Denial of Service a Big WLAN Issue
May 01, 2003
IT managers often overlook the possibility of a denial of service (DoS) attacks on a WLAN. Understand the different type of attacks and what you can do to ensure they don't cause undo harm.
A denial of service (DoS) attack is an assault that can cripple or disable a WLAN. The possibility of such an attack occurring is something that all companies deploying WLANs should consider.
Wireless networks are extremely vulnerable to DoS attacks. It can slow the network to crawling speeds or actually force it to quit working. For a company that's dependent on a WLAN to experience delays can be costly -- think of applications such as wireless security cameras, inventory systems, and point of sale terminals.
Types of Wireless DoS Attacks
One form of DoS attack is the "brute force" method. This can come in one of two forms: either a huge flood of packets that uses up all of the network's resources and forces it to shut down, or a very strong radio signal that totally dominates the airwaves and renders access points and radio cards useless.
A hacker can perform a packet-based brute force DoS attack by using other computers on the network to send the useless packets to the server. This adds significant overhead on the network and takes away useable bandwidth from legitimate users.
The use of very strong radio signals to disrupt the network is a rather risky attack for a hacker to attempt. Because a very powerful transmitter at a relatively close range must be used to execute this type of attack, the owners of the WLAN can find the hacker through the use of homing tools, such as AirMagnet.
Sometimes a DoS occurrence on a wireless network may not even be intentional. 802.11b resides in such a crowded spectrum; other 2.4GHz devices such as cordless phones, microwaves, Bluetooth, and more may cause a significant reduction in 802.11b performance.The new Wi-Fi Protected Access (WPA) is vulnerable to a type of DoS attack. WPA uses mathematical algorithms to authenticate users to the network. If a user is trying to get in and sends two packets of unauthorized data within one second, WPA will assume it is under attack and shut down.
While this feature is designed to safeguard against breaches of security, it presents a prime opportunity for a hacker. The only thing they need to do in this situation is send data frames periodically, causing constant shutdowns. The hacker may be difficult or impossible to find because they don't need to use much transmit power or utilization of the network.
How to Protect Against DoS Attacks
The only completely effective way to counter DoS attacks is to isolate your computers in a room with heavy security and unplug it from all networks, including the Internet. Of course this means not using a wireless network. The U.S. Government uses this method to protect their most sensitive data, but this solution is not practical for any enterprise or home application where there are benefits for deploying wireless networks.
The most fundamental protection against DoS is developing and maintaining strong security practices. Actions such as implementing and updating firewalls, maintaining updated virus protection, installing up-to-date security patches, ensuring strong passwords, and turning off network devices when they are not in needed should be routine practices for all companies. In addition, deploy DoS detection tools, such as AirDefense and AirMagnet.
You can protect a WLAN against DoS attacks by making the building as resistive as possible to incoming radio signals. Here are some steps to help reduce radio signal leakage:
- If interior walls are using metal studs, make sure they are grounded.
- Install thermally insulated copper or metallic film-based windows.
- Use metallic window tint instead of blinds or curtains.
- Use metallic-based paint on the interior parts or the exterior walls.
- Run tests to determine how far the signal actually leaks outside of the building and then adjust transmitter power accordingly until the leakage is eliminated or reduced to the point that it would be easy to locate a hacker.
- Aim directive access point antennas towards the inside of the building.
These solutions are expensive and also cuts off the usage of other wireless devices, such as cell phones. It also is not effective if a hacker some how gets "inside the cage."
Something that you should put in place for any WLAN application that is mission critical is a backup plan. No company should not be so dependent on their wireless network that if it goes down, everything grinds to a halt. With WLANs, there's a great deal of merit in having "Plan B."
Jim Geier provides independent consulting services to companies developing and deploying wireless network solutions. He is the author of the book, Wireless LANs and offers workshops on deploying WLANs.
Join Jim for discussions as he answers questions in the 802.11 Planet Forums.
Why not meet Jim Geier in person? Join us at the 802.11 Planet Conference & Expo, June 25 - 27, 2003 at the World Trade Center Boston in Boston, MA. Jim will be there in our exhibit hall and doing presentations including one called 2.4 GHz or 5GHz? Strategies for Choosing The Right Spectrum.