BLOG
 
Blog: WiFi Experts

Is Your Wireless Network Protected? AirMagnet Enterprise Releases New Wireless Threat Signatures
Author/Blog Contributor - Jesse Frankel, Product Manager, Fluke Networks
Date: November 08, 2011

With Halloween behind us, wireless engineers are back dealing with the scary realities of today’s wireless threats and vulnerabilities. But, if you’re a Fluke Networks’ customer running the AirMagnet Enterprise 9.0 Wireless Intrusion and Prevention System (WIPS), never fear because you’re more prepared than ever to defend your WLAN thanks to the release of new threat signatures.

New threat signature updates have been released via the Dynamic Threat Update (DTU) feature, which enables the automatic loading of new alarm signatures, without involving local IT staff.  The new update contains protection against critical new wireless threats, including Airdrop, Karmetasploit and DHCP Starvation Attacks:

  • AirDrop – Apple’s Mac OS X Lion includes the new AirDrop feature that allows multiple users to share files over a peer-to-peer Wi-Fi connection, which can be a violation of company security policies.  Risks that could result, include protected data being easily transferred to unknown machines outside of the enterprise network, and potentially leaving the network vulnerable to other active attacks.
  • Karmetasploit – This is an aggressive man in the middle (MitM) style attack that tricks a client into associating with a device masquerading as an access point running KARMA. This allows a hacker to do any number of the following: gain access to the client machine, capture passwords, harvest data and conduct a wide variety of application exploits.
  • DHCP Starvation Attack – A DHCP starvation attack run from a wireless client can cause other clients to connect to a malicious network.  Wireless guest networks and unencrypted commercial hotspots are especially vulnerable to this attack, which can lead to lost productivity or revenue.

Fluke Networks regularly releases new signature updates. More detail on each of the above threats/vulnerabilities is available in the community.

Previous DTU signature releases include:

  • Ad-hoc Station Broadcasting Free Public Wi-Fi SSID ­– This vulnerability allows hackers to lure unsuspecting wireless users through an ad-hoc network leveraging an old Microsoft bug in the XP OS (a fix was issued in Service Pack 3).
  • Airpwn – Airpwn is a framework for 802.11 packet injection.  It listens to incoming wireless packets, and if the data matches a pattern specified in the config files, custom content is injected (spoofed) from the wireless access point.  Airpwn only works on open wireless networks and WEP encrypted networks when the attacker knows the WEP key.
  • Device Broadcasting XSS SSID – Cross-site scripting vulnerabilities are well known and publicized attacks that target Web applications to gain access to the underlying server or the Web application itself.  It does this by injecting a client-side script into web pages viewed by the user.

 

 
Comments:
 

Post a Comment:

Name:
*
 
Email:
*
Note: Your email will not be displayed.
 
Comments:
 *
 
Verification:
Enter in the characters from the image below:
 *
 
 
Blog Contributor

Jesse Frankel has extensive experience in delivering critical wireless security solutions for enterprise, clinical and government networks. During his 6+ years at AirMagnet he served as Director, System Engineering and as a member of AirMagnet's Wireless Intrusion Research Team.

Blog Archive
 
Other Social Media Sites We Recommend:
Home  |  Security Center  |  All Things Wi-Fi  |  Blog  |  Library  |  AirMagnet.com  |  FlukeNetworks.com
© 2006-2012 Fluke Corporation. All rights reserved.