Wireless Network Security Issues

Overview

• Sudden disconnections from a wireless network without warning could indicate a wireless deauthentication attack.
• This attack is a form of denial of service, disconnecting users from the network.

Deauthentication Attack

• Main Vulnerability:
  • Relates to management frames (connectivity, management, and disconnection between device and access point) in 802.11 specification.
  • Earlier 802.11 versions had no security for these management frames; they were unencrypted.
• Packet Capture Demonstration:
  • Management frames are visible and in the clear, showing addresses and network parameters (SSID, supported rates, etc.).
• Conducting the Attack:
  • Requires the MAC address of the target device.
  • Utilizes tools like arrowdump-ng for listing access points and devices.
  • Uses airreplay-ng to send deauthentication frames to disconnect a targeted device.

IEEE 802.11 Specification Updates

• 802.11ac and Newer:
  • Management frames like disassociate and deauthenticate are now encrypted.
  • Some frames (beacons, probes) remain unencrypted for initial network connection.

Radio Frequency (RF) Jamming

• Another form of denial of service affecting all devices within signal range.
• Causes:
  • Interference from devices like microwave ovens or fluorescent lights.
  • Deliberate interference by attackers sending noise or legitimate frames.
• Methods:
  • Constant or random data transmission to disrupt communication.
  • Reactive jamming, increasing interference when network activity is detected.

Detection and Mitigation

• Fox Hunting:
  • Locating jamming sources using directional antennas and attenuators to track down signal origins.
• Importance:
  • Requires local proximity to the access point by the attacker.
  • Effective fox hunting can triangulate and mitigate jamming sources.