User's Guide
Wireless Array
336 Configuring the Wireless Array
Disassociation
Flood
Flooding the Array with forged Disassociation packets.
Deauthentication
Flood
Flooding the Array with forged Deauthenticates.
EAP Handshake
Flood
Flooding an AP with EAP-Start messages to consume
resources or crash the target.
Null Probe
Response
Answering a station probe-request frame with a null SSID.
Many types of popular NIC cards cannot handle this
situation, and will freeze up.
MIC Error Attack Generating invalid TKIP data to exceed the Array's MIC
error threshold, suspending WLAN service.
Disassociation
Attack (Omerta)
Sending forged disassociation frames to all stations on a
channel in response to data frames.
Deauthentication
Attack
Sending forged deauthentication frames to all stations on
a channel in response to data frames.
Duration Attack
(Duration Field
Spoofing)
Injecting packets into the WLAN with huge duration
values. This forces the other nodes in the WLAN to keep
quiet, since they cannot send any packet until this value
counts down to zero. If the attacker sends such frames
continuously it silences other nodes in the WLAN for long
periods, thereby disrupting the entire wireless service.
Impersonation Attacks
AP
impersonation
Reconfiguring an attacker's MAC address to pose as an
authorized AP. Administrators should take immediate
steps to prevent the attacker from entering the WLAN.
Station
impersonation
Reconfiguring an attacker's MAC address to pose as an
authorized station. Administrators should take immediate
steps to prevent the attacker from entering the WLAN.
Evil twin attack Masquerading as an authorized AP by beaconing the
WLAN's service set identifier (SSID) to lure users.
Type of Attack Description