Menu

Database

Deauthentication Frame DoS

WVE ID: WVE-2005-0045

Type: Vulnerability

Status: Candidate

Classification:
Denial of Service
Design Flaw

Description:
802.11 networks are vulnerable to DoS attacks that involve sending Deauthentication frames to a station or network.

Discussion:
802.11 networks utilize frames to manage connection and disconnection of stations from a wireless network. These are appropriately called management frames. One type of management frame, a deauthentication frame is used to deauthenticate a station from a wireless network and may be sent by a station or an Access Point.

There are several reasons for sending these frames, ranging from the station leaving the network to the authentication of the receiving station no longer being valid. Once a station receives a deauthentication frame from the AP it is disconnected from the network.

However, a problem arises in that 802.11 management frames provide no authentication. Hence it is possible for an attacker to spoof a legitimate AP's BSSID to send deauthentication frames to a station. This of course will cause the station to disconnect from the network at which point it will attempt to reconnect.

If the attacker sends the deauthentication frames at a high rate the station will receive another deauthentication before it finishes authenticating and associating with the legitimate AP. Thus, the station is blocked from using the network until the attacker stops transmitting the deauthentication frames.

It is also possible to target an entire wireless network by sending the deauthentication frames to the broadcast address (FF:FF:FF:FF:FF:FF) instead of directing them to an individual station. This will cause all stations on the network to be disconnected -- using only one deauthentication frame.

Credits

References
URL: http://standards.ieee.org/getieee802/download/802.11-1999.pdf
WVE: WVE-2005-0019

Released: 2000-01-01

Submitter
Andrew Lockhart (alockhart@networkchemistry.com) : Network Chemistry

Submitted: Wed Nov 30 11:31:32 -0800 2005

Candidate Date: Wed Nov 30 11:33:44 -0800 2005


Recent Entries

TKIP Replay and Plaintext Discovery
WVE-2008-0013 11/18/2008
Active Https Cookie Hijacking
WVE-2008-0012 9/18/2008
Auto Immune Attack
WVE-2008-0011 9/17/2008
Marvell Null SSID Association Request
WVE-2008-0010 9/15/2008
Marvell EAPOL-Key Length Overflow
WVE-2008-0009 9/15/2008
Atheros IE Tag Overflow
WVE-2008-0008 9/15/2008
Weaknesses in the A5/1 Cipher
WVE-2008-0007 4/9/2008
Block ACK DoS
WVE-2008-0006 4/9/2008
GF Mode WIDS Rogue AP Evasion
WVE-2008-0005 4/9/2008
HT Intolerant Degradation of Service
WVE-2008-0004 4/9/2008
More Entries...

News

SANS Institute Sponsors WVE
4/19/2008
Wireless Attackers and Honeypot Technology
4/15/2008
High Speed Risks in 802.11n Slides Posted
4/11/2008
Vulnerabilities in 802.11n
4/9/2008
WVE Editors Speaking at SHARKFEST.08
1/3/2008
More News...