Menu

Database

802.11 Clear Channel Assessment DoS

WVE ID: WVE-2005-0033

Type: Vulnerability

Status: Candidate

Classification:
Denial of Service
Design Flaw

Description:
The 802.11 DSSS PHY is vulnerable to DoS attacks against the CSMA/CCA mechanism for controlling access to the wireless medium.

Discussion:
The 802.11 DSSS physical layer utilizes CSMA/CCA (Carrier Sense Multiple Access/Clear Channel Assessment) to ensure that no two wireless devices on the same channel transmit simultaneously. If two stations were to transmit at the same time, then they would interfere with each other and the data from each station would need to be re-transmitted.

CSMA/CCA deters collisions by requiring stations to monitor the channel and avoid transmitting while another one is doing so. However, it is possible for any station to perform a denial of service (DoS) attack by exploiting the CSMA/CCA algorithm to prevent all other devices on the channel from transmitting. This is done by putting a wireless device into PLME_DSSSTESTMODE, saturating the channel by continuously transmitting. All other CSMA/CCA stations find the channel busy and avoid transmitting.

Devices utilizing OFDM (Orthogonal Frequency Division Multiplexing) are not vulnerable to this attack. This includes 802.11a devices as well as 802.11g devices locked to use a higher rate which utilizes OFDM.

Credits
Author: Jason Smith (j4.smith) : Queensland University of Technology
Author: Mark Looi (m.looi@qut.edu.au) : Queensland University of Technology
Author: Chris Wullems (c.wullems@qut.edu.au) : Queensland University of Technology
Author: Kevin Tham (wk.tham@qut.edu.au) : Queensland University of Technology

References
URL: http://www.auscert.org.au/render.html?it=4091
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0459
URL: http://www.kb.cert.org/vuls/id/106678
URL: http://www.isrc.qut.edu.au/resource/techreport/wireless/
URL: http://standards.ieee.org/getieee802/download/802.11-1999.pdf

Released: 2004-05-13

Submitter
Andrew Lockhart (alockhart@networkchemistry.com) : Network Chemistry

Submitted: Sun Nov 06 00:27:41 -0800 2005

Candidate Date: Mon Nov 07 12:51:16 -0800 2005


Recent Entries

TKIP Replay and Plaintext Discovery
WVE-2008-0013 11/18/2008
Active Https Cookie Hijacking
WVE-2008-0012 9/18/2008
Auto Immune Attack
WVE-2008-0011 9/17/2008
Marvell Null SSID Association Request
WVE-2008-0010 9/15/2008
Marvell EAPOL-Key Length Overflow
WVE-2008-0009 9/15/2008
Atheros IE Tag Overflow
WVE-2008-0008 9/15/2008
Weaknesses in the A5/1 Cipher
WVE-2008-0007 4/9/2008
Block ACK DoS
WVE-2008-0006 4/9/2008
GF Mode WIDS Rogue AP Evasion
WVE-2008-0005 4/9/2008
HT Intolerant Degradation of Service
WVE-2008-0004 4/9/2008
More Entries...

News

SANS Institute Sponsors WVE
4/19/2008
Wireless Attackers and Honeypot Technology
4/15/2008
High Speed Risks in 802.11n Slides Posted
4/11/2008
Vulnerabilities in 802.11n
4/9/2008
WVE Editors Speaking at SHARKFEST.08
1/3/2008
More News...