lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <40A3BDCF.3030207@arhont.com>
From: mlists at arhont.com (Andrew A. Vladimirov)
Subject: 802.11b (others) single packet DoS

The description of the attack appears to be too general and it is too 
early to say anything before a detailed practical implementation of the 
attack is shown (after all, this is Full Disclosure). From what I have 
gathered reading the provided link, it is a form of a casual jamming 
using a common wireless client card rather than a specific jamming 
device a la http://www.svbxlabs.com/pages/projects/herf005/

Well, if it is the case, then there is nothing new about it. Anyone who 
has experimented with FakeAP, knows that it can flood the channel pretty 
badly, especially if the attacker sets a smaller interval between 
beacons (e.g. with prism2_param beacon_int) and supplements it with the 
probe requests flood (looping prism2_param hostscan). As an example, see
http://www.wi-foo.com/phorum/read.php?f=1&i=24&t=11#reply_24
at our forum.

Regards,
Andrew

-- 
Dr. Andrew A. Vladimirov
CISSP #34081, CWNA, CCNP/CCDP, TIA Linux+
CSO
Arhont Ltd - Information Security.

Web: http://www.arhont.com
      http://www.wi-foo.com
Tel: +44 (0)870 44 31337
Fax: +44 (0)117 969 0141
GPG: Key ID - 0x1D312310
GPG: Server - gpg.arhont.com




michaeltone1975 wrote:
> http://www.auscert.org.au/render.html?it=4091
> 
> The vulnerability is related to the medium access control (MAC)
> function of the IEEE 802.11 protocol.  WLAN devices perform Carrier
> Sense Multiple Access with Collision Avoidance (CSMA/CA), which
> minimises the likelihood of two devices transmitting
> simultaneously.  Fundamental to the functioning of CSMA/CA is the
> Clear Channel Assessment (CCA) procedure, used in all
> standards-compliant hardware and performed by a Direct Sequence
> Spread Spectrum (DSSS) physical (PHY) layer.
> 
> An attack against this vulnerability exploits the CCA function at
> the physical layer and causes all WLAN nodes within range, both
> clients and access points (AP), to defer transmission of data for
> the duration of the attack. When under attack, the device behaves
> as if the channel is always busy, preventing the transmission of
> any data over the wireless network.
> 
> 
> http://standards.ieee.org/getieee802/download/802.11-1999.pdf
> 
> 
> 
> 
> 
>                                                                       
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