Home » Dell Manuals » Wireless » Dell W-7005 » Manual Viewer

Dell W-7005 AOS 6.4.x User Guide - Page 550

Detecting a Hotspotter Attack, Detecting a Meiners Power Save DoS Attack, Detecting an Omerta Attack

Add to My Manuals
Save this manual to your list of manuals

Page 550 highlights

Detecting a Hotspotter Attack The Hotspotter attack is an evil-twin attack which attempts to lure a client to a malicious AP. Many enterprise employees use their laptop in Wi-Fi area hotspots at airports, cafes, malls etc. They have SSIDs of their hotspot service providers configured on their laptops. The SSIDs used by different hotspot service providers are well known. This enables the attackers to set up APs with hotspot SSIDs in close proximity of the enterprise premises. When the enterprise laptop Client probes for hotspot SSIDs, these malicious APs respond and invite the client to connect to them. When the client connects to a malicious AP, a number of security attacks can be launched on the client. Airsnarf is a popular hacking tool used to launch these attacks. Detecting a Meiners Power Save DoS Attack To save on power, wireless clients will "sleep" periodically, during which they cannot transmit or receive. A client indicates its intention to sleep by sending frames to the AP with the Power Management bit ON. The AP then begins buffering traffic bound for that client until it indicates that it is awake. An intruder could exploit this mechanism by sending (spoofed) frames to the AP on behalf of the client to trick the AP into believing the client is asleep. This will cause the AP to buffer most, if not all, frames destined for the client. Detecting an Omerta Attack Omerta is an 802.11 DoS tool that sends disassociation frames to all stations on a channel in response to data frames. The Omerta attack is characterized by disassociation frames with a reason code of 0x01. This reason code is "unspecified" and is not used under normal circumstances. Detecting Rate Anomalies Many DoS attacks flood an AP or multiple APs with 802.11 management frames. These can include authenticate/associate frames, which are designed to fill up the association table of an AP. Other management frame floods, such as probe request floods, can consume excess processing power on the AP. Detecting a TKIP Replay Attack TKIP is vulnerable to replay (via WMM/QoS) and plaintext discovery (via ChopChop). This affects all WPA-TKIP usage. By replaying a captured TKIP data frame on other QoS queues, an attacker can manipulate the RC4 data and checksum to derive the plaintext at a rate of one byte per minute. By targeting an ARP frame and guessing the known payload, an attacker can extract the complete plaintext and MIC checksum. With the extracted MIC checksum, an attacker can reverse the MIC AP to Station key and sign future messages as MIC compliant, opening the door for more advanced attacks. Detecting Unencrypted Valid Clients An authorized (valid) client that is passing traffic in unencrypted mode is a security risk. An intruder can sniff unencrypted traffic (also known as packet capture) with software tools known as sniffers. These packets are then reassembled to produce the original message. Detecting a Valid Client Misassociation This feature does not detect attacks, but rather it monitors authorized (valid) wireless clients and their association within the network. Valid client misassociation is potentially dangerous to network security. The four types of misassociation that we monitor are: l Authorized Client associated to Rogue: A valid client that is associated to a rogue AP. l Authorized Client associated to External AP: An external AP, in this context, is any AP that is not valid and not a rogue. l Authorized Client associated to Honeypot AP: A honeypot is an AP that is not valid but is using an SSID that has been designated as valid/protected. l Authorized Client in ad hoc connection mode: A valid client that has joined an ad hoc network. Dell Networking W-Series ArubaOS 6.4.x | User Guide Wireless Intrusion Prevention | 550

Section	Page
Contents	3
About this Guide	83
What's New In ArubaOS 6.4.x	83
Features Introduced in ArubaOS 6.4.3.0	83
Features Introduced in ArubaOS 6.4.2.5	89
Features Introduced in ArubaOS 6.4.2.4	89
Features Introduced in ArubaOS 6.4.2.3	90
Features Introduced in ArubaOS 6.4.2.0	90
Features Introduced in ArubaOS 6.4.1.0	92
Features Introduced in ArubaOS 6.4.0.0	95
Fundamentals	98
WebUI	98
CLI	99
Related Documents	99
Conventions	99
Contacting Dell	100
The Basic User-Centric Networks	101
Understanding Basic Deployment and Configuration Tasks	101
Deployment Scenario #1: Controller and APs on Same Subnet	101
Deployment Scenario #2: APs All on One Subnet Different from Controller Subnet	102
Deployment Scenario #3: APs on Multiple Different Subnets from Controllers	103
Configuring the Controller	104
Running Initial Setup	104
Connecting to the Controller after Initial Setup	105
W-7000 Series and W-7200 Series Controller	105
New Port Numbering Scheme	105
W-7200 Series Controllers Individual Port Behavior	106
Using the LCD Screen	106
Using the LCD and USB Drive	108
Upgrading an Image	108
Uploading a Pre-saved Configuration	108
Disabling LCD Menu Functions	109
Configuring a VLAN to Connect to the Network	109
Creating, Updating, and Viewing VLANs and Associated IDs	110
Creating, Updating, and Deleting VLAN Pools	110
Assigning and Configuring the Trunk Port	110
In the WebUI	110
In the CLI	111
Configuring the Default Gateway	111
In the WebUI	111
In the CLI	111
Configuring the Loopback IP Address for the Controller	111
In the WebUI	112
In the CLI	112
Configuring the System Clock	112
Installing Licenses	112
Connecting the Controller to the Network	112
Enabling Wireless Connectivity	113
Enabling Wireless Connectivity	113
Configuring Your User-Centric Network	113
Replacing a Controller	114
Transferring Licenses	114
Procedure Overview	114
Change the VRRP Priorities for a Redundant Master Pair	115
Back Up the Flash File System	115
In the WebUI	115
In the CLI	115
Stage the New Controller	115
Add Licenses to the New Controller	116
Backup Newly Installed Licenses	116
Import and Restore Flash Backup	116
In the WebUI	117
In the CLI	117
Restore Licenses	117
Reboot the Controller	117
Modify the Host Name	118
Modify Topology Settings	118
Save your Configuration	119
Remove the Existing Controller	119
Control Plane Security	120
Control Plane Security Overview	120
Configuring Control Plane Security	121
In the WebUI	121
In the CLI	123
Managing AP Whitelists	123
Adding an AP to the Campus or Remote AP Whitelists	123
In the WebUI	123
In the CLI	125
Viewing AP Whitelist Status	125
Modifying an AP in the Campus AP Whitelist	128
In the WebUI	128
In the CLI	128
Revoking an AP from the Campus AP Whitelist	129
In the WebUI	129
In the CLI	129
Deleting an AP from the Campus AP Whitelist	129
In the WebUI	129
In the CLI	130
Purging a Campus AP Whitelist	130
In the WebUI	130
In the CLI	130
Offloading a Controller Whitelist to ClearPass Policy Manager	130
In the WebUI	130
In the CLI	131
Managing Whitelists on Master and Local Controllers	131
Campus AP Whitelist Synchronization	132
Viewing the Master or Local Controller Whitelists	133
In the WebUI	133
In the CLI	134
Deleting an Entry from the Master or Local Controller Whitelist	134
In the WebUI	134
In the CLI	134
Purging the Master or Local Controller Whitelist	135
In the WebUI	135
In the CLI	135
Working in Environments with Multiple Master Controllers	135
Configuring Networks with a Backup Master Controller	135
Configuring Networks with Clusters of Master Controllers	135
Creating a Cluster Root	136
Creating a Cluster Member	137
Viewing Controller Cluster Setting	137
Replacing a Controller on a Multi-Controller Network	138
Replacing Controllers in a Single Master Network	138
Replacing a Local Controller	138
Replacing a Master Controller with No Backup	139
Replacing a Redundant Master Controller	140
Replacing Controllers in a Multi-Master Network	140
Replacing a Local Controller in a Multi-Master Network	140
Replacing a Cluster Member Controller with no Backup	140
Replacing a Redundant Cluster Member Controller	141
Replacing a Cluster Root Controller with no Backup Controller	141
Replacing a Redundant Cluster Root Controller	142
Configuring Control Plane Security after Upgrading	142
Troubleshooting Control Plane Security	143
Identifying Certificate Problems	143
Verifying Certificates	144
Disabling Control Plane Security	144
Verifying Whitelist Synchronization	144
Rogue APs	145
Software Licenses	146
Understanding License Terminology	146
Working with Licenses	147
Centralized Licensing in a Multi-Controller Network	148
Primary and Backup Licensing Servers	149
Communication between the License Server and License Clients	149
Supported Topologies	151
Unsupported Topologies	152
Adding and Deleting Licenses	153
Replacing a Controller	153
Failover Behaviors	153
Client is Unreachable	154
Server is Unreachable	154
Configuring Centralized Licensing	154
Pre-configuration Setup in an All-Master Deployment	154
Preconfiguration Setup in a Master/Local Topology	155
Enabling Centralized Licensing	155
Monitoring and Managing Centralized Licenses	156
License server Table	156
License Client Table	156
License Client(s) Usage Table	157
Aggregate License Table	158
License Heartbeat Table	158
Using Licenses	158
Understanding License Interaction	160
License Installation Best Practices and Exceptions	160
Installing a License	161
