Denial of Service and EnGenius Solution

Radio Interference

Users might experience strong Wi-Fi signal strength but have problems connecting to the AP or suffer an extremely low data rate. It’s usually because the WiFi channel utilization rate is so high that there is no bandwidth for valid clients. The interference sources might come from your neighbors’ Wi-Fi or from non-Wi-Fi appliances like microwave ovens.

Detection, Analysis, and Solution

Operating Channel Utilization Rate

EnGenius Cloud provides a real-time channel utilization analysis tool to view how many Wi-Fi and non-Wi-Fi radio signals utilize the operating channel, so users can know if the connectivity issue is because of high channel utilization or from non-Wi-Fi appliances nearby.

Full Channel Utilization Tool

When the operating channel is crowded, the best remedy is to move to a clean channel. Besides the real-time channel utilization analysis to see the utilization status of the current operating channel, EnGenius Cloud provides an additional helpful tool to show full channel utilization and density analysis to help you identify which channel is cleaner.

Spectrum Waterfall Analysis

When analyzing channel utilization, the user will see how dense the usage is in a given moment. However, brief interference might mislead the user into thinking the interference is ongoing. The spectrum waterfall analysis tool helps users see the interference over time with the “waterfall” display, so users can know which channel is cleaner over time instead of one specific time.

ACS (Auto Channel Selection)

Without manually selecting the channel from the full channel utilization graph or waterfall spectrum, users can run EnGenius auto channel selection (ACS) for an EnGenius AP to scan the environment and, based on the EnGenius algorithm, identify and move to a cleaner channel automatically.

Zero-Wait DFS for High-Density Environment

Under high density deployment, many non-overlapping Wi-Fi channels require that DFS channels be used to avoid channel interference. However, the AP will need to switch to another channel once protected radar is detected. Since non-DFS channels are highly dense, switching to another DFS channel is the best option. However it usually requires a >30 sec wait time to make sure the DFS channel can be used causing client session downtime. EnGenius zero-wait DFS technology in EnGenius “S” models (i.e., ECW220S, ECW230S) uses a dedicated scanning radio to keep listening for other available DFS channels that the AP can switch to immediately to keep client sessions connected.

RF Jamming

There are two kinds of RF jamming: radio jamming to simply block the radio channel and packet flooding to generate a massive number of Wi-Fi packets on the channel so that there is no bandwidth for valid clients to connect to the network.

Detection, Analysis, and Solution

RF Jamming Detection and Classification

EnGenius AirGuard provides RF jamming attack detection and categorizes the attacks as radio jamming or packet flood. It then specifies which channel is attacked and detected by which EnGenius AP, so users can know approximately which detected APs might have an RF jammer around. When the channel is jammed, users can use EnGenius ACS (auto channel selection) to move the SSID to another channel without being attacked.

Abnormal De-authentication and Disassociation packets

Clients must be authenticated by the AP with the correct security protocol (i.e., WPA2-personal PSK key) before associating with the AP. Clients are typically disconnected when they receive deauthentication or disassociation frames from the AP. Since the auth/deauth, asso/disasso management frames are unprotected most of the time, hackers can easily mimic the client to keep sending deauth/disassociation requests to the AP or mimic the AP to send deauth/disassociation responses to all clients, preventing them from accessing the AP.

Detection, Analysis, and Solution

Malicious De-Authentication and Disassociation Detection and Classification

EnGenius AirGuard has an algorithm to detect frequent abnormal de-authentication and disassociation frames and to report the malicious attack into one of two categories: de-authentication and disassociation. AirGuard can also detect if the attack is directed to a specific client, then the attacked party will show the client’s MAC address. Or if the attack is to mimic the AP to disconnect all clients, then the attacked party will show ff:ff:ff:ff:ff:ff instead.

802.11w Support to Protect the Management Frame

It’s highly recommended to enable 802.11w (802.11w-2009 MFP-Management Frame Protection) to protect the management frames and make sure the management frame is from a legitimate AP. Both clients and APs need to support 802.11w to communicate.