You can't ever stop a denial of service attack on a shared medium. It doesn't matter whether it's a shared coax ethernet or cables plugged into a hub or wireless. This isn't as scary as it might appear, with physical media you can follow the cable to the offender, with 802.11b you call the FCC. The only real problem is discovering that you are the victim of a DoS and not just a victim of bad hardware. Of course I don't think these attacks are common, just like peers on a hub are unlikely to be your biggest DoS offenders.
If it ever happens it's probably more likely to be a prank or simple vandalism. Someone that close could probably take a hammer to your monitor but figures you're not gonna know what happened if they mess with your network. Look around for someone laughing and/or anyone that has personal animosity toward you. If you have an officemate that thinks you smell or vice versa and your network goes haywire you might be the victom of a LAN DoS. I can't say your average script kiddie might not take down the Starbucks/McD network on for a couple hours here or there (probably by sitting in the place with a laptop and not a directional antenna offsite), but I highly doubt they will be victim to the usual sustained political attacks since the attacker just targets a single local network. I can't imagine NYCWireless has many political enemies that might try this except maybe the non-liberterian and ultra right-wing techies that oppose the rule of law. Yeah, I haven't met many either. -- Daniel On Wed, 12 Mar 2003, Jacques Caron wrote: ]This has been known for nearly as long as 802.11 has been there... ]Basically, none of the management frames are encrypted or authenticated, so ]you can spoof any of those packets, the most obvious being the ]disassociation frame, or indeed the failed authentication frame. ] ]This is supposed to change with 802.11i, I believe... ] ]Jacques. ] ]At 02:39 12/03/2003, David Kane-Parry wrote: ]>Unverified, caveat emptor... ]> ]>- d. ]> ]>Begin forwarded message: ]> ]>>From: Mark Osborne <[EMAIL PROTECTED]> ]>>Date: Tue Mar 11, 2003 5:26:32 PM America/New_York ]>>To: [EMAIL PROTECTED] ]>>Subject: 802.11b DoS exploit ]>> ]>>While working to develop code for WIDZ that is equivalent to a standard ]>>Intrusion Detection system's RESET or SHUN functionality, an effective ]>>802.11b disruption of service attack has been discovered. I haven't ]>>spotted any other postings so here we go�. ]>> ]>>FATA-jack - a modified version of the Wlan-jack, Fata-jack sends an ]>>Authentication-Failed packets (with a reason code of previous ]>>authentication failed) to a Wireless client PC. The source and ]>>destination macs have been spoofed so as to appear to come from the Access- ]>>point. The original Wlan-jack code rate of transmission has been ]>>significantly reduced to a meagre rate of 1 every 2.5 seconds, so as to ]>>avoid any flood effect. ]>> ]>>In limited tests on multiple operating systems including Windows98, ]>>Windows ME and Linux, FATA-jack effectively tears down any active session ]>>and in many cases causing the client driver or client software to fail ]>>requiring a reboot. ]>> ]>>Apart from being an extremely lethal DoS attack, FATA-jack is significant ]>>for a number of reasons: ]>> ]>>-As the transmission rate is very low, it is easy to see how a low-spec PC ]>>and a standard 802.11 card could disable a large wireless network. ]>> ]>>-As the malevolent packet are sent directly to the client these will not ]>>picked-up by logging functionality on the AP (if you have any) � this ]>>highlights the need for Wireless IDS. ]>> ]>>-As the malevolent packets are spoofed AND sent directly to client MAC ]>>protection or WEP protection will not prevent it. ]>> ]>>-Some workmates have suggested that it could be used to cause IVs/WEP keys ]>>to be cycled. This would significantly reduce the time for a WEP cracking ]>>exercise. This is yet to be verified. ]> ]>-- ]>NYCwireless - http://www.nycwireless.net/ ]>Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ ]>Archives: http://lists.nycwireless.net/pipermail/nycwireless/ ] ] ]-- Jacques Caron, IP Sector Technologies ] Join the discussion on public WLAN open global roaming: ] http://lists.ipsector.com/listinfo/openroaming ] ] ]-- ]NYCwireless - http://www.nycwireless.net/ ]Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ ]Archives: http://lists.nycwireless.net/pipermail/nycwireless/ ] -- <<Children today are tyrants. They contradict their parents, gobble their food, and tyrannize their teachers.>> - Socrates -- NYCwireless - http://www.nycwireless.net/ Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ Archives: http://lists.nycwireless.net/pipermail/nycwireless/
