Investigation of Denial of Service (DoS) attack in Wireless LAN

Abstract

Denial of service (DoS) and distributed denial of service (DDoS) attacks are considered to be one of the most severe threat problems in wireless network security. The Master's thesis describes some recent research on DoS attacks in wireless LAN, presents literature research covering different types of DoS in corresponding OSI layers in Wireless Local Area Network (Wireless LAN) IEEE 802.11 standards architecture and security mechanisms, and ETSI HIPERLAN architectures. Additionally, the thesis reviews Local Area Network (LAN) security, considering both network operational security and network data security. Furthermore, some defence methods, such as authentication and access control, 802.1X and EAPOL, and VPN against DoS attacks are introduced. Moreover, different kinds of (distributed) DoS attacking tools, such as Trinoo, TFN, and Stacheldraht are introduced in a later chapter. The Chinese new WLAN standard, WLAN Authentication and Privacy Infrastructure (WAPI) is also discussed briefly.

A new kind of DoS attack against IEEE 802.11 DSSS based WLANs is discussed. The defence strategies and currently used defending tools against DoS attacks in WLANs are discussed. It has been suggested that 802.11 networks are highly susceptible to malicious DoS attacks targeting their management and media access protocols. The thesis provides an analysis of such 802.11-specific attacks.

The results show that there is no comprehensive solution against DoS attacks in WLAN currently. To combat DoS attacks, the best way is not to make changes to the protocols, but to take external countermeasures, such as tracing the attacks, enforcing related law and enterprise usage policy systems. Finally, in WLAN, the migration to the 5GHz range is both practical and market-rewarding.