Browse Source

implement a way to match IEEE 802.11 flooding. this will help to detect

known DoS attacks, like de-auth flooding against wireless networks.
an example is provided in the manual page.
"or could you just got for it?", deraadt@
OPENBSD_3_9
reyk 19 years ago
parent
commit
c559c8152e
1 changed files with 9 additions and 2 deletions
  1. +9
    -2
      src/etc/hostapd.conf

+ 9
- 2
src/etc/hostapd.conf View File

@ -1,4 +1,4 @@
# $OpenBSD: hostapd.conf,v 1.5 2005/09/29 23:24:56 reyk Exp $
# $OpenBSD: hostapd.conf,v 1.6 2005/09/30 16:50:03 reyk Exp $
# sample hostapd configuration file # sample hostapd configuration file
# see hostapd.conf(5) # see hostapd.conf(5)
@ -58,7 +58,7 @@ hostap handle type data bssid !<myess> \
with frame type management subtype deauth reason auth expire \ with frame type management subtype deauth reason auth expire \
from &bssid to ff:ff:ff:ff:ff:ff bssid &bssid from &bssid to ff:ff:ff:ff:ff:ff bssid &bssid
# The first deauth example will not work with some newer stuff, like
# The first de-auth example will not work with some newer stuff, like
# iwi(4)/ipw(4) "centrino", because they ignore management frames to # iwi(4)/ipw(4) "centrino", because they ignore management frames to
# the broadcast address as a countermeasure against the "void11" # the broadcast address as a countermeasure against the "void11"
# attack. # attack.
@ -67,6 +67,13 @@ hostap handle type data bssid !<myess> \
# with frame type management subtype deauth reason auth expire \ # with frame type management subtype deauth reason auth expire \
# from &bssid to &from bssid &bssid # from &bssid to &from bssid &bssid
# Detect flooding of management frames except beacons.
# This will detect some possible Denial of Service attacks
# against the IEEE 802.11 protocol (like "void11").
hostap handle skip type management subtype ! beacon \
with log \
rate 100 / 10 sec
# Finally log any rogue accesspoints limited to every second. # Finally log any rogue accesspoints limited to every second.
# The skip keywords instructs hostapd to ignore further IAPP # The skip keywords instructs hostapd to ignore further IAPP
# processing. # processing.


Loading…
Cancel
Save