Denial-of-service (DoS) attacks are those that prevent the proper use of functions or services. Such attacks can also be extrapolated to wireless networks. To understand this, we must first consider how wireless 802.11b networks operate , and over what frequencies.
Effectively attacking (or securing) a wireless network requires a certain level of knowledge about how radio transmitters, frequencies, and wavelengths work and relate to each other. In the United States, the FCC governs frequencies and their allocation. Devices such as police radios, garage door openers, cordless phones, GPS receivers, microwave ovens, and cell phones use various frequencies to operate. In fact, millions of such devices are capable of operating simultaneously on the various frequencies of the radio spectrum (Table 7.2).
Table 7.2. The Radio Spectrum as Defined by the FCC
A frequency is the numerical representation of the number of times a sine wave oscillates per second. Let's say you are listening to 101.5 FM on the radio in your car. A transmitter generating a sine wave at 101,500,000 cycles per second is transmitting that signal. The unit of cycles per second is Hertz (Hz), which can be further expressed in terms of kilohertz (kHz), megahertz (MHz), and gigahertz (GHz). In our example of 101,500,000 cycles per second, we could refer to this as 101,500,000 Hertz, or 101,500 Kilohertz, or as it is commonly represented, 101.5 Megahertz .
Radio waves are very easy to create; in fact, you can demonstrate this right now. The following list shows how to create and hear your own radio waves.
Items needed: 9-volt battery, quarter, AM radio
Each time the quarter comes in contact with the battery terminals, it will generate a small radio wave, causing a crackle in the radio.
The circuit you create produces circular waves of electromagnetic interference, perpendicular to the direction of electrical flow.
Wireless 802.11b networks operate in the UHF band, specifically between 2.4GHz and 2.5GHz. These frequencies are broken up into 14 channels as shown in Table 7.3. In the United States, only channels 111 are used. Europe uses channels 113, France uses channels 1013, and Japan uses channels 114.
Table 7.3. Frequency and Channel Assignments
When an 802.11b device is sending data, it is not just transmitting on a single frequency. A technology called Direct Sequence Spread Spectrum (DSSS) is used to spread the transmission over multiple frequencies. DSSS is designed to maximize the effectiveness of the radio transmission while minimizing the potential for interference. In DSSS, a "Channel" refers to a specific ruleset, rather than a particular frequency. These rulesets define how the radio will spread the signal across multiple frequencies, also identified as channels. It is much like having a party at your house at which there are people in eleven different rooms. In each of the eleven rooms, the guests are having a different conversation, and the sound is traveling from room to room. While you are in room one, you can hear the conversations of rooms one, two, three, four, and five. Guests in room six can hear the conversations in rooms two, three, four, five, six, seven, eight, nine and ten, but they cannot hear anything from room one because of a wall or ruleset. Table 7.4 illustrates the channel layout and shows what can be heard by each channel ruleset. In the entire eleven rulesets, there are only three that do not overlapCH1, CH6, and CH11.
Table 7.4. DSSS Channel Overlap Guide
Conversations governed by ruleset 6 (Channel 6) cannot be heard by a station operating according to rulesets 1 or 11. Thus, in large infrastructure environments, there are really only three rulesets available. For an attacker building some type of jamming device, this is important. Based on the chart in Table 7.4, you can see that by targeting frequencies 5, 6, and 7, the jammer can cause the maximum amount of interference.
Jamming or causing interference to an 802.11b network can be fairly simple. There are several commercially available devices that that will bring a wireless network to its knees. For example, a Bluetooth-enabled device is one such item that can cause headaches for 802.11b networks. We have found that when a Bluetooth device is located within approximately ten meters of 802.11b devices, the Bluetooth device will cause a jamming type of denial-of-service attack. The same is true of several 2.4GHz cordless phones that are currently available. This is because the 2.4GHz band is becoming widely used and is considered shared, thus allowing all kinds of devices to use it.
The signals generated by these devices can appear to be an 802.11 transmission to other stations on the wireless network, thus causing them to hold their transmissions until the signal has gone, or until you have hung up the cordless phone. The other possibility is that the devices will just cause an increase in RF noise, which could cause the 802.11b devices to switch to a slower data rate. Devices re-send frames over and over again to increase the odds of the other station receiving it. Normally, data is transmitted at 11Mbps when sending one copy of each frame. If it were to drop to 50% efficiency, the device would still be transmitting at 11Mbps, but it would be sending a duplicate of each frame, making the effective speed 5.5Mbps. Thus you will have a significant decrease in network performance as a result of re-sending duplicate frames. In addition, with a high level of RF noise, you can expect to see an increase in corrupt frames , which also requires a full retransmission of the packet.