summaryrefslogtreecommitdiff
path: root/etc/hostapd.conf
diff options
context:
space:
mode:
authorReyk Floeter <reyk@cvs.openbsd.org>2005-09-30 16:50:04 +0000
committerReyk Floeter <reyk@cvs.openbsd.org>2005-09-30 16:50:04 +0000
commit6bd954e164539db60d4af401780384d6a7c13b39 (patch)
tree1e585148910e904d12c143e07d2fa50b6ada1b27 /etc/hostapd.conf
parentf90eba61558219c16a257f4788d9167eb3fbd7d6 (diff)
implement a way to match IEEE 802.11 flooding. this will help to detect
known DoS attacks, like de-auth flooding against wireless networks. an example is provided in the manual page. "or could you just got for it?", deraadt@
Diffstat (limited to 'etc/hostapd.conf')
-rw-r--r--etc/hostapd.conf11
1 files changed, 9 insertions, 2 deletions
diff --git a/etc/hostapd.conf b/etc/hostapd.conf
index facb834e656..bd833722e4f 100644
--- a/etc/hostapd.conf
+++ b/etc/hostapd.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: hostapd.conf,v 1.5 2005/09/29 23:24:56 reyk Exp $
+# $OpenBSD: hostapd.conf,v 1.6 2005/09/30 16:50:03 reyk Exp $
# sample hostapd configuration file
# see hostapd.conf(5)
@@ -58,7 +58,7 @@ hostap handle type data bssid !<myess> \
with frame type management subtype deauth reason auth expire \
from &bssid to ff:ff:ff:ff:ff:ff bssid &bssid
-# The first deauth example will not work with some newer stuff, like
+# The first de-auth example will not work with some newer stuff, like
# iwi(4)/ipw(4) "centrino", because they ignore management frames to
# the broadcast address as a countermeasure against the "void11"
# attack.
@@ -67,6 +67,13 @@ hostap handle type data bssid !<myess> \
# with frame type management subtype deauth reason auth expire \
# from &bssid to &from bssid &bssid
+# Detect flooding of management frames except beacons.
+# This will detect some possible Denial of Service attacks
+# against the IEEE 802.11 protocol (like "void11").
+hostap handle skip type management subtype ! beacon \
+ with log \
+ rate 100 / 10 sec
+
# Finally log any rogue accesspoints limited to every second.
# The skip keywords instructs hostapd to ignore further IAPP
# processing.