lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20030311222632.25856.qmail@www.securityfocus.com>
Date: 11 Mar 2003 22:26:32 -0000
From: Mark Osborne <mark@...d-fat-bloke.co.uk>
To: bugtraq@...urityfocus.com
Subject: 802.11b  DoS exploit





While working to develop code for WIDZ that is equivalent to a standard 
Intrusion Detection system’s RESET or SHUN functionality, an effective 
802.11b disruption of service attack has been discovered.  I haven’t 
spotted any other postings so here we go….

FATA-jack - a modified version of the Wlan-jack, Fata-jack sends an 
Authentication-Failed packets (with a reason code of previous 
authentication failed) to a Wireless client PC.  The source and 
destination macs have been spoofed so as to appear to come from the Access-
point.  The original Wlan-jack code rate of transmission has been 
significantly reduced to a meagre rate of 1 every 2.5 seconds, so as to 
avoid any flood effect.

In limited tests on multiple operating systems including Windows98, 
Windows ME and Linux, FATA-jack effectively tears down any active session 
and in many cases causing the client driver or client software to fail 
requiring a reboot.

Apart from being an extremely lethal DoS attack, FATA-jack is significant 
for a number of reasons:

-As the transmission rate is very low, it is easy to see how a low-spec PC 
and a standard 802.11 card could  disable a large wireless network.

-As the malevolent packet are sent directly to the client these will not 
picked-up by logging functionality on the AP (if you have any) – this 
highlights the need for Wireless IDS.

-As the malevolent packets are spoofed AND sent directly to client MAC 
protection or WEP protection will not prevent it.  

-Some workmates have suggested that it could be used to cause IVs/WEP keys 
to be cycled.  This would significantly reduce the time for a WEP cracking 
exercise. This is yet to be verified.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