Manualshelf

WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
761762763764765766767768769770
12-58
Wireless Network Management
Configuring Station Intrusion Detection
Configuring Station Intrusion Detection
AP detection protects your network against unauthorized APs. The Wireless Edge
Services zl Module can also guard against hackers who use stations to launch attacks.
Using station intrusion detection, the module monitors stations for suspicious behav-
ior that might indicate an attack such as the following:
Reconnaissance attack—An attacker sends probes to discover APs and the
stations that are associating with those APs. Using the information discovered,
the attacker can launch additional attacks.
Association flood attack—An attacker spoofs multiple clients, sending so many
association requests that the AP cannot handle them all. The AP begins to deny
additional associations.
Disassociation flood attack—After launching a reconnaissance attack, the
attacker identifies the stations attached to a particular AP. The attacker then
masquerades as the AP and sends disassociation frames to the stations. Although
the stations quickly re-associate with the AP, the attacker continues to send
disassociation frames to end the stations’ sessions.
Authentication failure attack—The attacker uses a tool to masquerade as an
AP. When a station submits its login credentials, the attacker sends an authenti-
cation failed message to the station. The station then removes itself from the
WLAN. An attacker may also launch this attack by spoofing a station, sending
invalid login credentials. The AP then denies the station access to the WLAN.
802.11 replay attack—The attacker captures and resends legitimate frames.
This attack can be used to overwhelm the network, spoof a legitimate user, or
learn additional information about the network.
Decryption attack—If an attacker is trying to crack the encryption used on your
WLAN, your AP will receive a high number of encryption failures.
EAP start frame attack—An attacker floods the AP with EAP start frames,
causing the AP to allocate resources for each session. Eventually, the attack
consumes all of the AP’s resources, creating a DoS.
TKIP attack—An attacker tries to alter a frame and bypass the Michael integrity
check. TKIP is designed to take countermeasures against such attacks, such as
closing the session or refreshing the master key.
When a station exhibits a potentially harmful behavior, the Wireless Edge Services
zl Module filters all traffic from the station for a certain period.