NETW 05A: APPLIED WIRELESS
SECURITY
Denial of Service
By Mohammad Shanehsaz
February 22, 2005
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Objectives
Explain how the following types of DoS



RF jamming
Data flooding
Client hijacking
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
RF Jamming
Use of high-power, narrowband RF transmitter
and antenna will stop a wireless LAN
High powered signal generation devices are
inexpensive and simple to assemble and use
Microwave ovens, 2.4GHz phones, Bluetooth
devices, and Wi-Fi devices can cause
unintentional RF jamming
No defense other than physical security of the
premises can prevent RF jamming attacks
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Data Flooding
Deny authorized users bandwidth on the wireless LAN
by:
- using traffic generation software one of which is
Tamosoft’s Commview ( www.tamosoft.com )


Inexpensive
Easy to use
- Downloading extremely large files from
high bandwidth internet sites over the wireless LAN
- Pull or push a file to or from an internal server on the
LAN
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Hijacking
This is a situation in which an unauthorized user
takes control of an authorized user’s wireless LAN
connection.
It is done at layer 2 for DOS and at layer 3 for
attacking purposes.
In order to hijack a wireless user, one must use
an access point that replicates the functions being
performed by an authorized access point.
Using a jamming device will force users to roam.
Next the layer 3 connection is established by
running DHCP server.
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Hijacking tools
Forced roaming through RF jamming(layer2)
- Bluetooth devices
-Narrowband transmitters
Access Point software ( layer2 )
-ZoomAir AP ( Windows )
-Cqure AP ( Linux )
Rogue DHCP Service ( layer3 )
-Kerio’s WinRoute ( www.kerio.com )
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Resources
CWSP certified wireless security
professional, from Mc Graw Hill
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.