Protecting against Virtual Jamming (RTS/CTS) attacks ?

Similar Messages

• How do I protect against WPA de-authentication attacks?

  Source: http://superuser.com/questions/216477/how-do-i-protect-against-wpa-de-authentica tion-attacks
  Someone is constantly sending deauth packets to me.... =(
  Is there a way to maybe ignore de-auth packets? I know sometimes they are legit... But I'm not clear on when.... maybe if there was a way to detect when they were from the router... or something... not ... that... that also couldn't be forged... bah... =(

  Not much you can do about it.
  http://www.netstumbler.org/f9/block-prevent-deter-deauthentication-attacks-19607 /
  Regards,

• Each time I start Firefox it says: "URGENT! Your version of Firefox is no longer protected against online attacks. Get the upgrade - it's fast and free!" I am using ver. 3.6.13 and upgrading "successfully" only stays on 3.6.13 with same URGENT message.

  Each time I start Firefox it says:
  "URGENT! Your version of Firefox is no longer protected against online attacks. Get the upgrade - it’s fast and free!"
  I am using ver. 3.6.13 and upgrading "successfully" only stays on 3.6.13 with same URGENT message.

  Your UserAgent string in Firefox is messed up and needs to be reset. <br />
  [http://en.wikipedia.org/wiki/User_Agent]
  type '''about:config''' in the URL bar and hit Enter <br />
  ''If you see the warning, you can confirm that you want to access that page.'' <br />
  Filter ='''general.useragent.''' <br />
  Right-click the preferences that are '''bold''', one line at a time, and select ''' ''Reset'' ''', <br />
  Then restart Firefox

• Lightswitch Security, Protection against SQL Injection attacks etc.

  Hi all,
  I have been hunting around for some kind of documentation that explains how Lightwitch handles typical web application vunerabilities such as SQL injection attacks.
  In the case of injection attacks it is my understanding the generated code will submit data to the database via names parameters to protect against such things but it would be good to have some official account of how Lightswitch handles relevant OWASP
  issues to help provide assurance to businesses that by relying on a framework such as Lightswitch does not introduce security risks.
  Is anyone aware of such documentation? I found this but it barely scratches the surface:
  http://msdn.microsoft.com/en-us/library/gg481776.aspx?cs-save-lang=1&cs-lang=vb#code-snippet-1
  There is this which describes best practices but nothing to say that these practices are adopte within Lightswitch
  http://msdn.microsoft.com/en-us/library/gg481776.aspx?cs-save-lang=1&cs-lang=vb#code-snippet-1
  Thanks for any help, I am amazed that it is so difficult to find?

  LS is a tool built in top of other technologies including Entity Framework.
  Here is a security doc about EF.
  http://msdn.microsoft.com/en-us/library/vstudio/cc716760(v=vs.100).aspx
  LS uses Linq to Entities and therefore is not susceptible to SQL injection.
  HTH,
  Josh
  PS... the only vulnerability that I'm aware of is when a desktop app is deployed as 2-tier instead of 3-tier.  In that case, the web.config which contains connection strings is on the client machine, which is a risk.  Here is a discussion related
  to db security & 2 vs 3-tier.
  https://social.msdn.microsoft.com/Forums/vstudio/en-US/93e035e0-0d2e-4405-a717-5b3207b3ccac/can-sql-server-application-roles-be-used-in-conjunction-with-lightswitch?forum=lightswitch

• Firefox 3 says I no longer have protection against online attacks

  firefox 3.6.13 says I no longer have protection against online attacks. Version 4 will not run because I don't have "enough previledges for some itms.'''
  '''

  The Firefox 3.5.x branch has reached end-of-life and is no longer maintained.<br />
  You will no longer receive security updates.<br />
  You can update Firefox via "Help > Check for Updates" or download and install the latest Firefox 3.6.x or 4.0.x version.<br />
  <br />
  Download a new copy of the Firefox program and save the DMG file to the desktop
  * Firefox 4.0.x: http://www.mozilla.com/en-US/firefox/all.html
  * Firefox 3.6.x: http://www.mozilla.com/en-US/firefox/all-older.html
  * Trash the current Firefox application to do a clean (re-)install
  * Install the new version that you have downloaded
  Your profile data is stored elsewhere in the [http://kb.mozillazine.org/Profile_folder_-_Firefox Firefox Profile Folder], so you won't lose your bookmarks and other personal data.

• What are the most common/important DB firewall intrusion methods Security Admins need to protect against?

  Hi everyone,
  I was curious about the top methods attackers are using to breach Oracle DB firewalls.  We are running Oracle 11.2.0.4 DB running on RedHat Linux 5.3 and using the standard IP tables/firewall for Linux turned on.  We have all the ports closed that were recommended by our security auditing company.  However, we just wanted to know if there were specific attack methods that are commonly being used which we should additionally protect against.
  Thanks in advance for any info.

  Anybody? Bueller?  Bueller?

