Re: Denial of Service Vulnerability in IEEE 802.11 Wireless Devices

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Denial of Service Vulnerability in IEEE 802.11 Wireless Devices
From: Niels Bakker <niels-bugtraq@xxxxxxxxxx>
Date: Mon, 17 May 2004 18:46:23 +0200
Cc: Jason Ostrom <jpo@xxxxxxxxx>, Casper Dik <casper@xxxxxxxxxxxxxxx>, albatross@xxxxxx
In-reply-to: <231404079.20040515202714@xxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mail-followup-to: Niels Bakker <niels-bugtraq@xxxxxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx, Jason Ostrom <jpo@xxxxxxxxx>, Casper Dik <casper@xxxxxxxxxxxxxxx>, albatross@xxxxxx
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20040515113308.YNMC20228.fep03-svc.tim.it@localhost> <200405151835.i4FIZO519711@xxxxxxxxxxxxxxxxxxxxx> <231404079.20040515202714@xxxxxxxxx>
Reply-to: niels=bugtraq@xxxxxxxxxx

* jpo@xxxxxxxxx (Jason Ostrom) [Mon 17 May 2004, 18:28 CEST]:
> I wasn't there, but I know the Deauth Flood attack is a very effective
> attack that most 802.11b networks are vulnerable to.

Janus Wireless, while not released publicly yet, also supports this:

   http://peertech.org/janus/
   http://peertech.org/janus/attacks.html

(this was formerly hosted on cubicmetercrystal.com.)

Tools like this should be part of any conference visitor's Unilateral
Quality-of-Service Toolkit, along with the DHCP server pool replenisher
and ICMP Source Quench generator.


> I saw this attack mentioned in at least one book, but I don't know why
> it wasn't released as a vulnerability.  It is similar to the released
> vulnerability, but involves spoofed frames instead of the physical layer.

How does this "release as a vulnerability" work?  Or are you wondering
why nobody up till now put out a sexed-up press release stating the obvious?


        -- Niels.

-- 
Today's subliminal thought is:

References:
- Denial of Service Vulnerability in IEEE 802.11 Wireless Devices
  - From: albatross
- Re: Denial of Service Vulnerability in IEEE 802.11 Wireless Devices
  - From: Casper Dik
- Re[2]: Denial of Service Vulnerability in IEEE 802.11 Wireless Devices
  - From: Jason Ostrom

Prev by Date: WebCT: Cross Site Scripting Vulnerability
Next by Date: Wget race condition vulnerability
Previous by thread: Re[2]: Denial of Service Vulnerability in IEEE 802.11 Wireless Devices
Next by thread: CiSCO IOS 12.* source code stolen
Index(es):
- Date
- Thread