Full Disclosure mailing list archives
Re: 802.11b (others) single packet DoS
From: "Andrew A. Vladimirov" <mlists () arhont com>
Date: Thu, 13 May 2004 19:26:23 +0100
The description of the attack appears to be too general and it is too early to say anything before a detailed practical implementation of the attack is shown (after all, this is Full Disclosure). From what I have gathered reading the provided link, it is a form of a casual jamming using a common wireless client card rather than a specific jamming device a la http://www.svbxlabs.com/pages/projects/herf005/
Well, if it is the case, then there is nothing new about it. Anyone who has experimented with FakeAP, knows that it can flood the channel pretty badly, especially if the attacker sets a smaller interval between beacons (e.g. with prism2_param beacon_int) and supplements it with the probe requests flood (looping prism2_param hostscan). As an example, see
http://www.wi-foo.com/phorum/read.php?f=1&i=24&t=11#reply_24 at our forum. Regards, Andrew -- Dr. Andrew A. Vladimirov CISSP #34081, CWNA, CCNP/CCDP, TIA Linux+ CSO Arhont Ltd - Information Security. Web: http://www.arhont.com http://www.wi-foo.com Tel: +44 (0)870 44 31337 Fax: +44 (0)117 969 0141 GPG: Key ID - 0x1D312310 GPG: Server - gpg.arhont.com michaeltone1975 wrote:
http://www.auscert.org.au/render.html?it=4091 The vulnerability is related to the medium access control (MAC) function of the IEEE 802.11 protocol. WLAN devices perform Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA), which minimises the likelihood of two devices transmitting simultaneously. Fundamental to the functioning of CSMA/CA is the Clear Channel Assessment (CCA) procedure, used in all standards-compliant hardware and performed by a Direct Sequence Spread Spectrum (DSSS) physical (PHY) layer. An attack against this vulnerability exploits the CCA function at the physical layer and causes all WLAN nodes within range, both clients and access points (AP), to defer transmission of data for the duration of the attack. When under attack, the device behaves as if the channel is always busy, preventing the transmission of any data over the wireless network. http://standards.ieee.org/getieee802/download/802.11-1999.pdf_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- 802.11b (others) single packet DoS michaeltone1975 (May 13)
- Re: 802.11b (others) single packet DoS Andrew A. Vladimirov (May 13)