• CS3/CS4 protecting against SQL Injection

  Hi:
  I was wondering if the newer versions of Dreamweaver like CS3/CS4 do a good enough job to protect against SQL Injection when using the built in Insert/Update/Delete behaviors or should I use Commands with Stored Procedures (MS SQL)?
  Thanks!
  Mitch

  David , Günter - many thanks for your help !
  In my ignorance I appear to have been misled by my website host who, in response to a related problem, informed me as follows:
  "your website's scripting does appear to be highly vulnerable to SQL  injection attack, this can be easily seen via the following example:
  /s-sub_detail.php?cat_id=TEST
  As  you can see, arbitrary data entered as the cat_id variable of the shopping cart  script is being passed unchecked to the SQL server, which is then returning a  notice relevant to the data passed (in the above example case this is an  "unknown column" error) - This effectively demonstrates that your shopping cart  script performs no validation on variables used within the script and passes  them directly to the SQL server, which means arbitrary commands can potentially  be added as variable data for the SQL server to execute.
  In order to  correct this all variables and any other posted data used by the shopping cart  script must be fully validated by the script itself before being passed to the  SQL server so that SQL commands cannot be executed by simply manually entering  these as a script variable".
  Thanks to David I understand the issue with the need for data validation but the response above appears to indicate that they believe there is more to it.
  David and Günter - I would welcome your response to the above and perhaps recommendations for SQL injection vulnerability testing.
  Kind regards
  J

• CFInsert/Update: protection against SQL injection?

  Hello,
  I'm trying to find out if the use of CFInsert or CFUpdate
  offers any protection against a SQL Injection attack. We are on a
  project that uses many CFInserts and Updates, and lack the time to
  rewrite new queries using CFQueryParam. Will a CFInsert or Update
  handle the situation?

  Validate every field before you get to the cfinsert/cfupdate
  tag, something you should have been doing anyway.

• 802.11 RTS/CTS and hidden node problem

  Guys,
  A little confused here.
  The hidden node problem is if two nodes within a cell can hear the AP but not each other. OK.
  But, when we talk about 802.11b and 802.11g backwards compatibility causing reduced throughtput in terms of bandwidth, it seems that this is always blamed on 802.11g stations having to use RTS/CTS.
  But,
  Even in an 802.11g only cell, dont stations still have to use RTS/CTS mechanisms for the hidden node problem?
  I'm confused.com!
  Thx
  Ken

  When 802.11b clients are associated to an 802.11g access point, the access point will turn on a protection mechanism called Request to Send/Clear to Send (RTS/CTS). Originally a mechanism for addressing the "hidden node problem" , RTS/CTS adds a degree of determinism to the otherwise multiple access network. When RTS/CTS is invoked, clients must first request access to the medium from the access point with an RTS message. Until the access point replies to the client with a CTS message, the client will refrain from accessing the medium and transmitting its data packets. When received by clients other than the one that sent the original RTS, the CTS command is interpreted as a "do not send" command, causing them to refrain from accessing the medium. One can see that this mechanism will preclude 802.11b clients from transmitting simultaneously with an 802.11g client, thereby avoiding collisions that decrease throughput due to retries. One can see that this additional RTS/CTS process adds a significant amount of protocol overhead that also results in a decrease in network throughput.
  In addition to RTS/CTS, the 802.11g standard adds one other significant requirement to allow for 802.11b compatibility. In the event that a collision occurs due to simultaneous transmissions (the likelihood of which is greatly reduced due to RTS/CTS), client devices "back off" the network for a random period of time before attempting to access the medium again. The client arrives at this random period of time by selecting from a number of slots, each of which has a fixed duration. For 802.11b, there are 31 slots, each of which are 20 microseconds long. For 802.11a, there are 15 slots, each of which are nine microseconds long. 802.11a generally provides shorter backoff times than does 802.11b, which provides for better performance than 802.11a, particularly as the number of clients in a cell increases. When operating in mixed mode (operating with 802.11b clients associated) the 802.11g network will adopt 802.11b backoff times. When operating without 802.11b clients associated, the 802.11g network will adopt the higher-performance 802.11a backoff times.

• Safe keyboard - protection against keyloggers when typing in username and password.

  In addition to the banking protection that pop ups every time browsing to a banking site, there could be a protection against keyloggers (e.g safe keyboard) that pop ups every time doing online shopping and banking. A safe keyboard could protect from malware that trys to spy out user names and passwords. Regards.  