Enabling a New License on your Controller	161
Requesting a Software License in Email	161
Locating the System Serial Number	161
Obtaining a Software License Key	162
Creating a Software License Key	162
Applying the Software License Key in the WebUI	162
Applying the Software License Key in the License Wizard	162
Deleting a License	162
Moving Licenses	163
Resetting the Controller	163
Network Configuration Parameters	164
Configuring VLANs	164
Creating and Updating VLANs	164
In the WebUI	164
In the CLI	165
Creating Bulk VLANs In the WebUI	165
In the CLI	165
Creating a Named VLAN	165
In the WebUI	165
Distinguishing Between Even and Hash Assignment Types	166
Updating a Named VLAN	166
Deleting a Named VLAN	166
Creating a Named VLAN Using the CLI	167
Viewing and Adding VLAN IDs Using the CLI	167
Role Derivation for Named VLAN Pools	167
In the CLI	167
In the WebUI	168
Adding a Bandwidth Contract to the VLAN	168
Optimizing VLAN Broadcast and Multicast Traffic	168
In the WebUI	168
In the CLI	169
Configuring Ports	169
Classifying Traffic as Trusted or Untrusted	169
About Trusted and Untrusted Physical Ports	169
About Trusted and Untrusted VLANs	169
Configuring Trusted/Untrusted Ports and VLANs	170
In the WebUI	170
In the CLI	170
Configuring Trusted and Untrusted Ports and VLANs in Trunk Mode	171
In the WebUI	171
In the CLI	171
Understanding VLAN Assignments	171
VLAN Derivation Priorities for VLAN types	172
How a VLAN Obtains an IP Address	173
Assigning a Static Address to a VLAN	173
In the WebUI	173
In the CLI	173
Configuring a VLAN to Receive a Dynamic Address	173
Configuring Multiple Wired Uplink Interfaces (Active-Standby)	173
Enabling the DHCP Client	174
In the WebUI	174
In the CLI	174
Enabling the PPPoE Client	175
In the WebUI	175
In the CLI	175
Default Gateway from DHCP/PPPoE	175
In the WebUI	175
In the CLI	175
Configuring DNS/WINS Server from DHPC/PPPoE	175
In the WebUI	175
In the CLI	176
Configuring Source NAT to Dynamic VLAN Address	176
In the WebUI	176
In the CLI	176
Configuring Source NAT for VLAN Interfaces	177
Sample Configuration	177
In the WebUI	177
In the CLI	177
Inter-VLAN Routing	178
In the WebUI	178
In the CLI	179
Configuring Static Routes	179
In the WebUI	179
In the CLI	179
Configuring the Loopback IP Address	179
In the WebUI	179
In the CLI	180
Configuring the Controller IP Address	180
In the WebUI	180
In the CLI	181
Configuring GRE Tunnels	181
About Layer-2 GRE Tunnels	181
Layer-2 GRE Tunnel Network Diagram	181
Layer-2 Traffic Flow	181
About Layer-3 GRE Tunnels	182
IPv4 Layer-3 GRE Tunnel Network Diagram	182
IPv6 Layer-3 GRE Tunnel Network Diagram	182
Layer-3 Traffic Flow	182
Configuring a Layer-2 GRE Tunnel	183
In the WebUI	183
In the CLI	185
Configuring a Layer-3 GRE Tunnel for IPv4	186
In the WebUI	186
In the CLI	187
Configuring a Layer-3 GRE Tunnel for IPv6	188
In the WebUI	188
In the CLI	189
Limitations for Static IPv6 Layer-3 Tunnels	190
Directing Traffic into the Tunnel	190
About Configuring Static Routes	190
Configuring a Firewall Policy Rule	190
Configuring Tunnel Keepalives	192
Configuring GRE Tunnel Groups	193
About GRE Tunnel Groups	193
Tunnel Group Order	193
Tunnel Failover	193
Preemption	194
Enabling a Tunnel Group	194
Points to Remember	194
Regarding Layer-2 Tunnel Groups	194
Configuring a Layer-2 or Layer-3 Tunnel Group Using the CLI	194
Example Configuration	194
Enabling Preemption	194
Viewing Operational Status	195
Viewing Active and Member Tunnels	195
Viewing the Standby Member Tunnels	195
Configuring a Layer-2 or Layer-3 Tunnel Group Using the WebUI	196
Jumbo Frame Support	196
Limitations for Jumbo Frame Support	196
Configuring Jumbo Frame Support	197
In the WebUI	197
In the CLI	197
Viewing the Jumbo Frame Support Status	197
IPv6 Support	198
Understanding IPv6 Notation	198
Understanding IPv6 Topology	198
Enabling IPv6	199
Enabling IPv6 Support for Controller and APs	199
Configuring IPv6 Addresses	201
In the WebUI	202
In the CLI	202
Configuring IPv6 Static Neighbors	202
In the WebUI	203
In the CLI	203
Configuring IPv6 Default Gateway and Static IPv6 Routes	203
In the WebUI	203
In the CLI	203
Managing Controller IP Addresses	203
In the WebUI	203
In the CLI	204
Configuring Multicast Listener Discovery	204
In the WebUI	204
In the CLI	205
Dynamic Multicast Optimization	205
In the WebUI	205
In the CLI	206
Limitations	206
Debugging an IPv6 Controller	206
In the WebUI	206
In the CLI	206
Provisioning an IPv6 AP	206
In the WebUI	207
In the CLI	207
Enhancements to IPv6 Support on AP	207
Filtering an IPv6 Extension Header (EH)	207
Configuring a Captive Portal over IPv6	207
Working with IPv6 Router Advertisements (RAs)	208
Configuring an IPv6 RA on a VLAN	208
Using WebUI	209
Using CLI	209
Configuring Optional Parameters for RAs	209
In the WebUI	210
In the CLI	211
RADIUS Over IPv6	211
In the CLI	211
In the WebUI	212
TACACS Over IPv6	212
In the CLI	212
In the WebUI	213
DHCPv6 Server	213
Points to Remember	213
DHCP Lease Limit	213
Configuring DHCPv6 Server	214
In the WebUI	214
In the CLI	215
Understanding ArubaOS Supported Network Configuration for IPv6 Clients	216
Supported Network Configuration	216
Understanding the Network Connection Sequence for Windows IPv6 Clients	216
Understanding ArubaOS Authentication and Firewall Features that Support IPv6	217
Understanding Authentication	217
Working with Firewall Features	217
Understanding Firewall Policies	219
Creating an IPv6 Firewall Policy	221
Assigning an IPv6 Policy to a User Role	222
Understanding DHCPv6 Passthrough/Relay	222
Managing IPv6 User Addresses	222
Viewing or Deleting User Entries	222
Understanding User Roles	223
Viewing Datapath Statistics for IPv6 Sessions	223
Understanding IPv6 Exceptions and Best Practices	223
Link Aggregation Control Protocol	225
Understanding LACP Best Practices and Exceptions	225
Configuring LACP	226
In the CLI	226
In the WebUI	227
LACP Sample Configuration	227
OSPFv2	229
Understanding OSPF Deployment Best Practices and Exceptions	229
Understanding OSPFv2 by Example using a WLAN Scenario	230
WLAN Topology	230
WLAN Routing Table	230
Understanding OSPFv2 by Example using a Branch Scenario	231
Branch Topology	231
Branch Routing Table	232
Configuring OSPF	232
Exporting VPN Client Addresses to OSPF	234
In the WebUI	234
In the CLI	234
Sample Topology and Configuration	234
Remote Branch 1	235
Remote Branch 2	236
W-3200 Central Office Controller—Active	237
W-3200 Central Office Controller—Backup	238
Topology	240
Observation	240
Configuring W-3600-UP Controller	240
Configuring W-3600-DOWN Controller	242
Viewing the Status of Instant AP VPN	243
RAPNG AP-1	243
RAPNG AP-3	244
Tunneled Nodes	246
Understanding Tunneled Node Configuration	246
Configuring a Wired Tunneled Node Client	247
Configuring an Access Port as a Tunneled Node Port	248
Configuring a Trunk Port as a Tunneled Node Port	248
Authentication Servers	249
Understanding Authentication Server Best Practices and Exceptions	249
Understanding Servers and Server Groups	249
Configuring Authentication Servers	250
Configuring a RADIUS Server	250
Using the WebUI	251
Using the CLI	251
RADIUS Service-Type Attribute	253
Enabling Radsec on RADIUS Servers	254
In the Web UI	254
In the CLI	254
RADIUS Server VSAs	254
RADIUS Server Authentication Codes	257
RADIUS Server Fully Qualified Domain Names	258
DNS Query Intervals	258
Configuring Username and Password for CPPM Authentication	258
In the WebUI:	258
In the CLI:	259
Configuring an RFC-3576 RADIUS Server	259
Using the WebUI	259
Using the CLI	259
Configuring an RFC-3576 RADIUS Server with Radsec	260
Using the WebUI	260
Using the CLI	260
Configuring an LDAP Server	260
Using the WebUI	261
Using the CLI	261
Configuring a TACACS+ Server	261
Using the WebUI	262
Using the CLI	262
Configuring a Windows Server	263
Using the WebUI	263
Using the CLI	263
Managing the Internal Database	263
Configuring the Internal Database	263
Using the WebUI	264
Using the CLI	264
Managing Internal Database Files	265
Exporting Files in the WebUI	265
Importing Files in the WebUI	265
Exporting and Importing Files in the CLI	265
Working with Internal Database Utilities	265
Deleting All Users	265
Repairing the Internal Database	265
Configuring Server Groups	266
Configuring Server Groups	266
Using the WebUI	266
Using the CLI	266
Configuring Server List Order and Fail-Through	266
Using the WebUI	267
Using the CLI	267
Configuring Dynamic Server Selection	267
Using the WebUI	268
Using the CLI	269
Configuring Match FQDN Option	269
Using the WebUI	269
Using the CLI	269
Trimming Domain Information from Requests	269
Using the WebUI	270
Using the CLI	270
Configuring Server-Derivation Rules	270
Using the WebUI	271
Using the CLI	272
Configuring a Role Derivation Rule for the Internal Database	272
Using the WebUI	272
Using the CLI	272
Assigning Server Groups	272
User Authentication	273
Management Authentication	273
Using the WebUI	273
Using the CLI	273
Accounting	273
RADIUS Accounting	273
RADIUS Accounting on Multiple Servers	276
TACACS+ Accounting	276
Configuring Authentication Timers	276
Setting an Authentication Timer	277
Using the WebUI	277
Using the CLI	278
Authentication Server Load Balancing	278
Enabling Authentication Server Load Balancing Functionality	278
MAC-based Authentication	279
Configuring MAC-Based Authentication	279
Configuring the MAC Authentication Profile	279
In the WebUI	280
In the CLI	280
Configuring Clients	280
In the WebUI	281
In the CLI	281
Branch Controller Config for Controllers	282
Branch Deployment Features	283
WAN Failure (Authentication) Survivability	284
Supported Client and Authentication Types	284
Supported Key Reply Attributes	285
Support Restrictions	285
Administrative Functions	285
Enabling Authentication Survivability on a Local Branch Controller	286
Configuring the Survival Server Certificate	286
Configuring the Lifetime of the Authentication Survivability Cache	286
User Credential and Key Reply Attributes Are Saved Automatically	286
Expired User Credential and Key Reply Attributes Are Purged Automatically	286
About the Survival Server	286
Trigger Conditions for Critical Actions	286
Storing User Access Credential and Key Reply Attributes to Survival Cache	286
Picking Up the Survival Server for Authentication	287
Access Credential Data Stored	287
Authentication for Captive Portal Clients	287
Captive Portal Client Authentication Using PAP	287
External Captive Portal Client Authentication Using the XML-API	287
Authentication for 802.1X Clients	288
802.1X Termination Disabled at the Wireless LAN Controller	288
802.1X Termination Enabled at the Wireless LAN Controller	288
Authentication for MAC Address-Based Clients	289
Authentication for WISPr Clients	289
WAN Health Check	290
WAN Optimization through IP Payload Compression	290
Distributed Layer 3 Branch Deployment Model	291
Compression/Decompression Engine	291
Modes of Operation	291

