It should come as no surprise that at a security conference called 'Black Hat' there would be a fair amount of shenanigans going on over the WLAN network.
According to Aruba Networks, which provided the Wi-Fi network at the conference last month in Las Vegas, attackers were up to their usual tricks. The company tracked and analyzed all attempted attacks throughout the event.
Here is what they found:
BLACKHAT 2009 STATS:
â¢ Security stats: â¢ 9 suspected rogue access points were detected. â¢ 175 attempts by a wireless user to access the Aruba mobility controller were blocked by the Aruba firewall. â¢ 23 impersonation attacks were detected. â¢ 71 non-Blackhat access points were detected. â¢ 154 denial-of-service attacks were detected.
In some ways, the numbers were an improvement from 2008; in some ways not. For example, fewer rogue access points were detected this year. On the other hand, there were 130 more denial-of-service attacks detected in 2009. Check out these numbers:
BLACKHAT 2008 STATS: - Security stats: - Each day there were between 10-15 rogue APs detected (rogue defined as an AP that was advertising the conference SSID of "BlackHat").
- 49 users attempted to connect to rogue APs and were blocked by RFprotect, which generated 709 shielding actions - 362 attempts by a wireless user to access the Aruba mobility controller were blocked by the Aruba firewall. - 221 attempts by a wireless user to ARP poison the default gateway were blocked by the Aruba firewall. - 140 port scans (nmap or similar) from wireless users to other wireless users were detected and blocked by the Aruba firewall. - 57 non-Blackhat APs were detected - 24 denial of service attacks were detected. The average duration of each attack was 24 seconds.
As some of you remember, I had my own experience with hacking at the conference last year, so any drop-off in attacks gets the thumbs up from me. But the stats are a reminder that whether you are at a security conference or at a local Starbucks, it is best to keep your guard up.