Abstract
Wireless network access has become an integral part of computing both at home and at the workplace. The convenience of wireless network access at work may be extremely beneficial to employees, but can be a burden to network security personnel. This burden is magnified by the threat of inexpensive wireless access points being installed in a network without the knowledge of network administrators. These devices, termed <it>Rogue Wireless Access Points</it>, may allow a malicious outsider to access valuable network resources, including confidential communication and other stored data. For this reason, wireless connectivity detection is an essential capability, but remains a difficult problem. We present a method of detecting wireless hosts using a local RTT metric and a novel packet payload slicing technique. The local RTT metric provides the means to identify physical transmission media while packet payload slicing conditions network traffic to enhance the accuracy of the detections. Most importantly, the packet payload slicing method is transparent to both clients and servers and does not require direct communication between the monitoring system and monitored hosts.
- Adya, A., Bahl, P., Chandra, R., and Qiu, L. 2004. Architecture and techniques for diagnosing faults in IEEE 802.11 infrastructure networks. In <it>Proceedings of Annual International Conference on Mobile Computing and Networking (MOBICOM'04)</it>. 30--44. Google Scholar
Digital Library
- Bellovin, S. M. 2002. A technique for counting NATted hosts. In <it>Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurement (SIGCOMM'02)</it>. 267--272. Google Scholar
Digital Library
- Beverly, R. 2004. A robust classifier for passive TCP/IP fingerprinting. In <it>Proceedings of Passive and Active Network Measurement, 5th International Workshop</it>. 158--167.Google Scholar
- Beyah, R., Kangude, S., Yu, G., Strickland, B., and Copeland, J. 2004. Rogue access point detection using temporal traffic characteristics. In <it>Proceedings of IEEE Global Telecommunications Conference (GLOBECOM'04)</it>. 2271--2275.Google Scholar
- Cheng, L. and Marsic, I. 2001. Fuzzy reasoning for wireless awareness. <it>Int. J. Wirel. Inform. Netw. 8,</it> 1, 15--26.Google Scholar
Cross Ref
- Chirumamilla, M. K. and Ramamurthy, B. 2003. Agent based intrusion detection and response system for wireless lans. In <it>Proceedings of IEEE International Conference on Communications</it>. Vol. 1. 492--496.Google Scholar
- Deraison, R. and Gula, R. 2003. Using nessus to detect wireless acccess points. Tenable Network Security. http://www.tenablesecurity.com/papers.html.Google Scholar
- Guo, F. and Chiueh, T. 2006. Sequence number-based mac address spoof detection. <it>EURASIP J. Wirel. Commu. Network.</it>Google Scholar
- Handley, M., Paxson, V., and Kreibich, C. 2001. Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics. In <it>Proceedings of USENIX Security Symposium (USENIX'01)</it>. Google Scholar
Digital Library
- Henning, R. R. 2003. Vulnerability assessment in wireless networks. In <it>Symposium on Applications and the Internet Workshops</it>. 358--362. Google Scholar
Digital Library
- Karn, P. and Partridge, C. 1991. Improving round-trip time estimates in reliable transport protocols. <it>ACM Trans. Comput. Syst. 9,</it> 4, 364--373. Google Scholar
Digital Library
- Mano, C. 2006. Defending against malicious rogue system threats. Ph.D. thesis, University of Notre Dame. Google Scholar
Digital Library
- Savage, S. 1999. Sting: A TCP-based network measurement tool. In <it>USENIX Symposium on Internet Technologies and Systems</it>. Google Scholar
Digital Library
- Weaver, N., Paxson, V., and Sommer, R. 2006. Work in progress: Bro-LAN pervasive network inspection and control for LAN traffic. In <it>Workshop on Enterprise Network Security</it>.Google Scholar
- Wei, W., Suh, K., Gu, Y., Wang, B., and Kurose, J. 2006. Passive online rogue access point detection using sequential hypothesis testing with tcp ack-pairs. UMass CMPSCI Tech. rep. 2006-60.Google Scholar
- Wei, W., Wang, B., Zhg, C., Kurose, J., and Towsley, D. 2005. Classification of access network types: Ethernet, Wireless LAN, ADSL, Cable Modem or Dialup? In <it>Proceedings of Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM'05)</it>. 1060--1071.Google Scholar
Index Terms
RIPPS: Rogue Identifying Packet Payload Slicer Detecting Unauthorized Wireless Hosts Through Network Traffic Conditioning
Recommendations
The Taming of the Shrew: Mitigating Low-Rate TCP-Targeted Attack
ICDCS '09: Proceedings of the 2009 29th IEEE International Conference on Distributed Computing SystemsA Shrew attack, which uses a low-rate burst carefully designed to exploit TCP's retransmission timeout mechanism, can throttle the bandwidth of a TCP flow in a stealthy manner. While such an attack can significantly degrade the performance of all TCP-...
RTNSS: a routing trace-based network security system for preventing ARP spoofing attacks
The motion of address resolution protocol (ARP) is done without any problem in a general environment, but it is not considered from the security aspect; therefore, it risks being threatened by an attack from the network called ARP spoofing or ARP ...
Mitigating denial of service attacks: a tutorial
This tutorial describes what Denial of Service (DOS) attacks are. how they can be carried out in IP networks, and how one can defend against them. Distributed DoS (DDoS) attacks are included here as a subset of DoS attacks. A DoS attack has two phases: ...






Comments