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1,000
1,001
1,002
1,003
1,004
1,005
1,006
1,007
1,008
1,009
1,010
1,011
1,012
1,013
1,014
1,015
1,016
1,017
1,018
1,019
1,020
1,021
1,022
1,023
1,024
1,025
1,026
1,027
1,028
1,029
1,030
1,031
1,032
1,033
1,034
1,035
1,036
1,037
1,038
1,039
1,040
1,041
1,042
1,043
1,044
1,045
1,046
1,047
1,048
1,049
1,050
1,051
1,052
1,053
1,054
1,055
1,056
1,057
1,058
1,059
1,060
1,061
1,062
1,063
1,064
1,065
1,066
1,067
1,068
1,069
1,070
1,071
1,072
1,073
1,074
1,075
1,076
1,077
1,078
1,079
1,080
1,081
1,082
1,083
1,084
1,085
1,086
1,087
1,088
1,089
1,090
1,091
1,092
1,093
1,094
1,095
1,096
1,097
1,098
1,099
1,100
1,101
1,102
1,103
1,104
1,105
1,106
1,107
1,108
1,109
1,110
1,111
1,112
1,113
1,114
1,115
1,116
1,117
1,118
1,119
1,120
1,121
1,122
1,123
1,124
1,125
1,126
1,127
1,128
1,129
1,130
1,131
1,132
1,133
1,134
1,135
1,136
1,137
1,138
1,139
1,140
1,141
1,142
1,143
1,144
1,145
1,146
1,147
1,148
1,149
1,150
1,151
1,152
1,153
1,154
1,155
1,156
1,157
1,158
1,159
1,160
1,161
1,162
1,163
1,164
1,165
1,166
1,167
1,168
1,169
1,170
1,171
1,172
1,173
1,174

