Spoofing Detection Methods in Wireless LAN (WLAN) - A Study with pros and cons

Spoofing makes the task of identification and tracking back of the perpetrator / initiator in Cyber Crimes very difficult, e.g. the attacks by way of changing its network identifiers in WLANs. In such a scenario, spoof detection methods have gain wide attention. One way to prevent from spoofing is to authenticate the frames. However, in 802.11 WLANs, authentication and encryption for management and control frames is not provided. Further, present MAC spoofing detection techniques bring out large number of false positives. This paper discusses the various spoofing detection methods. Each method has its own pros and cons and provides a different level of security ranging from low to high. By analyzing the different detection techniques together, it is brought out in the paper as to which particular method could be more suitable in a particular scenario and how one can easily get the reduced false positives. As a study, performing a Session Containment attack by spoofing the IP address of the access point (AP) is also presented and detection of the attack is done using sequence number analysis method. By way of retrospect, an outline of future work is also suggested in the concluding remarks.