Wireless Vulnerabilities & Exploits
Wireless Vulnerabilities & Exploits
WVE ID: WVE-2005-0047
Type: Vulnerability
Status: Candidate
Classification:
Denial of Service
Design Flaw
Description:
802.11 Access Points are vulnerable to DoS attacks that involve sending Association request frames to the AP from multiple spoofed station addresses.
Discussion:
802.11 networks utilize frames to manage connection and disconnection of stations from a wireless network. These are appropriately called management frames. One type of management frame, an association request is sent by stations after authenticating with the AP before the station can join the network. If the AP allows the station to join the network it will send a successful association response to the station.
However, a problem arises in that 802.11 management frames provide no authentication. Hence it is possible for an attacker to spoof a large number of stations and send out association requests for each station. Doing so can cause the APs association table to fill which can cause the AP to lock-up.
It should be noted that this will only work on APs using open authentication. This is because a station must be in the authenticated state in order for the AP to accept the associate request. Thus networks that require WEP shared key authentication are not vulnerable to this.
However, because of inherent problems in WEP keys, many networks that are designed with security in mind will use 802.1X which requires that the AP be in open authentication mode.
Credits
References
URL:
http://standards.ieee.org/getieee802/download/802.11-1999.pdf
WVE:
WVE-2005-0019
Released: 2000-01-01
Submitter
Andrew
Lockhart
(alockhart@networkchemistry.com)
: Network Chemistry
Submitted: Wed Nov 30 12:17:59 -0800 2005
Candidate Date: Wed Nov 30 12:21:27 -0800 2005
