1,500 severe security events detected on Black Hat WLAN
The WLAN network at Black Hat was accessed by 3,155 attendees with a maximum of 904 simultaneous clients, detected and quickly contained a total of 1,561 severe independent security events.
These events included more than 280 rouge APs – with some rogue APs attempting to impersonate the official event network.
Other wireless attacks that were detected included Block ACK DoS attacks, Power Save DoS attacks, Deauth Broadcast, AP Spoofing and “Hotspotter” attacks. The network also detected some malicious fragmentation-based attacks from the wired side, which were all contained very quickly.
Apple devices were most prevalent at this year’s event, with iOS devices at 29.6 percent of the total and 13.7 percent for Mac OS. Linux users came in at 19.9 percent of the total, Windows were 19.2 percent and Android 17.6 percent.
The network, which covered a 200,000 square foot facility, consisted of 23 mesh point Aruba AP-134 APs and 16 mesh portal Aruba AP-134 APs. The 16 mesh portal APs were wired into the hotel’s infrastructure. Also included in the network were an Aruba 3600 Mobility Controller and an Aruba S3500 Mobility Access Switch.
Aruba engineer Robbie Gill said: “You simply don’t see the kind of traffic, users or volume of security incidents that you see at Black Hat USA anywhere else.”