  Hello, Sorry also for reply. But do you know any good software with protection against keyloggers?? And here I also mean something like: -> Good software - trusted software. -> Good protection - without a lot of false-positives or prevented valid actions (such as - it's not hard.. "block all" and user should to think... allow it or not).... but also with protection against "valid" keyloggers too (such as valid remote administrator tools, business keyloggers and other... which can be "valid" for any security-software and be ignored). also... like example.. software... which able to detect Microsoft Windows 10 Technology Preview default "keylogger".  With other meanings... potentially F-Secure should to detect any malicious  "keyloggers" (which able to collect and transfer it) as Trojan-files. Or any other malicious, suspicious.... spyware, riskware or other. Related with sample. It's mean - if here keylogger - F-Secure should to prevent/detect it before... And if here to add something specific against keyloggers. It's should be totally cool and powerful. And not just as "something about protection against keyloggers". Which already long time in use as default part of protection. Sorry for reply again. I just mean... that some of other Security Companies... have security feature as "protection against keyloggers" - but it's not always work best (such as protection... and such as worry-free for user)... or just part of "default steps", which F-Secure already have. With target attacks.. potentially on current time without good examples as one security suite (which will be not always too much angry).

• RTS/CTS Mechanism

  Guys,
  Could you please explain briefly about RTS/CTS mechanism.
  when an environment use RTS/CTS mechanism?
  when CTS to self frames occurs?
  How CSMA/CA mechanism involved in RTS /CTS mechanism?
  Thanks,
  Suresh

  What happen when the rts packet destroy or collide with another packet.
  When the RTS doesn't reach the radio the client will not get a CTS and will retry the RTS frame again.
  What is difference b/w DCF & EDCA.
  DCF doesn't support QoS and is considered equal access tocall. QoS is supported in HCF. EDCA work with HCF and QoS. It is the mechanism that supports cW sizes.  
  What is the time duration for “cts-to-self”.
  Depends on really on how long the client needs the medium for. If it send large frames @ 1500 bytes at 1 PHY, it will need more time of course. 
  What is the max frame size of the rts & cts & cts-to-self.
  Not sure, but they are small. These are control frames and have no payload. 
  In which 802.11 standard does rts and cts are implemented.
  RTS/CTS is used when the protection mechanism is used for example b clients on a g/n network. Its also used in the new 11ac as well.
  Does 802.11b supports rts and cts. If not then which CSMA/CA is used
  I can't recall if b does I want to say yes. CSMA/CA is more about the overall mechanics not RTS/CTS.

• Itunes error. the data execution prevention pops up and says "to protect your computer, windows has closed this program. Data execution prevention helps protect against damage from viruses and other threat.

  I have a windows Xp computer. and i needed to download the newest itunes to support my ipod touch. but now my computer doesn't let me open itunes. The the data execution prevention pops up and says "to protect your computer, windows has closed this program. Data execution prevention (DEP) helps protect against damage from viruses and other threat." I tried excluding itunes from DEP on settings but it still doesn't work. I don't know what to do. please help me!!!
  thanks 

  try to select the computer cd/dvd autorun off.
  I had the same problem, then Kaspersky software found a conflict suggesting me this solution.
  Itunes now works...even if it always asks to set the cd/dvd autorun on when lunched.

• SCC4 - Protection against SAP upgrade

  Hello guys,
  i have a question regarding to the "Protection against SAP upgrade" flag in SCC4 for the client settings.
  I know that this flag will make a client unusable in case of an upgrade (for example from ERP2004 to ERP2005), but what is about applying support packages?
  Is this flag also valid for support packages?
  The documentation about this parameter does not make a statement to this point:
  > If this flag is set, the client is no longer supplied with data during SAP upgrades. After an SAP upgrade, it is not possible to work actively in the client. The flag can only be set for a test client or an SAP reference client (Early Watch).
  Does SAP understand "applying support packages" as an upgrade?
  Answers will be rewarded.
  Regards
  Stefan

  No.
  Applying SP is not SAP upgrade.
  -Pinkle

• Same Channel on Different WLANs and RTS/CTS

  Hi
  I have 2 questions about physical layer of wireless lan.
  1-) Many WLANs(SSID) use same channel for communication, that means they use same frequency, what prevents the collisions between different wlans but same channel?( I am asking about RF signal collision)
  2-) Do rts and cts valid for just one wlan that computer which is generated, belongs to or do rts/cts synchronize all different wlans that use same frequency.
  Thanks.

  1.) Congestion Avoidance.  Before the client transmits, it listens to for energy on the frequency it is transmitting on.  If it hears energy, it backs off for a time.  Then listens again.
  http://en.wikipedia.org/wiki/Carrier_sense_multiple_access_with_collision_avoidance  take a look at the diagram on the left
  2.) RTS/CTS client sends the RTS, then the AP will send the CTS.
  http://en.wikipedia.org/wiki/IEEE_802.11_RTS/CTS
  HTH,
  Steve

• "FRM-40200: Field is protected against update"

  "FRM-40200: Field is protected against update" ...
  hi guru,
  when im about to check the checkbox in transaction statuses in receiving-> transaction status summary . to  resolve the pending receiving transaction in PO, this error occurs "FRM-40200: Field is protected against update" ...
  Thanks

  Hi,
  In this form you may delete the record but won't be able to update it.
  Thanks,
  PS.