802.11w Tutorial
November 2nd, 2009
The new 802.11 security protocol called 802.11w was recently ratified. Check this 802.11w-Tutorial to know how it works and what it means for your WLAN.
The new 802.11 security protocol called 802.11w was recently ratified. Check this 802.11w-Tutorial to know how it works and what it means for your WLAN.
SA query procedures have been introduced to prevent certain DoS attacks that were possible on certain earlier drafts of 802.11w. Specifically, an attacker could transmit a fake assoc request (which is not a protected MF) and cause an AP to disonnect a client. An AP needs to do this to accomodate stations that may want to genuinely reconnect (e.g., due to reboot).
Such attacks can be prevented by using SA query procedures. According to the standard, on receiving such a fake packet, an AP will not disonnect a client immediately. Instead, it engages in a dialogue to see if the actual client can confirm that it has actually lost the association credentials. The AP actually waits for a timeout before which it resets its previous state, after which, the standard 802.11 auth/assoc procedures are allowed.
802.11w Standrad also talks about SA Query Action Frames.
Does your product supports that feature also.
Can you elaborate it a bit how it works..
WIPS systems need to rely on a combination of wired and wireless side defenses to protect against rogue APs. Deauthentication is just one example of wireless side defense – other techniques based on packets not protected by .11w can help preventing such rogues.
So how would your solution wirelessly block a rogue AP that was using 802.11w?
It appears that by introducing a new patch to a hole in the 802.11 protocol the IEEE has created a new hole.