Some WLAN security experts say that the reaction to a type of denial of service (DoS) attack recently described by Queensland University researchers is severe: "This is new only in a small incremental sense," said Rich Mironov, vice president of marketing for AirMagnet. "This is one new flavor or variation of the DoS attack."
The report from Australia has been widely described as a dramatic new security fault inherent in the 802.11b standard. Some reports have included recommendations to stop using 802.11b networks altogether. The attack appears to have no real effect on 802.11a or 802.11g-only networks which employ a different signal encoding method than 802.11b.
But some say the attack isn't new at all. Richard Rushing, chief security officer for AirDefense, says this new report looks exactly like findings presented by University of San Diego researchers at a UseNix conference last August. The buzz around the recent report from Queensland just happens to be better publicized, he said.
Neither Mironov nor Rushing expect the form of attacks to be particularly threatening. The attack can be performed with an off-the-shelf PC card but the card's firmware must be modified using a driver that may or may not become public. "It's probably going to come out, but it's not necessarily going to propagate," said Rushing.
Even if it does get widely circulated, the attacks themselves will be limited to the APs in range of the altered PC card. "It's not like the whole network crashes. It's the one or two or three APs nearby that are crashing," Mironov said.
AirMagnet's current product looks for 16 other distinct DoS attacks and will soon identify this type of attack. When its network sensors pick up on the attack, an alarm is sent to a network administrator. An IT manager can then use a handheld device to locate the source of the attack to shut it down. AirMagnet expects to be able to distribute an update that will identify this specific attack in about a week, Mironov said.
Key to identifying such attacks are sensors that are separate from the APs, Rushing said. "If I'm using the AP to get my monitoring information I won't see anything. I'll just see that nothing is connecting to the AP," he said. But a separate sensor would see the signals sent from the hacker's device.
Mironov says this new attack is not a reason to shy from using WLANs. "It's the nature of Wi-Fi. To say you're going to give up on Wi-Fi because someone figured out how to shut it down seems extreme," he said.