Abstract
The exponential growth in the deployment of IEEE 802.11-based wireless LAN (WLAN) in enterprises and homes makes WLAN an attractive target for attackers. Attacks that exploit vulnerabilities at the IP layer or above can be readily addressed by intrusion detection systems designed for wired networks. However, attacks exploiting link-layer protocol vulnerabilities require a different set of intrusion detection mechanism. Most link-layer attacks in WLANs are denial of service attacks and work by spoofing either access points (APs) or wireless stations. Spoofing is possible because the IEEE 802.11 standard does not provide per-frame source authentication, but can be effectively prevented if a proper authentication is added into the standard. Unfortunately, it is unlikely that commercial WLANs will support link-layer source authentication that covers both management and control frames in the near future. Even if it is available in next-generation WLANs equipments, it cannot protect the large installed base of legacy WLAN devices. This paper proposes an algorithm to detect spoofing by leveraging the sequence number field in the link-layer header of IEEE 802.11 frames, and demonstrates how it can detect various spoofing without modifying the APs or wireless stations. The false positive rate of the proposed algorithm is zero, and the false negative rate is close to zero. In the worst case, the proposed algorithm can detect a spoofing activity, even though it can only detect some but not all spoofed frames.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
IEEE 802.11 Standard, http://standards.ieee.org/getieee802/download/802.11-1999.pdf
Bellardo, J., Savage, S.: 802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions. In: Proceedings of the USENIX Security Symposium, Washington DC (August 2003)
WEPWedgie, http://sourceforge.net/projects/wepwedgie/
void11, http://www.wlsec.net/void11/
Airsnarf, http://airsnarf.shmoo.com/
KisMAC, http://binaervarianz.de/projekte/programmieren/kismac/
Borisov, N., Goldberg, I., Wagner, D.: Intercepting Mobile Communications: The Insecurity of 802.11. In: Mobicom 2001 (2001)
Wright, J.: Detecting Wireless LAN MAC Address Spoofing, http://home.jwu.edu/jwright/papers/wlan-mac-spoof.pdf
Cardenas, E.D.: MAC Spoofing–An Introduction, http://www.giac.org/practical/GSEC/Edgar_Cardenas_GSEC.pdf
Dasgupta, D., Gonzalez, F., Yallapu, K., Kaniganti, M.: Multilevel Monitoring and Detection Systems (MMDS). In: The proceedings of the 15th Annual Computer Security Incident Handling Conference (FIRST), Ottawa, Canada, June 22-27 (2003)
Hall, J., Barbeau, M., Kranakis, E.: Using Transceiverprints for Anomaly Based Intrusion Detection. In: Proceedings of 3rd IASTED, CIIT 2004, St. Thomas, US Virgin Islands, November 22-24 (2004)
Yeo, J., Youssef, M., Agrawala, A.: A framework for wireless LAN monitoring and its applications. In: Proceedings of the 2004 ACM workshop on Wireless security, Philadelphia, PA, USA, October 1 (2004)
Robinson, F.: 802.11i and WPA Up Close. Network Computing (2004)
Mishra, A., Arbaugh, W.: An Initial Security Analysis of the IEEE 802.1X Standard. CS-TR 4328, Department of Computer Science, University of Maryland, College Park (December 2002)
AirDefense. Enterprise Wireless LAN Security and WLAN Monitoring, http://www.airdefense.net/
Aruba Wireless Networks. Wireless Intrusion Protection, http://www.arubanetworks.com/pdf/techbrief-IDS.pdf
Malinen, J.: Host AP driver for Intersil Prism2/2.5/3, http://hostap.epitest.fi/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Guo, F., Chiueh, Tc. (2006). Sequence Number-Based MAC Address Spoof Detection. In: Valdes, A., Zamboni, D. (eds) Recent Advances in Intrusion Detection. RAID 2005. Lecture Notes in Computer Science, vol 3858. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11663812_16
Download citation
DOI: https://doi.org/10.1007/11663812_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-31778-4
Online ISBN: 978-3-540-31779-1
eBook Packages: Computer ScienceComputer Science (R0)