Injection attacks on 802.11n MAC frame aggregation

Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2015-06-22 DOI:10.1145/2766498.2766513

Pieter Robyns, P. Quax, W. Lamotte

{"title":"Injection attacks on 802.11n MAC frame aggregation","authors":"Pieter Robyns, P. Quax, W. Lamotte","doi":"10.1145/2766498.2766513","DOIUrl":null,"url":null,"abstract":"The ability to inject packets into a network is known to be an important tool for attackers: it allows them to exploit or probe for potential vulnerabilities residing on the connected hosts. In this paper, we present a novel practical methodology for injecting arbitrary frames into wireless networks, by using the Packet-In-Packet (PIP) technique to exploit the frame aggregation mechanism introduced in the 802.11n standard. We show how an attacker can apply this methodology over a WAN -- without physical proximity to the wireless network and without requiring a wireless interface card. The practical feasibility of our injection method is then demonstrated through a number of proof-of-concept attacks. More specifically, in these proof-of-concepts we illustrate how a host scan can be performed on the network, and how beacon frames can be injected from a remote location. We then both analytically and experimentally estimate the success rate of these attacks in a realistic test setup. Finally, we present several defensive measures that network administrators can put in place in order to prevent exploitation of our frame injection methodology.","PeriodicalId":261845,"journal":{"name":"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"53 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2766498.2766513","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

The ability to inject packets into a network is known to be an important tool for attackers: it allows them to exploit or probe for potential vulnerabilities residing on the connected hosts. In this paper, we present a novel practical methodology for injecting arbitrary frames into wireless networks, by using the Packet-In-Packet (PIP) technique to exploit the frame aggregation mechanism introduced in the 802.11n standard. We show how an attacker can apply this methodology over a WAN -- without physical proximity to the wireless network and without requiring a wireless interface card. The practical feasibility of our injection method is then demonstrated through a number of proof-of-concept attacks. More specifically, in these proof-of-concepts we illustrate how a host scan can be performed on the network, and how beacon frames can be injected from a remote location. We then both analytically and experimentally estimate the success rate of these attacks in a realistic test setup. Finally, we present several defensive measures that network administrators can put in place in order to prevent exploitation of our frame injection methodology.

查看原文本刊更多论文

针对802.11n MAC帧聚合的注入攻击

众所周知，向网络注入数据包的能力是攻击者的一个重要工具:它允许他们利用或探测驻留在连接主机上的潜在漏洞。在本文中，我们提出了一种新的实用方法，通过使用包中包(PIP)技术来利用802.11n标准中引入的帧聚合机制，将任意帧注入无线网络。我们展示了攻击者如何在广域网上应用这种方法——不需要物理接近无线网络，也不需要无线接口卡。然后通过一系列概念验证攻击来证明我们的注入方法的实际可行性。更具体地说，在这些概念验证中，我们说明了如何在网络上执行主机扫描，以及如何从远程位置注入信标帧。然后，我们在现实的测试设置中分析和实验估计这些攻击的成功率。最后，我们提出了一些网络管理员可以采取的防御措施，以防止利用我们的框架注入方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks

自引率

0.00%

发文量