DoS:
Authentication Flood Attack
This alarm is raised by WiFi Manager
when it detects a Denial of
Service(DoS) in form of an Authentication Flood Attack.
What is Authentication?
Wireless cleints go through an Authentication process in order to
associate with an AP in a WLAN. This authentication can be through open
key authentication or through shared key authentication techniques. A
station can be authenticated with several APs at
the same
time, but associated with only one AP at any time.
What happens during Authentication Flood Attack?
The association requests sent by the clients are maintained by the AP
in an Association Table. The maximum value of the associations is
specified as 2007 concurrent associations by IEEE. When this
association overflows, the AP refuses to associate any further clients.
In order to cause an Authentication flood attack, the attacker
authenticates several non-existing stations using legitimate
looking but randomly generated MAC addresses. The attacker then
sends a flood of spoofed associate requests so that the association table
overflows.
What should the
administrators do?
WiFi
Manager detects this form of DoS attack by tracking client
authentication and association states. When the alarm is triggered, the
AP and the client under attack will be identified and
reported to the WLAN administrator for appropriate action.