Wireless Vulnerabilities & Exploits
Wireless Vulnerabilities & Exploits
WVE ID: WVE-2008-0005
Type: Vulnerability
Status: Candidate
Classification:
Other
Description:
An optional technology in the 802.11n specification known as Greenfield Mode allows rogue AP devices to evade wireless intrusion detection systems based on pre-802.11n technology.
Discussion:
The IEEE 802.11n specification promises to significantly improve the bandwidth of wireless LAN connections over that of existing 802.11a/b/g deployments. One of the mechanisms used to achieve higher data rates is the use of a new high-throughput (HT) physical layer mechanism known as greenfield (GF) mode. While operating in GF mode, APs and stations leverage a new frame preamble that precludes backward-compatibility with clients that are not HT capable. Non-HT devices cannot decode GF mode traffic, interpreting the presence of GF transmitters as spectral noise.
With the inability to decode GF mode traffic, an attacker can position a malicious rogue AP on a victim network using the GF mode preamble. This would allow an attacker to evade wireless intrusion detection systems (WIDS) based on non-HT devices. This includes all WIDS devices based on 802.11a/b/g wireless cards.
Detection and classification of rogue AP's using GF mode requires a HT capable WIDS system based on 802.11n sensors.
Credits
References
URL:
http://www.networkworld.com/columnists/2006/111306-wireless-security.html
URL:
http://www.willhackforsushi.com/presentations/rsa2008-wright.pdf
Released: 2006-11-13
Submitter
Joshua
Wright
(jwright@arubanetworks.com)
: Aruba Networks
Submitted: Wed Apr 09 16:41:28 -0700 2008
Candidate Date: Wed Apr 09 19:14:28 -0700 2008
