Jamming (Denial of Service)


Denial-of-service (DoS) attacks are those that prevent the proper use of functions or services. Such attacks can also be extrapolated to wireless networks. To understand this, we must first consider how wireless 802.11b networks operate , and over what frequencies.

Effectively attacking (or securing) a wireless network requires a certain level of knowledge about how radio transmitters, frequencies, and wavelengths work and relate to each other. In the United States, the FCC governs frequencies and their allocation. Devices such as police radios, garage door openers, cordless phones, GPS receivers, microwave ovens, and cell phones use various frequencies to operate. In fact, millions of such devices are capable of operating simultaneously on the various frequencies of the radio spectrum (Table 7.2).

Table 7.2. The Radio Spectrum as Defined by the FCC

Band Name

Range

Usage

Very Low Frequency (VLF)

10kHz to 30kHz

Cable locating equipment

Low Frequency (LF)

30kHz to 300kHz

Maritime mobile service

Medium Frequency (MF)

300kHz to 3MHz

Avalanche transceivers, aircraft navigation, ham radio

High Frequency (HF)

3MHz to 30MHz

Radio astronomy, radio telephone, Civil Air Patrol, CB radios

Very High Frequency (VHF)

30MHz to 328.6MHz

Cordless phones, television, RC cars , aircraft/police/business radios

Ultra High Frequency (UHF)

328.6MHz to 2.9GHz

Police/fire radios, business radios, cellular phones, GPS, paging, wireless networks, cordless phones

Super High Frequency (SHF)

2.9GHz to 30GHz

Terminal doppler weather radar, various satellite communications

Extremely High Frequency (EHF)

30GHz and above

Government radio astronomy, military, vehicle radar systems, ham radio

NOTE

A frequency is the numerical representation of the number of times a sine wave oscillates per second. Let's say you are listening to 101.5 FM on the radio in your car. A transmitter generating a sine wave at 101,500,000 cycles per second is transmitting that signal. The unit of cycles per second is Hertz (Hz), which can be further expressed in terms of kilohertz (kHz), megahertz (MHz), and gigahertz (GHz). In our example of 101,500,000 cycles per second, we could refer to this as 101,500,000 Hertz, or 101,500 Kilohertz, or as it is commonly represented, 101.5 Megahertz .


Radio waves are very easy to create; in fact, you can demonstrate this right now. The following list shows how to create and hear your own radio waves.

Items needed: 9-volt battery, quarter, AM radio

  1. Tune the AM radio to a spot between radio stations , so that you hear static.

  2. Place the battery near the antenna of the AM radio.

  3. Quickly tap the quarter onto the two terminals of the battery, making sure the quarter comes in contact with both terminals simultaneously.

Each time the quarter comes in contact with the battery terminals, it will generate a small radio wave, causing a crackle in the radio.

The circuit you create produces circular waves of electromagnetic interference, perpendicular to the direction of electrical flow.

Wireless 802.11b networks operate in the UHF band, specifically between 2.4GHz and 2.5GHz. These frequencies are broken up into 14 channels as shown in Table 7.3. In the United States, only channels 111 are used. Europe uses channels 113, France uses channels 1013, and Japan uses channels 114.

Table 7.3. Frequency and Channel Assignments

CHANNEL

FREQUENCY

CHANNEL

FREQUENCY

1

2.412GHz

8

2.447GHz

2

2.417GHz

9

2.452GHz

3

2.422GHz

10

2.457GHz

4

2.427GHz

11

2.462GHz

5

2.432GHz

12

2.467GHz

6

2.437GHz

13

2.472GHz

7

2.442GHz

14

2.484GHz

When an 802.11b device is sending data, it is not just transmitting on a single frequency. A technology called Direct Sequence Spread Spectrum (DSSS) is used to spread the transmission over multiple frequencies. DSSS is designed to maximize the effectiveness of the radio transmission while minimizing the potential for interference. In DSSS, a "Channel" refers to a specific ruleset, rather than a particular frequency. These rulesets define how the radio will spread the signal across multiple frequencies, also identified as channels. It is much like having a party at your house at which there are people in eleven different rooms. In each of the eleven rooms, the guests are having a different conversation, and the sound is traveling from room to room. While you are in room one, you can hear the conversations of rooms one, two, three, four, and five. Guests in room six can hear the conversations in rooms two, three, four, five, six, seven, eight, nine and ten, but they cannot hear anything from room one because of a wall or ruleset. Table 7.4 illustrates the channel layout and shows what can be heard by each channel ruleset. In the entire eleven rulesets, there are only three that do not overlapCH1, CH6, and CH11.

Table 7.4. DSSS Channel Overlap Guide

CH1

CH2

CH3

CH4

CH5

CH1

CH2

CH3

CH4

CH5

CH6

CH1

CH2

CH3

CH4

CH5

CH6

CH7

CH1

CH2

CH3

CH4

CH5

CH6

CH7

CH8

CH1

CH2

CH3

CH4

CH5

CH6

CH7

CH8

CH9

 

CH2

CH3

CH4

CH5

CH6

CH7

CH8

CH9

CH10

   

CH3

CH4

CH5

CH6

CH7

CH8

CH9

CH10

CH11

     

CH4

CH5

CH6

CH7

CH8

CH9

CH10

CH11

       

CH5

CH6

CH7

CH8

CH9

CH10

CH11

         

CH6

CH7

CH8

CH9

CH10

CH11

           

CH7

CH8

CH9

CH10

CH11

Conversations governed by ruleset 6 (Channel 6) cannot be heard by a station operating according to rulesets 1 or 11. Thus, in large infrastructure environments, there are really only three rulesets available. For an attacker building some type of jamming device, this is important. Based on the chart in Table 7.4, you can see that by targeting frequencies 5, 6, and 7, the jammer can cause the maximum amount of interference.

Jamming or causing interference to an 802.11b network can be fairly simple. There are several commercially available devices that that will bring a wireless network to its knees. For example, a Bluetooth-enabled device is one such item that can cause headaches for 802.11b networks. We have found that when a Bluetooth device is located within approximately ten meters of 802.11b devices, the Bluetooth device will cause a jamming type of denial-of-service attack. The same is true of several 2.4GHz cordless phones that are currently available. This is because the 2.4GHz band is becoming widely used and is considered shared, thus allowing all kinds of devices to use it.

The signals generated by these devices can appear to be an 802.11 transmission to other stations on the wireless network, thus causing them to hold their transmissions until the signal has gone, or until you have hung up the cordless phone. The other possibility is that the devices will just cause an increase in RF noise, which could cause the 802.11b devices to switch to a slower data rate. Devices re-send frames over and over again to increase the odds of the other station receiving it. Normally, data is transmitted at 11Mbps when sending one copy of each frame. If it were to drop to 50% efficiency, the device would still be transmitting at 11Mbps, but it would be sending a duplicate of each frame, making the effective speed 5.5Mbps. Thus you will have a significant decrease in network performance as a result of re-sending duplicate frames. In addition, with a high level of RF noise, you can expect to see an increase in corrupt frames , which also requires a full retransmission of the packet.



Maximum Wireless Security
Maximum Wireless Security
ISBN: 0672324881
EAN: 2147483647
Year: 2002
Pages: 171

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net