Good morning! > >After all, you'll never be safe from jamming or eavesdropping on a > >shared media. You'll never get 100 % security, but with today's > >wireless networks, jamming is >very hard and will require > >sophisticated equipment. > > You speak of jamming at layer 1. What about jamming at layer 2 using > RTS/CTS? I've never tried it, but it seems as if you could flood an > AP with RTS's and disrupt (read: jam) normal communications in that > manner... You're absolutely correct. Most of the time, level 2 jamming will be even bigger a risk than physical layer jamming, because jamming at l2 often requires even less expertise, because one need not to build a hardware device, but using an off-the-shelf WLAN card will do. Indeed, WLANs have many design defiencies, and some of them are clearly related to the RTS/CTS-mechanisms and other "intelligent" features of the transmission technology, features which haven't been seen in network technologies before trickier technologies, such as WLANs. For instance, in Ethernet, there was no need for features like medium reservation. All and all, WLANs do have a security mechanism, WEP. WEP is supposed to protect you from attacks such as the one you describe. Yes, continuously reserving the medium through RTS-requests would effectively stop traffic, or at least slow it down a lot (after all, every once in a while, a WLAN client wishing to transmit would be faster than you and would get her/his datagram to the AP before the AP got your RTS). Of course, WEP itself is broken and can be compromised. As long as WEP works, your safe from attacks such as that. But if someone has gotten hold of your WEP key, and they are able to send RTS messages to the AP, they can also send any other messages to the AP, effectively gaining access to your internal network, so denial of service might not be their first priority, but rather compromising your network. All and all, most people seem to suggest WLAN is secure as long as you place your APs behind a firewall and VPN, and while your at it, you can forget WEP. Maybe so, but then you open your network to DoS attacks such as this. Additionally, the 802.11 WLAN standard contains a lot more holes that open your WLAN to DoS attacks. For instance, WEP protects only data traffic, and most (if not all?) management traffic traverses the airways bare-bottom. This management traffic includes association/deassociation messages, which are used to join or dejoin, respectively, a WLAN station from the network. So Harry Hacker could send deassociation messages to the AP, and he can put Joe's name in the messages, and soon Joe will notice, that his WLAN connection has been disconnected and he must reinitialize the connection (i.e., take out his WLAN PCMCIA card and put it back in). All and all, L2 DoS attacks should be stopped with the wireless technology's normal safeguards. No one should be able to send RTS-messages, association/deassociation messages or even inquiry messages to either stations or APs before they have been authenticated. TONI HEINONEN, CISSP TELEWARE OY Telephone +358 (9) 3434 9123 * Fax +358 (9) 3431 321 Wireless +358 40 836 1815 Kauppakartanonkatu 7, 00930 Helsinki, Finland toni.heinonenat_private * www.teleware.fi
This archive was generated by hypermail 2b30 : Mon Mar 25 2002 - 12:12:15 PST