Monitoring of Wireless Networks for Intrusions and Attacks

Date of Submission: 
February 24, 2004
Report Number: 
04-010
Report PDF: 
Abstract: 
Wireless networks based on IEEE 802.11 are becoming integral parts of any enterprise network. The inherent openness of these networks makes them a target for attackers. The coverage of wireless networks cannot be confined by walls or obstacles. The task of an enterprise network administrator is thus compounded by the introduction of wireless technology. Most of the attacks on wireless networks are due to vulnerabilities in the Medium Access Control (MAC) Layer. This fact drives the need for a MAC layer network monitoring system. As part of the Konark project we have developed a mobile-agent based network monitoring system for the wired network. This system facilitates centralized viewing of network alerts through cooperating agents. The main contribution of this project is the development and deployment of an analysis and attack detection tool for 802.11 wireless networks. Events generated by this toolare correlated using Konark monitoring agents and the administrator is alerted. We focus on detection of MAC address spoofing, Denial of Service attacks and network misconfigurations. We also provide services to users and applications. This report describes the different modes in which network monitoring could be done in an enterprise network using such a tool. The trade-offs involved with each mode of operation is also described.