Wireless Attacks ~ Jamming (Denial of Service)

written by: Brian Rodrigues; article published: year 2006, month 07;



In: Categories » Electronics and communication » Wireless and mobile computing » Wireless Attacks ~ Jamming (Denial of Service)

Denial-of-service (DoS) attacks are those that prevent the proper use of functions or services. Such attacks can also be extrapolated to wireless networks. To understand this, we must first consider how wireless 802.11b networks operate, and over what frequencies.

Effectively attacking (or securing) a wireless network requires a certain level of knowledge about how radio transmitters, frequencies, and wavelengths work and relate to each other. In the United States, the FCC governs frequencies and their allocation. Devices such as police radios, garage door openers, cordless phones, GPS receivers, microwave ovens, and cell phones use various frequencies to operate. In fact, millions of such devices are capable of operating simultaneously on the various frequencies of the radio spectrum.

The Radio Spectrum as Defined by the FCC

Band Name

Range

Usage

Very Low Frequency (VLF)

10kHz to 30kHz

Cable locating equipment

Low Frequency (LF)

30kHz to 300kHz

Maritime mobile service

Medium Frequency (MF)

300kHz to 3MHz

Avalanche transceivers, aircraft navigation, ham radio

High Frequency (HF)

3MHz to 30MHz

Radio astronomy, radio telephone, Civil Air Patrol, CB radios

Very High Frequency (VHF)

30MHz to 328.6MHz

Cordless phones, television, RC cars, aircraft/police/business radios

Ultra High Frequency (UHF)

328.6MHz to 2.9GHz

Police/fire radios, business radios, cellular phones, GPS, paging, wireless networks, cordless phones

Super High Frequency (SHF)

2.9GHz to 30GHz

Terminal doppler weather radar, various satellite communications

Extremely High Frequency (EHF)

30GHz and above

Government radio astronomy, military, vehicle radar systems, ham radio

NOTE

A frequency is the numerical representation of the number of times a sine wave oscillates per second. Let's say you are listening to 101.5 FM on the radio in your car. A transmitter generating a sine wave at 101,500,000 cycles per second is transmitting that signal. The unit of cycles per second is Hertz (Hz), which can be further expressed in terms of kilohertz (kHz), megahertz (MHz), and gigahertz (GHz). In our example of 101,500,000 cycles per second, we could refer to this as 101,500,000 Hertz, or 101,500 Kilohertz, or as it is commonly represented, 101.5 Megahertz.

Radio waves are very easy to create; in fact, you can demonstrate this right now. The following list shows how to create and hear your own radio waves.

Items needed: 9-volt battery, quarter, AM radio

  1. Tune the AM radio to a spot between radio stations, so that you hear static.

  2. Place the battery near the antenna of the AM radio.

  3. Quickly tap the quarter onto the two terminals of the battery, making sure the quarter comes in contact with both terminals simultaneously.

Each time the quarter comes in contact with the battery terminals, it will generate a small radio wave, causing a crackle in the radio.

The circuit you create produces circular waves of electromagnetic interference, perpendicular to the direction of electrical flow.

Wireless 802.11b networks operate in the UHF band, specifically between 2.4GHz and 2.5GHz. These frequencies are broken up into 14 channels. In the United States, only channels 1–11 are used. Europe uses channels 1–13, France uses channels 10–13, and Japan uses channels 1–14

Frequency and Channel Assignments

CHANNEL

FREQUENCY

CHANNEL

FREQUENCY

1

2.412GHz

8

2.447GHz

2

2.417GHz

9

2.452GHz

3

2.422GHz

10

2.457GHz

4

2.427GHz

11

2.462GHz

5

2.432GHz

12

2.467GHz

6

2.437GHz

13

2.472GHz

7

2.442GHz

14

2.484GHz

When an 802.11b device is sending data, it is not just transmitting on a single frequency. A technology called Direct Sequence Spread Spectrum (DSSS) is used to spread the transmission over multiple frequencies. DSSS is designed to maximize the effectiveness of the radio transmission while minimizing the potential for interference. In DSSS, a "Channel" refers to a specific ruleset, rather than a particular frequency. These rulesets define how the radio will spread the signal across multiple frequencies, also identified as channels. It is much like having a party at your house at which there are people in eleven different rooms. In each of the eleven rooms, the guests are having a different conversation, and the sound is traveling from room to room. While you are in room one, you can hear the conversations of rooms one, two, three, four, and five. Guests in room six can hear the conversations in rooms two, three, four, five, six, seven, eight, nine and ten, but they cannot hear anything from room one because of a wall or ruleset. The next table illustrates the channel layout and shows what can be heard by each channel ruleset. In the entire eleven rulesets, there are only three that do not overlap—CH1, CH6, and CH11

DSSS Channel Overlap Guide

CH1

CH2

CH3

CH4

CH5

CH1

CH2

CH3

CH4

CH5

CH6

CH1

CH2

CH3

CH4

CH5

CH6

CH7

CH1

CH2

CH3

CH4

CH5

CH6

CH7

CH8

CH1

CH2

CH3

CH4

CH5

CH6

CH7

CH8

CH9
 

CH2

CH3

CH4

CH5

CH6

CH7

CH8

CH9

CH10
   

CH3

CH4

CH5

CH6

CH7

CH8

CH9

CH10

CH11
     

CH4

CH5

CH6

CH7

CH8

CH9

CH10

CH11
       

CH5

CH6

CH7

CH8

CH9

CH10

CH11
         

CH6

CH7

CH8

CH9

CH10

CH11
           

CH7

CH8

CH9

CH10

CH11

Conversations governed by ruleset 6 (Channel 6) cannot be heard by a station operating according to rulesets 1 or 11. Thus, in large infrastructure environments, there are really only three rulesets available. For an attacker building some type of jamming device, this is important. You can see that by targeting frequencies 5, 6, and 7, the jammer can cause the maximum amount of interference.

Jamming or causing interference to an 802.11b network can be fairly simple. There are several commercially available devices that that will bring a wireless network to its knees. For example, a Bluetooth-enabled device is one such item that can cause headaches for 802.11b networks. We have found that when a Bluetooth device is located within approximately ten meters of 802.11b devices, the Bluetooth device will cause a jamming type of denial-of-service attack. The same is true of several 2.4GHz cordless phones that are currently available. This is because the 2.4GHz band is becoming widely used and is considered shared, thus allowing all kinds of devices to use it.

The signals generated by these devices can appear to be an 802.11 transmission to other stations on the wireless network, thus causing them to hold their transmissions until the signal has gone, or until you have hung up the cordless phone. The other possibility is that the devices will just cause an increase in RF noise, which could cause the 802.11b devices to switch to a slower data rate. Devices re-send frames over and over again to increase the odds of the other station receiving it. Normally, data is transmitted at 11Mbps when sending one copy of each frame. If it were to drop to 50% efficiency, the device would still be transmitting at 11Mbps, but it would be sending a duplicate of each frame, making the effective speed 5.5Mbps. Thus you will have a significant decrease in network performance as a result of re-sending duplicate frames. In addition, with a high level of RF noise, you can expect to see an increase in corrupt frames, which also requires a full retransmission of the packet.

legal disclaimer

1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service

Useful tools and features

Translate this article to...    Send this article to you or to a friend

Link to this article from your page   
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.

related articles

1. How Do I Share Pictures on the Web
A popular way to electronically share pictures these days is via online photo services that publish web page galleries of your images. Only a few years ago, setting up an online gallery was a cumbersome process requiring some knowledge of web page design. But easy-to-use online services such as Flickr have streamlined this process so that anyone with an Internet connection can publish photos. In addition to sharing pictures, these services allow you to write short captions, add titles, and even include "tags" that serv...

2. Wireless Communication Platforms for LANS
Despite the prevalence of standards committees in the wireless industry, there is no single unifying standard. It is important for enterprises to consider all the aspects involved in mobile support while contemplating a strategy for mobile e-commerce. Some of the key criteria in choosing a wireless network specification include: Average size of transfers Number of devices in the wireless network Others Range of transmission Secur...

3. Wireless Attacks ~ War Driving
When a surveillance attack is either impossible or too difficult, war driving is an effective alternative. In many situations, war driving follows and adds information to a prior surveillance attack. Conversely, the information obtained from random war driving often leads to a surveillance attack on a discovered location. The term war driving is borrowed from the 1980s phone hacking tactic known as war dialing. War dialing involves dialing all the phone numbers in a given sequence to search for modems. In fact, this method of ...

4. How To Get Photo Quality Prints
There are a variety of ways to get photo-quality prints from your digital images. You can make them yourself with a printer at home, or have a photo finisher do the work for you. Many camera stores offer photo finishing from digital images. Simply take in your memory card, order the prints, and pick them up the next day. This service is now available in most drugstore chains, too—instead of dropping off a roll of film while running your errands, you leave them your memory card instead. You can also order prints throu...

5. Wireless Privacy Protocols ~ WEP detailed
The Wired Equivalent Privacy protocol is incorporated as part of the IEEE 802.11b protocol. Actually, the standard only calls for 40-bit WEP, but almost all vendors offer up to 128-bit WEP. To secure data, WEP uses the RC4 algorithm to encrypt the packets of information as they are sent out from the access point or wireless network card. This is the same algorithm used in many other Internet applications that require security, such as Secure Sockets Layer (SSL). SSL is the most common protocol used by online stores to e...

6. