[34919] in bugtraq
Re: Denial of Service Vulnerability in IEEE 802.11 Wireless Devices
daemon@ATHENA.MIT.EDU (Niels Bakker)
Mon May 17 14:37:13 2004
Date: Mon, 17 May 2004 18:46:23 +0200
From: Niels Bakker <niels-bugtraq@bakker.net>
To: bugtraq@securityfocus.com
Cc: Jason Ostrom <jpo@pobox.com>, Casper Dik <casper@holland.sun.com>,
albatross@tim.it
Message-ID: <20040517164622.GI38542@snowcrash.tpb.net>
Reply-To: niels=bugtraq@bakker.net
Mail-Followup-To: Niels Bakker <niels-bugtraq@bakker.net>,
bugtraq@securityfocus.com, Jason Ostrom <jpo@pobox.com>,
Casper Dik <casper@holland.sun.com>, albatross@tim.it
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <231404079.20040515202714@pobox.com>
Errors-To: owner-bugtraq@securityfocus.com
* jpo@pobox.com (Jason Ostrom) [Mon 17 May 2004, 18:28 CEST]:
> I wasn't there, but I know the Deauth Flood attack is a very effective
> attack that most 802.11b networks are vulnerable to.
Janus Wireless, while not released publicly yet, also supports this:
http://peertech.org/janus/
http://peertech.org/janus/attacks.html
(this was formerly hosted on cubicmetercrystal.com.)
Tools like this should be part of any conference visitor's Unilateral
Quality-of-Service Toolkit, along with the DHCP server pool replenisher
and ICMP Source Quench generator.
> I saw this attack mentioned in at least one book, but I don't know why
> it wasn't released as a vulnerability. It is similar to the released
> vulnerability, but involves spoofed frames instead of the physical layer.
How does this "release as a vulnerability" work? Or are you wondering
why nobody up till now put out a sexed-up press release stating the obvious?
-- Niels.
--
Today's subliminal thought is:
