Check out the new USENIX Web site. next up previous
Next: Whisper attack detection Up: Spoofing defense strategy and Previous: Packet rewriting defense

802.11-level spoofing attack

As discussed in the context of wifi IPS, a sophisticated attacker can circumvent the ingress filtering defense by violating the 802.11 protocol to transmit frames directly to the victim. The AP can detect this by monitoring for transmissions that it did not send. However, it cannot detect the whisper attack discussed earlier, where the attacker tunes the wifi radio power so that the spoofed packets can reach the victim, but cannot reach the AP (or external detection device).

When filtering fails, the next best option is to detect and forcibly abort the attack. We pursue this direction in the next section.