[70406] in North American Network Operators' Group
Re: [Fwd: [IP] New flaw takes Wi-Fi off the air]
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Thu May 13 21:44:17 2004
To: Suresh Ramasubramanian <suresh@outblaze.com>
Cc: NANOG <nanog@merit.edu>
In-Reply-To: Your message of "Fri, 14 May 2004 05:21:39 +0530."
<40A40A0B.4000503@outblaze.com>
From: Valdis.Kletnieks@vt.edu
Date: Thu, 13 May 2004 21:43:42 -0400
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_-2129858102P
Content-Type: text/plain; charset=us-ascii
On Fri, 14 May 2004 05:21:39 +0530, Suresh Ramasubramanian <suresh@outblaze.com> said:
> Affecting various hardware implementations of the IEEE 802.11 wireless
> networking standard - including widely used 802.11b devices - the flaw was
> found in the collision avoidance routines used to prevent multiple devices
> from transmitting at the same moment.
Wow. I'm underwhelmed. First, we collectively realize that RFC793 really
HAS said 'The RST has to be in the window, not dead on' for 2 decades.
Now somebody's discovered that a jabbering transciever can take out a
CSMA/CA network. And to top it off:
The model of a shared communications channel is a fundamental
factor in the effectiveness of an attack on this vulnerability.
For this reason, it is likely that devices based on the newer IEEE
802.11a standard will not be affected by this attack where the
physical layer uses Orthogonal Frequency Division Multiplexing
(OFDM)
Yes - *THIS* attack doesn't work, you can't take down a 802.11a net
with a hacked PDA that jabbers on channel, you need to use a hacked
802.11a-capable PDA that jabbers on all the subchannels at once. ;)
Any bets on what will be rediscovered next? Some CERT will realize that
if a DDoS uses RFC1918 source addresses, it will be hard to track down the
misbehaving sources? ;)
--==_Exmh_-2129858102P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFApCROcC3lWbTT17ARAssdAKCqcDt45WxXf2Vgdu/UnIG2QRhy1ACgyhNT
rXVloPzJ//1Qu518A/0k3NA=
=iHvd
-----END PGP SIGNATURE-----
--==_Exmh_-2129858102P--
