DoS: Association Flood Attack

WiFi Manager raises this alarm when it senses an Association flood attack.

What is association flood attack ?

Access points maintain a table - "Association Table" in which they maintain the state of the wireless clients associated with them.  The process of flooding the Access point's association table with lot of associations by emulating the wireless client or by spoofing is known as association flood attack.

What are the impacts of this attack ?

Once the association table of the Access point is flooded, the Access point will not allow further associations, thereby denying access to the WLAN even for the legitimate clients.

The attack is at association level, can powerful authentication mechanism stop this attack ?

Most of the powerful authentication mechanism like 802.1X or VPN are at the higher level.  At 802.11 layer we don't have lot of options, either we have to go for shared-key authentication or for open authentication.  The attackers exploit this vulnerability.

What can the WLAN Administrator do ?

The best bet would be to monitor the wireless LAN and particularly the associations pattern in the WLAN.  If there are too many association requests and lot of short lived sessions then it is better to analyze and find out the reason for the same.  WiFi Manager when deployed, does this automatically and keeps the administrator warned of potential problems.