Check out the new USENIX Web site. next up previous
Next: Wireless IPS Up: Proximity Breeds Danger: Emerging Previous: Experimental analysis

Defense strategy

The threat of wildfire worms and large-scale spoofing can be reduced significantly with the use of existing wireless security standards such as WPA/WPA2, with strong encryption and hard-to-guess passwords. Unfortunately, despite the wide availability of such techniques, users do not seem to employ them. Even if this is simply because there have been no large-scale attacks yet, the use of passwords hinders usability and robustness. It is likely that even if such measures are implemented, in many cases the passwords are not going to be strong enough to resist brute force attacks. As such, it seems worthwhile investigating alternative, reactive defenses specific to the attack vectors discussed so far. In the remainder of this section we discuss such defenses, as implemented in a prototype system for automated defense against wildfire worms and spoofing attacks based on the Linksys OpenWRT [5] router and optionally using an external controller and centralized threat analysis.