BLOG
 
Blog: WiFi Experts

New AirMagnet Enterprise Threat Signatures Released to Protect Against WLAN Vulnerabilities
Author/Blog Contributor - Jesse Frankel
Date: January 24, 2012

Today the AirMagnet team announced that we’ve released a new batch of signature updates for AirMagnet Enterprise 9.0. The release includes a signature for the recently discovered Wi-Fi Protected Setup (WPS) PIN Brute Force attack, as well as DNS and ICMP tunnel traffic detection, and 802.11 fuzzing attacks.

AirMagnet Enterprise is the only WLAN security system that can immediately generate signature updates for immediate protection against new threats and automatically push them to customers without requiring scheduled downtime or additional IT resources.

The new signatures protect against four attacks that can exploit wireless LANs (WLANs):

  • Wi-Fi Protected Setup PIN Brute Force Attack - Wi-Fi Protected Setup (WPS) is a simplified method for configuring security settings that is supported on certain access points and clients. On Dec. 27, 2011, a serious vulnerability was reported in the WPS mechanism that allows an attacker to derive the PIN and therefore gain unauthorized connection to the access point (AP). There are currently two known attack tools that exploit this vulnerability.
  • DNS Tunneled Traffic Detection - Domain Name Server (DNS) tunneling is the practice of encapsulating TCP traffic inside DNS packets. This technique can be used to bypass payment and gain unauthorized connectivity through Wi-Fi Hotspots or other protected guest access portals.
  • ICMP Tunneled Traffic Detection - Similar to the DNS Tunneling Traffic Detection, Internet Control Message Protocol (ICMP) tunneling is the practice of encapsulating Transmission Control Protocol (TCP) traffic inside ICMP packets. This technique can also be used to bypass payment and gain unauthorized connectivity through Wi-Fi Hotspots or other protected guest access portals.
  • 802.11 Fuzzing Attack - 802.11 Fuzzing is the process of introducing invalid, unexpected or random data into 802.11 frames and then replaying those modified frames into the air. This can cause unexpected damage to the destination device including driver crashes, operating system crashes and stack-based overflows that would allow execution of arbitrary code on the affected system, including APs.

 

 
Comments:
 

Post a Comment:

Name:
*
 
Email:
*
Note: Your email will not be displayed.
 
Comments:
 *
 
Verification:
Enter in the characters from the image below:
 *
 
 
Blog Contributor

Jesse Frankel has extensive experience in delivering critical wireless security solutions for enterprise, clinical and government networks. During his 6+ years at AirMagnet he served as Director, System Engineering and as a member of AirMagnet's Wireless Intrusion Research Team.

Blog Archive
 
Other Social Media Sites We Recommend:
Home  |  Security Center  |  All Things Wi-Fi  |  Blog  |  Library  |  AirMagnet.com  |  FlukeNetworks.com
© 2006-2012 Fluke Corporation. All rights reserved.