RTS Virtual Carrier Sense Attack
|
This is an addition to the existing RTS Flood alarm introduced in Cisco IOS XE Bengaluru 17.4.x. The alarm is triggered when
an RTS with a large duration is detected. An attacker can use these frames to exhaust air time and disrupt wireless client
service.
|
CTS Virtual Carrier Sense Attack
|
This is an addition to the existing CTS Flood alarm introduced in Cisco IOS XE Bengaluru 17.4.x. The alarm is triggered when
a CTS with large duration is detected. An attacker can use these frames to exhaust air time and disrupt wireless client service.
|
Deauthentication Flood by Pair
|
In the enhanced context of threat, both the source (attacker) and the destination (victim) of attacks (Track by Pair) have
visibility.
|
Fuzzed Beacon
|
Fuzzed beacon is when invalid, unexpected, or random data is introduced into the beacon and replays those modified frames
into the air. This causes unexpected behavior on the destination device, including driver crashes, operating system crashes,
and stack-based overflows. This in turn allows the execution of the arbitrary code of the affected system.
|
Fuzzed Probe Request
|
Fuzzed probe request is when invalid, unexpected, or random data is introduced into a probe request and replays those modified
frames into the air.
|
Fuzzed Probe Response
|
Fuzzed probe response is when invalid, unexpected, or random data is introduced into a probe response and replays those modified
frames into the air.
|
PS Poll Flood by Signature
|
PS poll flood is when a potential hacker spoofs a MAC address of a wireless client and sends out a flood of PS poll frames.
The AP sends out buffered data frames to the wireless client. This results in the client missing the data frames because it
could be in the power safe mode.
|
Eapol Start V1 Flood by Signature
|
Extensible Authentication Protocol over LAN (EAPOL) start flood is when an attacker attempts to bring down the AP by flooding
the AP with EAPOL-start frames to exhaust the AP's internal resources.
|
Reassociation Request Flood by Destination
|
Reassociation request flood is when a specific device tries to flood the AP with a large number of emulated and spoofed client
reassociations to exhaust the AP's resources, particularly the client association table. When the client association table
overflows, legitimate clients are not able to associate, causing a DoS attack.
|
Beacon Flood by Signature
|
Beacon flood is when stations actively search for a network that is bombarded with beacons from the networks that are generated
using different MAC addresses and SSIDs. This flood prevents a valid client from detecting the beacons sent by corporate APs,
which in turn initiates a DoS attack.
|
Probe Response Flood by Destination
|
Probe response flood is when a device tries to flood clients with a large number of spoofed probe responses from the AP. This
prevents clients from detecting the valid probe responses sent by the corporate APs.
|
Block Ack Flood by Signature
|
Block ack flood is when an attacker transmits an invalid Add Block Acknowledgement (ADDBA) frame to the AP while spoofing
the MAC address of the valid client. This process causes the AP to ignore any valid traffic transmitted from the client until
it reaches the invalid frame range.
|
Airdrop Session
|
Airdrop session refers to the Apple feature called AirDrop. AirDrop is used to set up a peer-to-peer link for file sharing.
This might create a security risk because of unauthorized peer-to-peer networks created dynamically in your WLAN environment.
|
Malformed Association Request
|
Malformed association request is when an attacker sends a malformed association request to trigger bugs in the AP. This results
in a DoS attack.
|
Authentication Failure Flood by Signature
|
Authentication failure flood is when a specific device tries to flood the AP with invalid authentication requests spoofed
from a valid client. This results in disconnection.
|
Invalid MAC OUI by Signature
|
Invalid MAC OUI is when a spoofed MAC address that does not have a valid OUI is used.
|
Malformed Authentication
|
Malformed authentication is when an attacker sends malformed authentication frames that can expose vulnerabilities in some
drivers.
|