Match case Limit results 1 per page

Detecting a Hotspotter Attack

The Hotspotter attack is an evil-twin attack which attempts to lure a client to a malicious AP. Many enterprise

employees use their laptop in Wi-Fi area hotspots at airports, cafes, malls etc. They have SSIDs of their hotspot

service providers configured on their laptops. The SSIDs used by different hotspot service providers are well

known. This enables the attackers to set up APs with hotspot SSIDs in close proximity of the enterprise

premises. When the enterprise laptop Client probes for hotspot SSIDs, these malicious APs respond and invite

the client to connect to them. When the client connects to a malicious AP, a number of security attacks can be

launched on the client. Airsnarf is a popular hacking tool used to launch these attacks.

Detecting a Meiners Power Save DoS Attack

To save on power, wireless clients will "sleep" periodically, during which they cannot transmit or receive. A client

indicates its intention to sleep by sending frames to the AP with the Power Management bit ON. The AP then

begins buffering traffic bound for that client until it indicates that it is awake. An intruder could exploit this

mechanism by sending (spoofed) frames to the AP on behalf of the client to trick the AP into believing the

client is asleep. This will cause the AP to buffer most, if not all, frames destined for the client.

Detecting an Omerta Attack

Omerta is an 802.11 DoS tool that sends disassociation frames to all stations on a channel in response to data

frames. The Omerta attack is characterized by disassociation frames with a reason code of 0x01. This reason

code is “unspecified” and is not used under normal circumstances.

Detecting Rate Anomalies

Many DoS attacks flood an AP or multiple APs with 802.11 management frames. These can include

authenticate/associate frames, which are designed to fill up the association table of an AP. Other management

frame floods, such as probe request floods, can consume excess processing power on the AP.

Detecting a TKIP Replay Attack

TKIP is vulnerable to replay (via WMM/QoS) and plaintext discovery (via ChopChop). This affects all WPA-TKIP

usage. By replaying a captured TKIP data frame on other QoS queues, an attacker can manipulate the RC4 data

and checksum to derive the plaintext at a rate of one byte per minute.

By targeting an ARP frame and guessing the known payload, an attacker can extract the complete plaintext and

MIC checksum. With the extracted MIC checksum, an attacker can reverse the MIC AP to Station key and sign

future messages as MIC compliant, opening the door for more advanced attacks.

Detecting Unencrypted Valid Clients

An authorized (valid) client that is passing traffic in unencrypted mode is a security risk. An intruder can sniff

unencrypted traffic (also known as

packet capture

) with software tools known as sniffers. These packets are

then reassembled to produce the original message.

Detecting a Valid Client Misassociation

This feature does not detect attacks, but rather it monitors authorized (valid) wireless clients and their

association within the network. Valid client misassociation is potentially dangerous to network security. The

four types of misassociation that we monitor are:

Authorized Client associated to Rogue:

A valid client that is associated to a rogue AP.

Authorized Client associated to External AP:

An external AP, in this context, is any AP that is not valid

and not a rogue.

Authorized Client associated to Honeypot AP:

A honeypot is an AP that is not

valid

but is using an SSID

that has been designated as valid/protected.

Authorized Client in ad hoc connection mode:

A valid client that has joined an ad hoc network.

Dell Networking W-Series ArubaOS 6.4.x

| User Guide

Wireless Intrusion Prevention |

550