Power save, or power save attack?
Last Post: July 21, 2010:
In order to pull this off, you'd have to set the following parameters in the beacon:
- Beacon interval (Set to maximum (16 bit field, max value 65536)) (keep in mind that vendors may not allow that value)
- DTIM Interval (Set it to maximum (8 bit field, max value 256)) (keep in mind that vendors may not allow that value)
Beacon interval is in TU's (Time Units) which is a kilo microsecond (1024 microseconds, which is just a bit over a millisecond.
To get the maximum number of seconds between beacons, we take max beacon interval multiplied by a kilo-microsecond (1024 us) = 67,108,864 microseconds or about 67 seconds.
Now, take the max DTIM interval of 256. So, every 256th Beacon is a DTIM. Since a beacon is now only happening every 67 seconds, it would take 17152 minutes (285 hours) between DTIMs (when a STA wakes to receive).
So, in theory, it would cause a DoS for 285 hours UNLESS the STA had something to Tx. If it ever woke to Tx anything, then it would more than likely hear a legitimate beacon and use the proper data, in which case you'd have to retransmit your fake beacon.
In all reality, there are dozens of ways to perform a DoS on a Wi-Fi network. This one is neat like many, but I prefer a jammer. :)