DENIAL OF SERVICE (DOS) ATTACKS

802.11 wireless networks can face denial of service attacks using the 802.11 protocol itself and from interference in the S-Band ISM frequency range. The ISM (Industrial Scientific and Medical) range is set aside by the FCC for use by unlicensed devices. This means that if you wish to create an RF system that uses an ISM band, you will not have to pay licensing fees to the FCC to use it, although you will still need to register the device. 802.11a, 11b, and 11g all use the 2.4-2.5GHz ISM band, which is extremely crowded at the moment. Cordless phones, baby monitors , X10 cameras , and a host of other devices operate in this band and can cause packet loss or outright disruption of service in 802.11 networks.

802.11's other inherent problem is that the management frames that control clientconnection operations are completed unauthenticated and subject to trivial spoofing. Essentially, an attacker can forge a packet so that it appears, to all the clients on the network, as if it originates at the access point. This packet tells these clients to disconnect. There is nothing that can be done to prevent this if someone wants to execute the attack against your network. The wlan_jack tool that implements this attack is included with the Air-Jack suite. To use it, you'll need to specify the access point MAC, channel, and target MAC address to send the attack to. The default destination is the broadcast address, which means the attack will be sent to all clients. You can, however, selectively kill one client connection by specifying that station's MAC address only. In the following example, the target MAC we wish to deauthenticate (and thus keep off the network) is 00:09:E8:B4:CB:E8, and the access point's MAC is 00:07:0E:B9:94:32:

 [cloud@gabriel tools]#  ./wlan_jack -b 00:07:0E:B9:94:32 -v 00:09:E8: B4:CB:E8 -c 6 -i aj0  Wlan-Jack: 802.11 DOS utility Jacking Wlan... 

wlan_jack operates continually until it is spotted, so it could keep the station off the network indefinitely.