This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. NETW 05A: APPLIED WIRELESS SECURITY Denial of Service By Mohammad Shanehsaz February 22, 2005

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Objectives Explain how the following types of DoS RF jamming Data flooding Client hijacking

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. RF Jamming Use of high-power, narrowband RF transmitter and antenna will stop a wireless LAN High powered signal generation devices are inexpensive and simple to assemble and use Microwave ovens, 2.4GHz phones, Bluetooth devices, and Wi-Fi devices can cause unintentional RF jamming No defense other than physical security of the premises can prevent RF jamming attacks

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Data Flooding Deny authorized users bandwidth on the wireless LAN by: - using traffic generation software one of which is Tamosoft’s Commview ( ) Inexpensive Easy to use - Downloading extremely large files from high bandwidth internet sites over the wireless LAN - Pull or push a file to or from an internal server on the LAN

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Hijacking This is a situation in which an unauthorized user takes control of an authorized user’s wireless LAN connection. It is done at layer 2 for DOS and at layer 3 for attacking purposes. In order to hijack a wireless user, one must use an access point that replicates the functions being performed by an authorized access point. Using a jamming device will force users to roam. Next the layer 3 connection is established by running DHCP server.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Hijacking tools Forced roaming through RF jamming(layer2) - Bluetooth devices -Narrowband transmitters Access Point software ( layer2 ) -ZoomAir AP ( Windows ) -Cqure AP ( Linux ) Rogue DHCP Service ( layer3 ) -Kerio’s WinRoute ( )

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. tools YDI PSG Kit with antenna ZoomAir AP Cqure AP Tamosoft CommView

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Resources CWSP certified wireless security professional, from Mc Graw Hill