A look into Black Hat's wireless network
Posted on 10 August 2011.
Aruba Networks, which provided and maintained the wireless network for last week’s Black Hat USA 2011 conference, today provided some interesting statistics around the network’s use.


The device-fingerprinting capabilities of the Aruba network enabled visibility into exactly who was using what on the network:
  • Apple devices were most prevalent at 43.3 percent of all devices (28.4 percent alone for iOS iPad and iPhone, with another 14.9 percent running OS X)
  • Linux users composed 35 percent of the total
  • Windows users represented 21.8 percent.
Aruba broadcast three network SSIDs at Black Hat USA 2011: one WPA pre-shared key (PSK) for the conference generally, one PEAP network with user self-registration and one EAP-TLS network (for iOS devices) with Aruba’s Mobile Device Access Control (MDAC) solution.

While the majority of attendees used the Black Hat PSK network, Aruba was pleased to find almost 200 attendees utilizing the PEAP/EAP-TLS “secured” network.

This secured network was provisioned using Aruba Amigopod, requiring attendees to accept certificates before being granted network access.

"This scheme seemed to work very well in a hostile environment like Black Hat with no pre-established trust in users or secure means to provision credentials,” said Aruba engineer Robbie Gill, Ph.D., who led the design and deployment of the Black Hat network. “We also managed to capture a huge amount of security events, the most interesting of which were IP spoofing, AP spoofing, Power save DoS attacks and Block ACK attacks. The Aruba controller was configured to block all spoofing attacks and no communication was permitted between users at any network layer in order to protect them from each other."

The wireless network for the conference, designed and deployed by Aruba Networks, and based on the Aruba Mobile Virtual Enterprise (MOVE) architecture, included more than 30 Aruba AP-134 access points distributed over more than 200,000 square feet in the Caesar’s Palace Conference Center.

The network was accessed by more than 2,400 attendees, with 853 as the maximum number of concurrent users. The network detected and contained more than 8,790 independent security events, including 670 rogues, 191 AP flood attacks, 489 instances of AP spoofing, 579 instances of IP spoofing, 1,659 “Hotspotter” attacks and 1,799 “Block ACK” attacks.





Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //