Well, if it is the case, then there is nothing new about it. Anyone who has experimented with FakeAP, knows that it can flood the channel pretty badly, especially if the attacker sets a smaller interval between beacons (e.g. with prism2_param beacon_int) and supplements it with the probe requests flood (looping prism2_param hostscan). As an example, see
http://www.wi-foo.com/phorum/read.php?f=1&i=24&t=11#reply_24
at our forum.
Regards, Andrew
-- Dr. Andrew A. Vladimirov CISSP #34081, CWNA, CCNP/CCDP, TIA Linux+ CSO Arhont Ltd - Information Security.
Web: http://www.arhont.com http://www.wi-foo.com Tel: +44 (0)870 44 31337 Fax: +44 (0)117 969 0141 GPG: Key ID - 0x1D312310 GPG: Server - gpg.arhont.com
michaeltone1975 wrote:
http://www.auscert.org.au/render.html?it=4091
The vulnerability is related to the medium access control (MAC) function of the IEEE 802.11 protocol. WLAN devices perform Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA), which minimises the likelihood of two devices transmitting simultaneously. Fundamental to the functioning of CSMA/CA is the Clear Channel Assessment (CCA) procedure, used in all standards-compliant hardware and performed by a Direct Sequence Spread Spectrum (DSSS) physical (PHY) layer.
An attack against this vulnerability exploits the CCA function at the physical layer and causes all WLAN nodes within range, both clients and access points (AP), to defer transmission of data for the duration of the attack. When under attack, the device behaves as if the channel is always busy, preventing the transmission of any data over the wireless network.
http://standards.ieee.org/getieee802/download/802.11-1999.pdf
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
