skip to main content
research-article

RIPPS: Rogue Identifying Packet Payload Slicer Detecting Unauthorized Wireless Hosts Through Network Traffic Conditioning

Published:01 May 2008Publication History
Skip Abstract Section

Abstract

Wireless network access has become an integral part of computing both at home and at the workplace. The convenience of wireless network access at work may be extremely beneficial to employees, but can be a burden to network security personnel. This burden is magnified by the threat of inexpensive wireless access points being installed in a network without the knowledge of network administrators. These devices, termed <it>Rogue Wireless Access Points</it>, may allow a malicious outsider to access valuable network resources, including confidential communication and other stored data. For this reason, wireless connectivity detection is an essential capability, but remains a difficult problem. We present a method of detecting wireless hosts using a local RTT metric and a novel packet payload slicing technique. The local RTT metric provides the means to identify physical transmission media while packet payload slicing conditions network traffic to enhance the accuracy of the detections. Most importantly, the packet payload slicing method is transparent to both clients and servers and does not require direct communication between the monitoring system and monitored hosts.

References

  1. Adya, A., Bahl, P., Chandra, R., and Qiu, L. 2004. Architecture and techniques for diagnosing faults in IEEE 802.11 infrastructure networks. In &lt;it&gt;Proceedings of Annual International Conference on Mobile Computing and Networking (MOBICOM'04)&lt;/it&gt;. 30--44. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Bellovin, S. M. 2002. A technique for counting NATted hosts. In &lt;it&gt;Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurement (SIGCOMM'02)&lt;/it&gt;. 267--272. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Beverly, R. 2004. A robust classifier for passive TCP/IP fingerprinting. In &lt;it&gt;Proceedings of Passive and Active Network Measurement, 5th International Workshop&lt;/it&gt;. 158--167.Google ScholarGoogle Scholar
  4. Beyah, R., Kangude, S., Yu, G., Strickland, B., and Copeland, J. 2004. Rogue access point detection using temporal traffic characteristics. In &lt;it&gt;Proceedings of IEEE Global Telecommunications Conference (GLOBECOM'04)&lt;/it&gt;. 2271--2275.Google ScholarGoogle Scholar
  5. Cheng, L. and Marsic, I. 2001. Fuzzy reasoning for wireless awareness. &lt;it&gt;Int. J. Wirel. Inform. Netw. 8,&lt;/it&gt; 1, 15--26.Google ScholarGoogle ScholarCross RefCross Ref
  6. Chirumamilla, M. K. and Ramamurthy, B. 2003. Agent based intrusion detection and response system for wireless lans. In &lt;it&gt;Proceedings of IEEE International Conference on Communications&lt;/it&gt;. Vol. 1. 492--496.Google ScholarGoogle Scholar
  7. Deraison, R. and Gula, R. 2003. Using nessus to detect wireless acccess points. Tenable Network Security. http://www.tenablesecurity.com/papers.html.Google ScholarGoogle Scholar
  8. Guo, F. and Chiueh, T. 2006. Sequence number-based mac address spoof detection. &lt;it&gt;EURASIP J. Wirel. Commu. Network.&lt;/it&gt;Google ScholarGoogle Scholar
  9. Handley, M., Paxson, V., and Kreibich, C. 2001. Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics. In &lt;it&gt;Proceedings of USENIX Security Symposium (USENIX'01)&lt;/it&gt;. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Henning, R. R. 2003. Vulnerability assessment in wireless networks. In &lt;it&gt;Symposium on Applications and the Internet Workshops&lt;/it&gt;. 358--362. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Karn, P. and Partridge, C. 1991. Improving round-trip time estimates in reliable transport protocols. &lt;it&gt;ACM Trans. Comput. Syst. 9,&lt;/it&gt; 4, 364--373. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Mano, C. 2006. Defending against malicious rogue system threats. Ph.D. thesis, University of Notre Dame. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Savage, S. 1999. Sting: A TCP-based network measurement tool. In &lt;it&gt;USENIX Symposium on Internet Technologies and Systems&lt;/it&gt;. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Weaver, N., Paxson, V., and Sommer, R. 2006. Work in progress: Bro-LAN pervasive network inspection and control for LAN traffic. In &lt;it&gt;Workshop on Enterprise Network Security&lt;/it&gt;.Google ScholarGoogle Scholar
  15. Wei, W., Suh, K., Gu, Y., Wang, B., and Kurose, J. 2006. Passive online rogue access point detection using sequential hypothesis testing with tcp ack-pairs. UMass CMPSCI Tech. rep. 2006-60.Google ScholarGoogle Scholar
  16. Wei, W., Wang, B., Zhg, C., Kurose, J., and Towsley, D. 2005. Classification of access network types: Ethernet, Wireless LAN, ADSL, Cable Modem or Dialup? In &lt;it&gt;Proceedings of Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM'05)&lt;/it&gt;. 1060--1071.Google ScholarGoogle Scholar

Index Terms

  1. RIPPS: Rogue Identifying Packet Payload Slicer Detecting Unauthorized Wireless Hosts Through Network Traffic Conditioning

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Published in

          cover image ACM Transactions on Information and System Security
          ACM Transactions on Information and System Security  Volume 11, Issue 2
          March 2008
          207 pages
          ISSN:1094-9224
          EISSN:1557-7406
          DOI:10.1145/1330332
          Issue’s Table of Contents

          Copyright © 2008 ACM

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 1 May 2008
          • Accepted: 1 July 2007
          • Revised: 1 April 2007
          • Received: 1 January 2006
          Published in tissec Volume 11, Issue 2

          Permissions

          Request permissions about this article.

          Request Permissions

          Check for updates

          Qualifiers

          • research-article
          • Research
          • Refereed

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!