Abstract

Denial of Service (DoS) attacks on 802.11 wireless LANs can be caused by management frames sent by rogue access points. Unfortunately, such attacks can be successful even if the wireless network is protected by a high-level security protocol such as WiFi Protected Access Version 2 (WPA2). We present a novel client-based scheme for the prevention of such intrusions. By using a Medium Access Control (MAC) filtering mechanism, the “smart” client is able to differentiate between legitimate and forged management frames. The proposed mechanism is non-cryptographic, has low overheads and can be deployed in existing IEEE 802.11 WLANs. We have built and tested a prototype of our scheme. We demonstrate that our mechanism can protect wireless clients against management frame DoS attacks launched at the MAC layer.