358
DWS-1008 User’s Manual
D-Link Systems, Inc.
Rogue Detection and Countermeasures
•
Fake AP
- A rogue device sends beacon frames for randomly generated SSIDs or
BSSIDs. This type of attack can cause clients to become confused by the presence
of so many SSIDs and BSSIDs, and thus interferes with the clients’ ability to connect
to valid APs. This type of attack can also interfere with RF Auto-Tuning when an AP is
trying to adjust to its RF neighborhood.
•
SSID masquerade
- A rogue device pretends to be a legitimate AP by sending beacon
frames for a valid SSID serviced by APs in your network. Data from clients that associate
with the rogue device can be accessed by the hacker controlling the rogue device.
•
Spoofed AP
- A rogue device pretends to be a D-Link AP by sending packets with the
source MAC address of the D-Link AP. Data from clients that associate with the rogue
device can be accessed by the hacker controlling the rogue device.
Note:
MSS detects a spoofed AP attack based on the fingerprint of the spoofed AP. Packets
from the real AP have the correct signature, while spoofed packets lack the signature.
Netstumbler and Wellenreiter Applications
Netstumbler and Wellenreiter are widely available applications that hackers can use to gather
information about the APs in your network, including location, manufacturer, and encryption
settings.
Wireless Bridge
A wireless bridge can extend a wireless network outside the desired area. For example,
someone can place a wireless bridge near an exterior wall to extend wireless coverage out
into the parking lot, where a hacker could then gain access to the network.
Ad-Hoc Network
An ad-hoc network is established directly among wireless clients and does not use the
infrastructure network (a network using an AP). An Ad-hoc network might not be an intentionally
malicious attack on the network, but it does steal bandwidth from your infrastructure users.
Weak WEP Key Used by Client
A weak initialization vector (IV) makes a WEP key easier to hack. MSS alerts you regarding
clients who are using weak WEP IVs so that you can strengthen the encryption on these
clients or replace the clients.
Summary of Contents for DWS-1008
Page 1: ......