implement a way to match IEEE 802.11 flooding. this will help to detect

known DoS attacks, like de-auth flooding against wireless networks.
an example is provided in the manual page.

"or could you just got for it?", deraadt@

1 files changed, 9 insertions, 2 deletions

diff --git a/etc/hostapd.conf b/etc/hostapd.conf
index facb834e656..bd833722e4f 100644
--- a/etc/hostapd.conf
+++ b/etc/hostapd.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: hostapd.conf,v 1.5 2005/09/29 23:24:56 reyk Exp $
+# $OpenBSD: hostapd.conf,v 1.6 2005/09/30 16:50:03 reyk Exp $
 # sample hostapd configuration file
 # see hostapd.conf(5)
 
@@ -58,7 +58,7 @@ hostap handle type data bssid !<myess> \
     with frame type management subtype deauth reason auth expire \
     from &bssid to ff:ff:ff:ff:ff:ff bssid &bssid
 
-# The first deauth example will not work with some newer stuff, like
+# The first de-auth example will not work with some newer stuff, like
 # iwi(4)/ipw(4) "centrino", because they ignore management frames to
 # the broadcast address as a countermeasure against the "void11"
 # attack. 
@@ -67,6 +67,13 @@ hostap handle type data bssid !<myess> \
 #    with frame type management subtype deauth reason auth expire \
 #    from &bssid to &from bssid &bssid
 
+# Detect flooding of management frames except beacons.
+# This will detect some possible Denial of Service attacks
+# against the IEEE 802.11 protocol (like "void11").
+hostap handle skip type management subtype ! beacon \
+    with log \
+    rate 100 / 10 sec
+
 # Finally log any rogue accesspoints limited to every second.
 # The skip keywords instructs hostapd to ignore further IAPP
 # processing.