Browse Prior Art Database

Ability to automatically thwart denial of access attack Disclosure Number: IPCOM000015277D
Original Publication Date: 2001-Nov-02
Included in the Prior Art Database: 2003-Jun-20

Publishing Venue



Denial of service attacks due to deliberate or machine malfunctions are a major concern with networks. The rapid acceptance of wireless networks, has significantly made companies more vulnerable. Currently, it is very easy to gain access to a wireless network even if you are not an authorized user. A hacker could gain access to network via an access point and from a location outside the building launch a attack on the network by flooding it with data. In this type of attack, the damage is not by data loss, but instead by productivity loss. Wireless access points are very vulnerable for the following reason as the bandwidth they provide is shared and there are not methods to ensure fairness. This publication describes a method to allow the IS administrator to shut down a hacker attempting denial of service or an faulty machine. New access points will have the ability to notify the network administrator when a particular user on an access point is using an uncharacteristic high bandwidth of track. The network administrator would send a command to the access point to drop lease of DHCP address for the suspect client. This will require the client to request a new address. The access point, would be modified to keep a list of suspect MAC address and based on policy could issue or deny access. The list of suspect MAC would be maintained by IS manager and periodically uploaded to each access point. This will permanently lock out the suspect client as the MAC address is hardwired within the network subsystem and is not changeable by the end use. This is accomplished by a combination of monitoring circuits and alert generation. The access point provides notification to a remote server when a potential denial of access attack is occurring. The alerts inform network administrators and/or security personnel that an user is flooding the network with data traffic that is impacting network performance and other users. This will allow network administrators or security personnel can investigate the flooding of network traffic