5 Network problems / anomalies detected

connection loss
excessive collisions

common RF issues

near/far problem

hidden node
interference

interference type

narrowband

wideband
channel overlapping

interference source
______________________________

abnormal frames
______________________________

excessive number of management / control frames

excessive frame type
___
excessive frame structure
___

rogue APs

AP1______________________

AP3_______________________

AP2______________________

rogue APs MACs

AP1______________________

AP3_______________________

AP2______________________

rogue APs IPs

AP1______________________

AP3_______________________

AP2______________________

rogue APs channels

AP1______________________

AP3_______________________

AP2______________________

rogue APs ESSIDs

AP1______________________

AP3_______________________

AP2______________________

rogue APs location

AP1______________________

AP3_______________________

AP2______________________

rogue AP signal strength

AP1______________________

AP3_______________________

AP2______________________

rogue APs use WEP

AP1______________________

AP3_______________________

AP2______________________

rogue APs WEP keys

AP1______________________

AP3_______________________

AP2______________________

rogue APs origin

intentional

unknown
unintentional

rogue access points have associated hosts
hosts associated (IP/MAC)
_____________________________________

_____________________________________

_____________________________________
other rogue wireless hosts detected

number of hosts
___

MAC1
_________________
IP1
__________________
MAC2
_________________
IP2
__________________
MAC3
_________________
IP3
__________________
physically discovered rogue wireless devices
PCMCIA client card
USB wireless client
CF client card

other
______________________________
Known signatures of wireless attack tools (version)

Netstumbler
___
Dstumbler
___

Windows XP scan
___
Wellenreiter
___

Airjack
___
Fata_jack
___

FakeAP
___
Other
___
Man-in-the-middle attacks signs (Double MAC / IP addresses)
MiM1
_______________________
MiM2
_______________________
MiM3
_______________________
MiM4
_______________________
Out of sequence frames present (amount/time)
_____/_____
Excessive deassociate frames
deauthenticate frames

time
___
amount
___

channel
___
Exsessive RF noise
strength
___

channel
___
Rogue DHCP servers present

IP
___________________
MAC ____________________
Atypical route advertisement (type/comments)

Type ____________________
Comments _______________
Type __________________
Comments _______________

Wireless DoS attack signs

Management/control frames flood

frame types _______________
origin MAC ________________

frame types _______________
origin MAC ________________

frame types _______________
origin MAC ________________

Out-of-sequence frames

origin MAC __________________________

Excessive RF noise
channel
___

jamming device discovered
___
strength
___

comments ____________________________________

High-layer DoS attack __________________________________

Comments ____________________________________________

High-layer DoS attack __________________________________

Comments ____________________________________________

Attacks against the access point detected _______________________________________

Comments ____________________________________________

brute-forcing attacks
via SNMP
___

via SSH

___
via telnet
___

via other means

___
via Web interface
___

Attacks against wireless hosts detected

Comments ____________________________________________

Attacks directed at the wired hosts from the WLAN _____________________________

Comments ____________________________________________

Attacks directed at the hosts on the Internet

Comments ____________________________________________

Attempts to send SPAM

Comments ____________________________________________

< Day Day Up >