| Hacking & Solutions: 802.11 Protocol Attacks, Deauthentication |
|
|
RSS Feed
Delicious
Digg
NewsVine
YahooMyWeb| Written by Devin Akin | |
| Tuesday, 19 February 2008 | |
|
This article is presented as part of hacking + solution track for Wireless Security Expo 2008. The hacking video is available here . Deauthentication is the most common form of 802.11 protocol denial-of-service (DoS) attack. After watching the Deauthentication video, you can see that performing this type of attack takes seconds using common and user-friendly software and hardware, can wreak havoc on a network, and can be used as part of other types of wireless network attacks. Deauthentication frames are considered notifications, not requests, which means any associated station or AP that receives a deauthentication frame must comply. 802.11 stations must authenticate themselves through "Open System Authentication" prior to requesting a connection. Following successful authentication (consisting of two acknowledged authentication frames), the client station will then request association (connectivity). The association request frame is followed by an association response frame. Each of these frames are also acknowledged.The next steps depend on the type of security in use on the WLAN and determine just how intrusive a deauthentication attack will be. If the WLAN is using only Open System authentication, then a deauthentication attack will yield a very minor interruption for client stations. The reason for this is that the authentication and association process is extremely fast. When deauthenticated, a client station must reauthenticate and reassociate, but this entire process takes only a few milliseconds to complete. If the WLAN is using WEP with Open System authentication, the same process would apply. If the WLAN is using WPA/WPA2-PSK, then a 4-way handshake (plus 4 ACK frames) will follow the acknowledged association response frame. This process is fairly fast (roughly an additional 20-30 ms), but added to the Open System authentication and association, it can easily add up to 50 ms (total) when adding in contention time. If a single AP is used, this won't be a big problem, but a deauthentication like this may also cause a client station to roam. Roaming requires passive and active scanning, which could add 1-3 seconds to the process. This additional time can easily disrupt many applications. If the WLAN is using 802.1X/EAP and not using Opportunistic PMK Caching (not widely supported in client utilities), deauthentication can cause a disruption of 0.5 - 5 seconds depending on the specific EAP type in use, scanning processes, and the 4-way handshake. 802.1X/EAP authentication mechanisms are almost always deployed in enterprise WLANs. Any application that is latency sensitive will suffer dramatic problems when the client station is deauthenticated. File transfers, voice/video streams, thin-client sessions, and other real-time applications will often break when disrupted for more than 0.5 seconds. The 802.11w amendment to the 802.11-2007 standard offers three new security pieces: Data Origin Authenticity, Replay Detection, and Management Frame Protection. The data origin authenticity mechanism defines a means by which a station that receives a management frame (such as a deauthentication frame) can determine which station transmitted the data or management frame. This feature is required to prevent an intruder from masquerading as an authorized station. The replay detection mechanism defines a means by which a station that receives a management frame from another station can detect whether the received frame is an unauthorized retransmission. Management frame protection is required to protect against forgery and eavesdropping on management frames such as Action, Disassociate, and Deauthenticate frames through the use of security keys. Most of today's WLAN infrastructure systems do not support management frame protection, and until they do, deauthentication attacks will remain a significant security problem. Comments (20)
 ...
written by Mahmoud Eldeeb, February 19, 2008
I think this is good and powerful. but may we see soon good solution for deauthentication attacks
...
written by This e-mail address is being protected from spam bots, you need JavaScript enabled to view it , February 19, 2008
Very good
...
written by Emmanuel, February 19, 2008
it is ok.
...
written by Chris Smith, February 19, 2008
I found this to be very informative, but the video Devin put together seemed a bit short. He was still in the middle of speaking at the end when it cut off. Will the rest of the video be available soon?
...
written by Pavel, February 19, 2008
I wonder if the 802.11w will require significant HW upgrade or just some firmware upload.
...
written by Artt, February 19, 2008
WTF? The video cut off the speaker. I also thought this was a live webinar event..
...
written by Wale Adesona, February 19, 2008
Very informative.
...
written by Seeta S. Bhikam, February 19, 2008
First time listening to a LIVE broadcast with you guys. I enjoyed all of it very much.
...
written by Brian Low, February 19, 2008
I found the event very informative :) Great job to Jeff on the presentation :)
...
written by Oleg, February 19, 2008
I have enjoyed this broadcast!Thank you very much!!!
...
written by Brad, February 19, 2008
Very good info so far. I can only watch after I get home in the afternoon, but because you have made this available continuously, I don't miss a thing.
OUTSTANDING IDEA! Hope to see many more in the future. Brad Stanfield, CISSP-ISSEP ...
written by RUBEN OLIVA, February 19, 2008
I HAVE ENJOYED THIS BROADCAST ASLO, THANKS A LOT !
...
written by Chandrakant, February 20, 2008
Presentation was very informative....Great job to Jeff on the presentation :)
...
written by V.Sankaranarayanan, February 20, 2008
The writeup was scholarly and a person must be a techno saavy to understand the it If the video had opened it woud have been much better
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it ...
written by Sue Wooten, February 21, 2008
Do not seeplay the video
...
written by Alain, February 25, 2008
I really enjoyed this series on wireless security !
Thanks for your effort in putting it together ...
written by larry, March 03, 2008
Another method that is pretty disruptive is to send the deauth frame to the AP (posing at the client...). Often times, the client will not be aware that it has been deauth'ed and send a packet to the AP. Then, the AP will have to tell the client it's association is no longer valid and the whole process is started as describer above...
...
written by ravi, March 12, 2008
very very advance and enjoy with
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it ... written by Solairaj, July 12, 2008
It's working.But
How can I find IP?? Write comment
|
Subscribe to this comment's feed
| < Prev | Next > |
|---|
Google wireless search
Google our favorite wireless sites for answers and information:
Suggest a site
Upcoming Wireless Classes
Top Wireless News Headlines
July NewsbitsCisco to Acquire Pure Networks
Picking Up Speed
Olympic Games to Serve Up Video for Mobile Users
Palm's Treo Presses On (iPhone Who?)
Juniper Continues Growth in Q2
Investors Grill Ikanos; Chip Biz Is No Picnic
WiMax: What's Working Now
Kriens Steps Aside as Juniper CEO
Thomson Nabs AlcaLu Exec for CEO Role
Stay Informed
Recent posts on wireless technology, trends, and more.
Add this feed to your online news reader