Re: (AUSCERT AA-2004.02) AUSCERT Advisory - Denial of Service Vulnerability in IEEE 802.11 Wireless Devices (fwd)

[Gunter Luyten <gunter.lists () haxor be>]

Valdis.Kletnieks () vt edu wrote:
> On Thu, 13 May 2004 20:36:47 +0200, Gunter Luyten <gunter.lists () haxor be>  said:
>
>
> > >         The model of a shared communications channel is a fundamental
> > >         factor in the effectiveness of an attack on this vulnerability.
> > >         For this reason, it is likely that devices based on the newer IEEE
> > >         802.11a standard will not be affected by this attack where the
> > >         physical layer uses Orthogonal Frequency Division Multiplexing
> > >         (OFDM).
> >
> > That might be possible indeed, but this confirms to me that this 
> > "vulnerability" is based upon radio physics rather than shortcomings in 
> > the CSMA/CA protocol.
>
>
> What they're saying here is "We'll not be affected by *THIS* attack (the one
> that transmits on 1 frequency per channel)".  A moment's pondering will
> show that all you have to do is apply the same attack to the 48 OFDM subcarriers
> at once.  In other words, just a little more challenging.  (Remember, every
> single card that does OFDM has the circuitry to handle this already on it).
>
> So no, you can't take down an OFDM with a PDA that does 802.11b.
>
> You have to get a PDA that has an OFDM-capable card. :)

Indeed, that's right.  A similar attack against OFDM takes more than 
just jamming one frequency, but it's still possible to interfere. 
Techniques as frequency hopping and multiplexing make it more difficult 
to exploit, but as long as the communication is based on a shared 
medium, the vulnerability stays.

Best regards,
Gunter Luyten

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html