Experiences in Passively Detecting Session Hijacking Attacks in IEEE 802.11 Networks

Posted in Internet Security Whitepapers, Session Hijacking

0.0/5 rating (0 votes)

Session hijacking is a common and serious threat to wireless local area network (WLAN) security (Schmoyer, Lim & Owen 2004). This attack exploits deficiencies in the WLAN state machine, namely unauthenticated management frames and the loose coupling of the IEEE 802.11i and IEEE 802.1X state machines (Mishra & Arbaugh 2003), and can be launched using off-the-shelf hardware and software. Session hijacking combines denial of service (DoS) and identity spoofing attacks. Typically an adversary forces a legitimate mobile station (STA) to terminate its connection to an access point (AP) by sending it a disassociation/deauthentication management frame with the source MAC address spoofed to be that of the AP. This results in the STA disconnecting from the network. The adversary can now associate with the AP, by masquerading the MAC address of the STA, and hence taking over its session. Neither the original IEEE 802.11 standards, nor the recent IEEE 802.11i standard specify mechanisms for protecting the integrity of the management frames, leaving IEEE 802.11 based WLANs vulnerable to management frame spoofing and the associated denial of service attacks that such spoofing permits (Bellardo & Savage 2003). In this paper the terms Wireless and Wireless Local Area Networks refer to IEEE 802.11 infrastructure networks (IEEE 1999).
∙:∙ If you have trouble viewing this document, please click the link below!
Experiences in Passively Detecting Session Hijacking Attacks in IEEE 802.11 Networks

Comments (0)

Leave a comment

Please login to leave a comment. Optional login below.