90 likes | 103 Views
Learn about various types of DoS attacks on the 802.11 network, from electronic/physical layer tactics to application layer vulnerabilities. Explore overpowering techniques, interference issues, and legal considerations. Discover how RTS/CTS attacks and application-specific vulnerabilities pose threats, and find out how to secure systems effectively.
E N D
Andrew Taylor 802.11 Denial Of Service
Types of DoS • Electronic/Phy layer • Overpowering, modulation techniques • Management Frame DoS • i.e. RTS/CTS • Application Specific • Application layer vulnerabilities
Low level interference • Quick interference recap: • Any type of interference is bad with 802.11g/a due to QPSK • Error correction/retransmission has a hard time keeping up under load.
Causing Interference • Directional Antenna • High power output • FCC PtoP over 4 watts if directional antenna gain greater than 6dBi • Legal attacks within FCC range • Determined attackers wont care about FCC restrictions
Higher Layer Attacks • RTS/CTS • 802.11 ACK (with large duration value) attack when AP using RTS/CTS, made by modifying the NAV to force a clear medium for an extended period of time.
RTS/CTS Attack Cont. • Maximum NAV value is ~32 milliseconds. • Attacker need only to transmit 30 times a second for full medium denial. • RTS/CTS is not authenticated. • Require correct firmware/hardware to disregard standards. (AUX port) • Some clients disregard standards
Application Layer Vulnerabilities • New ones coming out all the time, vendor specific. • Recent Cisco vulnerability allows a reload of the system when malformed POST is sent to the login page of the web administration. • Patching systems and employing other means of security is the only way to be sure.
Sources • ARRL. (n.d.). Amature Radio Service. Retrieved March 2009, from http://www.arrl.org/FandES/field/regulations/news/part97/ • Cisco Systems. (2009, February 04). Cisco Security Center. Retrieved March 12, 2009, from http://tools.cisco.com/security/center/viewAlert.x?alertId=16321 • John Bellardo, S. S. (2002). 802.11 Denial-of-Service Attacks. Retrieved March 2009, from http://www-cse.ucsd.edu/~savage/papers/UsenixSec03.pdf