[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <40A3BDCF.3030207@arhont.com>
From: mlists at arhont.com (Andrew A. Vladimirov)
Subject: 802.11b (others) single packet DoS
The description of the attack appears to be too general and it is too
early to say anything before a detailed practical implementation of the
attack is shown (after all, this is Full Disclosure). From what I have
gathered reading the provided link, it is a form of a casual jamming
using a common wireless client card rather than a specific jamming
device a la http://www.svbxlabs.com/pages/projects/herf005/
Well, if it is the case, then there is nothing new about it. Anyone who
has experimented with FakeAP, knows that it can flood the channel pretty
badly, especially if the attacker sets a smaller interval between
beacons (e.g. with prism2_param beacon_int) and supplements it with the
probe requests flood (looping prism2_param hostscan). As an example, see
http://www.wi-foo.com/phorum/read.php?f=1&i=24&t=11#reply_24
at our forum.
Regards,
Andrew
--
Dr. Andrew A. Vladimirov
CISSP #34081, CWNA, CCNP/CCDP, TIA Linux+
CSO
Arhont Ltd - Information Security.
Web: http://www.arhont.com
http://www.wi-foo.com
Tel: +44 (0)870 44 31337
Fax: +44 (0)117 969 0141
GPG: Key ID - 0x1D312310
GPG: Server - gpg.arhont.com
michaeltone1975 wrote:
> http://www.auscert.org.au/render.html?it=4091
>
> The vulnerability is related to the medium access control (MAC)
> function of the IEEE 802.11 protocol. WLAN devices perform Carrier
> Sense Multiple Access with Collision Avoidance (CSMA/CA), which
> minimises the likelihood of two devices transmitting
> simultaneously. Fundamental to the functioning of CSMA/CA is the
> Clear Channel Assessment (CCA) procedure, used in all
> standards-compliant hardware and performed by a Direct Sequence
> Spread Spectrum (DSSS) physical (PHY) layer.
>
> An attack against this vulnerability exploits the CCA function at
> the physical layer and causes all WLAN nodes within range, both
> clients and access points (AP), to defer transmission of data for
> the duration of the attack. When under attack, the device behaves
> as if the channel is always busy, preventing the transmission of
> any data over the wireless network.
>
>
> http://standards.ieee.org/getieee802/download/802.11-1999.pdf
>
>
>
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists