Wireless Vulnerabilities & Exploits
Wireless Vulnerabilities & Exploits
WVE ID: WVE-2005-0050
Type: Vulnerability
Status: Candidate
Classification:
Denial of Service
Design Flaw
Description:
802.11 networks utilizing 802.1x for authentication can be vulnerable to DoS attacks that involve sending spoofed EAPoL-LogOff messages.
Discussion:
The Extensible Authentication Protocol (EAP) is an extension to PPP which provides a general frame work to allow a connection to be authenticated. It itself does not specify the authentication mechanism. The IEEE created the 802.1x standard in order to allow EAP to be used on IEEE 802 networks.
When a station wishes to leave a WLAN it will send an EAP-LogOff message to the AP to end its authenticated session. Therefore it's possible for an attacker to spoof the MAC address of an authenticated station and send an EAP-LogOff message to the AP. This will cause the AP to believe that the legitimate station has ended its session. The legitimate station will not be aware that its session has been ended until it attempts to transmit data. At this point it will attempt to re-authenticate.
Credits
References
URL:
http://standards.ieee.org/getieee802/download/802.11i-2004.pdf
URL:
http://standards.ieee.org/getieee802/download/802.1X-2004.pdf
Released: 2000-01-01
Submitter
Andrew
Lockhart
(alockhart@networkchemistry.com)
: Network Chemistry
Submitted: Wed Nov 30 14:22:44 -0800 2005
Candidate Date: Wed Nov 30 14:24:05 -0800 2005
