Browse Prior Art Database

Ability to automatically thwart denial of access attack

IP.com Disclosure Number: IPCOM000015277D
Original Publication Date: 2001-Nov-02
Included in the Prior Art Database: 2003-Jun-20
Document File: 1 page(s) / 40K

Publishing Venue

IBM

Abstract

Denial of service attacks due to deliberate or machine malfunctions are a major concern with networks. The rapid acceptance of wireless networks, has significantly made companies more vulnerable. Currently, it is very easy to gain access to a wireless network even if you are not an authorized user. A hacker could gain access to network via an access point and from a location outside the building launch a attack on the network by flooding it with data. In this type of attack, the damage is not by data loss, but instead by productivity loss. Wireless access points are very vulnerable for the following reason as the bandwidth they provide is shared and there are not methods to ensure fairness.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 1

Ability to automatically thwart denial of access attack

   Denial of service attacks due to deliberate or machine malfunctions are a major concern with networks. The rapid acceptance of wireless networks, has significantly made companies more vulnerable. Currently, it is very easy to gain access to a wireless network even if you are not an authorized user. A hacker could gain access to network via an access point and from a location outside the building launch a attack on the network by flooding it with data. In this type of attack, the damage is not by data loss, but instead by productivity loss. Wireless access points are very vulnerable for the following reason as the bandwidth they provide is shared and there are not methods to ensure fairness.

This publication describes a method to allow the IS administrator to shut down a hacker attempting denial of service or an faulty machine.

New access points will have the ability to notify the network administrator when a particular user on an access point is using an uncharacteristic high bandwidth of track. The network administrator would send a command to the access point to drop lease of DHCP address for the suspect client. This will require the client to request a new address. The access point, would be modified to keep a list of suspect MAC address and based on policy could issue or deny access. The list of suspect MAC would be maintained by IS manager and periodically uploaded to each access point. This will permanently lock out the suspect client as the MAC address is hardwired within the network subsystem and is not changeable...