('binary' encoding is not supported, stored as-is) While working to develop code for WIDZ that is equivalent to a standard Intrusion Detection system’s RESET or SHUN functionality, an effective 802.11b disruption of service attack has been discovered. I haven’t spotted any other postings so here we go…. FATA-jack - a modified version of the Wlan-jack, Fata-jack sends an Authentication-Failed packets (with a reason code of previous authentication failed) to a Wireless client PC. The source and destination macs have been spoofed so as to appear to come from the Access- point. The original Wlan-jack code rate of transmission has been significantly reduced to a meagre rate of 1 every 2.5 seconds, so as to avoid any flood effect. In limited tests on multiple operating systems including Windows98, Windows ME and Linux, FATA-jack effectively tears down any active session and in many cases causing the client driver or client software to fail requiring a reboot. Apart from being an extremely lethal DoS attack, FATA-jack is significant for a number of reasons: -As the transmission rate is very low, it is easy to see how a low-spec PC and a standard 802.11 card could disable a large wireless network. -As the malevolent packet are sent directly to the client these will not picked-up by logging functionality on the AP (if you have any) – this highlights the need for Wireless IDS. -As the malevolent packets are spoofed AND sent directly to client MAC protection or WEP protection will not prevent it. -Some workmates have suggested that it could be used to cause IVs/WEP keys to be cycled. This would significantly reduce the time for a WEP cracking exercise. This is yet to be verified.
This archive was generated by hypermail 2b30 : Tue Mar 11 2003 - 15:03:25 PST