Netstumbler And Wellenreiter Applications; Wireless Bridge - D-Link DWS-1008 - AirPremier MobileLAN Switch Product Manual

• Broadcast deauthenticate frames—Similar to the spoofed deauthenticate frame attack
above, a broadcast deauthenticate frame attack generates spoofed deauthenticate frames,
with a broadcast destination address instead of the address of a specific client. The intent
of the attack is to disconnect all stations attached to an AP.
• Disassociation frames—A disassociation frame from an AP instructs the client to end its
association with the AP. The intent of this attack is to disconnect clients from the AP.
• Null probe responses—A client's probe request frame is answered by a probe response
containing a null SSID. Some NIC cards lock up upon receiving such a probe response.
• Decrypt errors—An excessive number of decrypt errors can indicate that multiple clients
are using the same MAC address. A device's MAC address is supposed to be unique.
Multiple instances of the same address can indicate that a rogue device is pretending to
be a legitimate device by spoofing its MAC address.
• Fake AP—A rogue device sends beacon frames for randomly generated SSIDs or BSSIDs.
This type of attack can cause clients to become confused by the presence of so many
SSIDs and BSSIDs, and thus interferes with the clients' ability to connect to valid APs. This
type of attack can also interfere with RF Auto-Tuning when an AP is trying to adjust to its
RF neighborhood.
• SSID masquerade—A rogue device pretends to be a legitimate AP by sending beacon
frames for a valid SSID serviced by APs in your network. Data from clients that associate
with the rogue device can be accessed by the hacker controlling the rogue device.
• Spoofed AP—A rogue device pretends to be a D-Link AP by sending packets with the
source MAC address of the D-Link AP. Data from clients that associate with the rogue
device can be accessed by the hacker controlling the rogue device.
Note: MSS detects a spoofed AP attack based on the fingerprint of the spoofed AP. Packets from the
real AP have the correct signature, while spoofed packets lack the signature.

Netstumbler and Wellenreiter Applications

Netstumbler and Wellenreiter are widely available applications that hackers can use to gather information
about the APs in your network, including location, manufacturer, and encryption settings.
A wireless bridge can extend a wireless network outside the desired area. For example, someone can
place a wireless bridge near an exterior wall to extend wireless coverage out into the parking lot, where
a hacker could then gain access to the network.
D-Link DWS-1008 User Manual

Wireless Bridge

8