[IP] another important flaw in ethernet -- New flaw takes Wi-Fi off the air

To: ip@xxxxxxxxxxxxxx
Subject: [IP] another important flaw in ethernet -- New flaw takes Wi-Fi off the air
From: Dave Farber <dave@xxxxxxxxxx>
Date: Fri, 14 May 2004 09:11:45 -0400
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
Reply-to: dave@xxxxxxxxxx
Sender: owner-ip@xxxxxxxxxxxxxx


Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
Date: Thu, 13 May 2004 23:39:24 -0400
From: "Patrick W.Gilmore" <patrick@xxxxxxxxx>
Subject: Re: [IP] New flaw takes Wi-Fi off the air
To: dave@xxxxxxxxxx
Cc: "Patrick W.Gilmore" <patrick@xxxxxxxxx>

Dave,

Our team has just spent an enormous amount of time and money in intensivestudy and we have confirmed that - you may not believe this - if you cutthe ethernet cable between your computer and the wall (wait for it): YOURCOMPUTER WILL LOSE ITS NETWORK CONNECTIVITY!

We think this deserves the widest possible distribution, so please publishto IP. We plan to do a press release, and hopefully get DHS on the bandwagon. We are sure other countries will follow suit quickly.

Did that sound a bit obvious and alarmist? Perhaps even a littlesilly? Now you know exactly how any network professional felt reading therelease below.

Some of my friends then say, "Yes, but we are not all network professionalsso we do not know this stuff." Well, if you are not knowledgeable in afield, why do you feel competent to discuss what is alarming or not? Thereare probably hundreds of drugs I've never even heard of which would killyou very quickly, but I do not take space in medical journals warningdoctors of what they already know. And if I took space in a newspapersaying the same thing, doctors would laugh out loud, or more likely shaketheir heads in bewilderment.

Why have we suddenly had a rash of "announcements" stating the obvious? Itis causing a lot of light and heat, but no fire. Oh, and it is wasting alot of people's time as people ask their local professional to comment onthe newest "vulnerability".


--
TTFN,
patrick


On May 13, 2004, at 7:25 PM, Dave Farber wrote:

Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
Date: Thu, 13 May 2004 15:23:54 -0700
From: Dewayne Hendricks <dewayne@xxxxxxxxxxxxx>
Subject: [Dewayne-Net] New flaw takes Wi-Fi off the air
Sender: dewayne-net@xxxxxxxxxxxxx
To: Dewayne-Net Technology List <dewayne-net@xxxxxxxxxxxxx>

New flaw takes Wi-Fi off the air
By Patrick Gray, Security Focus (drew.cullen@xxxxxxxxxxxxxxxxx)
Published Thursday 13th May 2004 21:29 GMT
<http://www.theregister.co.uk/2004/05/13/wifi_security_flaw/>
A newly-discovered vulnerability in the 802.11 wireless standard allowsattackers to jam wireless networks within a radius of one kilometre usingoff-the-shelf equipment.
Affecting various hardware implementations of the IEEE 802.11 wirelessnetworking standard - including widely used 802.11b devices - the flaw wasfound in the collision avoidance routines used to prevent multiple devicesfrom transmitting at the same moment.
"When under attack, the device behaves as if the channel is always busy,preventing the transmission of any data over the wireless network," asecurity advisory (http://www.auscert.org.au/render.html?it=4091) releasedby AusCERT reads.
The weakness allows miscreants to take down networks within five seconds,according to researchers at Australia's Queensland University ofTechnology's Information Security Research Centre (ISRC), which discoveredthe vulnerability.
ISRC's leader of network and systems security research, AssociateProfessor Mark Looi, whose PhD students, Christian Wullems, Kevin Tham andJason Smith discovered the flaw, said any organization that relies heavilyon wireless infrastructure should take the threat seriously.
"Anyone who's relying on the availability of a wireless network shouldreally consider that their wireless network can be knocked offline at anytime," said Looi. "They need to very seriously evaluate that network anddecide if it's possible to move away from wireless technology."
While previous denial of service attacks against wireless networks haverequired specialised hardware and relied on high-power antennas, the newattack will make knocking a wireless network off the air an option for a"semi-skilled" attacker using standard hardware.
"An attacker using a low-powered, portable device such as an electronicPDA and a commonly available wireless networking card may causesignificant disruption to all WLAN traffic within range, in a manner thatmakes identification... of the attacker difficult," The AusCERT advisory read.
Because the flaw is in the 802.11 protocol itself, the vulnerabilitycannot be mitigated through the use of software or encryption schemes.Replacing wireless devices with those not affected by the flaw seems theonly option, said Looi.
"Mitigation strategies are few and far between," Looi said "Organisationscould deploy wireless networks that don't use this technology, [but] itwill be a very expensive exercise."
The flaw is only present in devices using a Direct Sequence SpreadSpectrum (DSSS) physical layer, including IEEE 802.11, 802.11b and 802.11gwireless devices operating at low speed. 802.11a and 802.11g wirelessdevices configured to operate at speeds above 20Mbps are not affected bythe glitch,
AusCERT senior security analyst Jamie Gillespie does not anticipate thewide exploitation of the vulnerability.
"For the average corporate user, we're not expecting to see ongoing denialof service attacks. However, if you have remote equipment that is onlyconnected through wireless it is possible that the connection could bedisrupted," Gillespie said. "Some critical infrastructure providers maynot deploy wireless... but if any do then they should be looking atmitigation strategies."
The lack of a "measurable result" during an attack is likely to render theaverage attacker bored, Gillespie added.
Unlike flaws discovered in the WEP encryption scheme, the newly-disclosedvulnerability will not allow an attacker to snoop on network communications.
The ISRC findings will be presented to the Institute of Electrical andElectronic Engineers (IEEE) Wireless Telecommunication Symposium inCalifornia on Friday.
Archives at: <http://Wireless.Com/Dewayne-Net>
Weblog at: <http://weblog.warpspeed.com>

-------------------------------------
You are subscribed as patrick@xxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/



-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] more on New flaw takes Wi-Fi off the air
Next by Date: [IP] more on New flaw takes Wi-Fi off the air
Previous by thread: [IP] more on New flaw takes Wi-Fi off the air
Next by thread: [IP] more on New flaw takes Wi-Fi off the air
Index(es):
- Date
- Thread