs rcp command using a stolen account
at some site as a cache.
16
Stacheldraht Network
client
handler
agent
client
handler
agent
agent
handler
agent
agent
17
Brute force
DoS attacks are mainly implemented by
Brute force
There are two forms of brute force:
- Packet-based brute force attack
It brings significant overhead of network
- Very strong radio signals
Disrupt the network
19
Defenses(1)
Network Ingress and Egress Filtering
Rate limiting and Unicast reverse path
forwarding (ip verify unicast reverse_path, rate
limit)
Audit Hosts for DDoS tools (find_dos)
Audit Networks for DDoS tools (RID)
Have an Incident Response Team (IRT)
Have/enforce policies
Buy Insurance !
25
Defenses (2)
Both technical and management solutions
are put into considerations
Wi-Fi Protected Access(WPA) is a new
WLAN security standard for 802.11
networks which is comprised of Temporal
Key Integrity Protocol(TKIP) encryption
and 802.1x technolgy.
However, WPA is vulnerable to DoS
attacks.
26
Defenses (3)
The ways to respond to a DoS attack:
Absorb the attack
- plans additional capacity before an attack
begins
Degrade services
-noncritical services can be degraded, or disable
them if necessary
Shut down services
- Shut down services until the attack has
subsided
27
Defenses (4)
Conclusions (1)
There is no comprehensive solution
against DoS attacks over WLAN currently
Take external coutnermeasures, such as
tracing the attacks, enforcing related law,
and enterprise usage policy systems
5GHz range networks are both practical
and market-rewarding
29
Conclusion (2)
WLANs are not as vulnerable as the wired
LAN to the DoS attacks
If attackers cut down the power of the
wired LAN, all the wired networks are
down
However, WLAN can be switched to the
ad hoc configuration with laptops or other
battery powered computers
30