Hacked Firmware And Wifi Dos Security

Full Version: Hacked Firmware And Wifi Dos Security

GovernmentSecurity.org > System Security > Networking Security / Firewall / IDS / VPN / Routers

FLW

May 13 2004, 02:42 AM

I was not really sure where to put this so if in the wrong seciton please move it.

I just finished reading "Real 802.11 Security" and have have a few questions a few of you may be able to help me with.

Since 802.11.i doesn't address DOS issues (either do the other existing IEEE standards) they will continue to plague wireless nets. Next is the use of open source firmware for AP and skilled programmers able to modify it could create a war version.

The issue is this. A linux based AP is firmware is upgraded to inclue this new version of firmware that is sole purpose is to down wireless nets for either a or b/g nets. Is seems to only have to do the following and tell me where my thinking is off:

Perform an endless loop of broadcast/multicast packets programmed not to wait for a response. Since most AP's today are capable of creating greater than 500 packets per second, you would tie up channel 1 (or any channel)until you turned it off because the target AP's just couldn't keep up with you and regular traffic.

Use of a 2 more AP and you just took out 1/6/11 on 2.4. Three more and there goes 5 GHz.

Thoughts on this seemingly unchecked security hole? Also I can't find any IEEE groups focused on traditon wifi DOS issues, anyone know of any?

Dan

w00dy

May 13 2004, 03:49 AM

The only prevention technique to handle DOS of AP's and WiFi networks is to use a couple directional antennas and use them to navigate to the source of the device that is DOSing the system. Its basically a reactive field. It is the exact same manner that ships use radio beacons to find their position at sea. The boat would be the jamming device, and the 2 beacons would be the directional antennas.

FLW

May 13 2004, 11:54 AM

Correct me if Im wrong but your assuming that the radiation point is transmitting long enough to trianglulate his position.

The concept here is the hit and run guy.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.


Help - Search - Member List - Calendar Full Version: Hacked Firmware And Wifi Dos Security GovernmentSecurity.org > System Security > Networking Security / Firewall / IDS / VPN / Routers FLW May 13 2004, 02:42 AM I was not really sure where to put this so if in the wrong seciton please move it. I just finished reading "Real 802.11 Security" and have have a few questions a few of you may be able to help me with. Since 802.11.i doesn't address DOS issues (either do the other existing IEEE standards) they will continue to plague wireless nets. Next is the use of open source firmware for AP and skilled programmers able to modify it could create a war version. The issue is this. A linux based AP is firmware is upgraded to inclue this new version of firmware that is sole purpose is to down wireless nets for either a or b/g nets. Is seems to only have to do the following and tell me where my thinking is off: Perform an endless loop of broadcast/multicast packets programmed not to wait for a response. Since most AP's today are capable of creating greater than 500 packets per second, you would tie up channel 1 (or any channel)until you turned it off because the target AP's just couldn't keep up with you and regular traffic. Use of a 2 more AP and you just took out 1/6/11 on 2.4. Three more and there goes 5 GHz. Thoughts on this seemingly unchecked security hole? Also I can't find any IEEE groups focused on traditon wifi DOS issues, anyone know of any? Dan w00dy May 13 2004, 03:49 AM The only prevention technique to handle DOS of AP's and WiFi networks is to use a couple directional antennas and use them to navigate to the source of the device that is DOSing the system. Its basically a reactive field. It is the exact same manner that ships use radio beacons to find their position at sea. The boat would be the jamming device, and the 2 beacons would be the directional antennas. FLW May 13 2004, 11:54 AM Correct me if Im wrong but your assuming that the radiation point is transmitting long enough to trianglulate his position. The concept here is the hit and run guy. This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.