Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Mobile

    DoS Vulnerability Threatens Wireless Networks

    Written by

    Larry Seltzer
    Published May 14, 2004
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      AusCERT, Australias national computer emergency response team, released an advisory Thursday identifying a vulnerability in the 802.11 wireless specification that could open wireless networks to denial-of-service attacks.

      The advisory targets a new cause for concern among wireless network administrators. Until now, concerns about Wi-Fi security have focused on weak encryption and lack of authentication in WEP (Wired Equivalent Privacy), the native security mechanism in the IEEE 802.11 standard that defines wireless networking.

      Those concerns were addressed last year with the introduction of Wi-Fi Protected Access, a security standard developed by the Wi-Fi Alliance in conjunction with the IEEE. A spokesperson for the Wi-Fi Alliance was not immediately available for comment on the AusCERT report.

      The attack that AusCERT describes is, at bottom, a flaw in the 802.11 protocols. One of the 802.11 physical layers uses DSSS (direct sequence spread spectrum) technology. The DSSS layer performs the CCA (clear channel assessment) procedure, which is an essential part of CSMA/CA, a collision-avoidance scheme that is fundamental to most networking technology, including conventional wired Ethernet.

      The attack involves using the CCA layer in a legal but abusive way to instruct other devices in the operating range to defer transmission of data. The other devices will continue to defer for the duration of the attack. If the attack were to end, the network should recover very quickly.

      The problem only affects Wi-Fi products that operate in the 2.4GHz band and only those operating at lower speeds, below 20M bps. Therefore, 802.11b products are affected, but 802.11a products, which operate in the 5GHz band, are not. 802.11g products are affected if they are operating at lower speeds.

      Eugene Chang, vice president of strategic business development of Funk Software, a wireless LAN security vendor, said network administrators should be aware that, in the event of an attack, the network will quickly return to normal and that any attack would be limited to “the range of the attackers transmit power.”

      If an attacker used commercial equipment to stage an attack, the range would be similar to that of an access point, he added. “This means that in a large deployment,” said Chang, “this will not shut down the entire network, only devices within range of the attackers signal.”

      Chang described the AusCERT report as “fair and clear as to how the attack works” but added that anyone using the signal to stage an attack would put themselves at risk because the source of the attack could be traced. “It should be noted that the attacker must expose their presence by transmitting a signal to use this attack,” he said. “Anyone with rogue detection equipment would easily identify the presence and location of the attacker.”

      Chang pointed out that, although the signal uses a standard protocol, using the signal to shut down others equipment is prohibited by law. ” The 2.4GHz band is regulated by law even if it is unlicensed,” he said.

      He characterized Wi-Fi DoS attacks as active attacks” that require the attacker to send a signal or packet which betrays the presence of the attacker. “This risk to the attackers is one major characteristic that will help protect many Wi-Fi networks from attack,” said Chang. “Further, as the AusCERT advisory indicates, these attacks are DoS attacks and do not compromise any data. This severely limits the benefit (or joy) of mounting the attack. If DoS is the motive, it would be a lot less risk to the attacker to attack the power line entering the business—much more effective, potentially much harder to resume service, and less risk of being apprehended.”

      Editors Note: This story was updated to include the comments of Eugene Chang, vice president of strategic business development at Funk Software.

      /zimages/6/28571.gifCheck out eWEEKs Mobile & Wireless Center at http://wireless.eweek.com for the latest news, reviews and analysis.
      Be sure to add our eWEEK.com mobile and wireless news feed to your RSS newsreader or My Yahoo page: http://us.i1.yimg.com/us.yimg.com/i/us/my/addtomyyahoo2.gif

      Larry Seltzer
      Larry Seltzer
      Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement— He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×