Wireless Vulnerabilities & Exploits
Wireless Vulnerabilities & Exploits
WVE ID: WVE-2005-0051
Type: Vulnerability
Status: Candidate
Classification:
Denial of Service
Design Flaw
Description:
802.11 devices can block access to the wireless LAN by specifying large duration values in frames they transmit.
Discussion:
The IEEE 802.11 standard allows a transmitting station or AP to reserve the wireless medium by specifying a duration value in frames that are transmitted. Stations use this field to program their NAV (Network Allocation Vector).
A device is not allowed to transmit until their NAV reaches 0. Thus an attacker can send frames back-to-back that contain a large duration value and block access to the channel.
This is best done by sending RTS, CTS, or ACK frames with the duration field set to 32767 -- the largest valid value. This allows an attack to effectively block all devices on a channel from transmitting by sending such frames at a rate of 30 per second.
NOTE: Attacks against this vulnerability, may also be known as duration field attacks, virtual carrier-sense attacks or network allocation vector (NAV) attacks.
Credits
References
URL:
http://standards.ieee.org/getieee802/download/802.11-1999.pdf
URL:
http://sysnet.ucsd.edu/~bellardo/pubs/usenix-sec03-80211dos-html/aio.html#SECTION00032000000000000000
Released: 2000-01-01
Submitter
Andrew
Lockhart
(alockhart@networkchemistry.com)
: Network Chemistry
Submitted: Wed Nov 30 14:36:21 -0800 2005
Candidate Date: Wed Nov 30 14:37:10 -0800 2005
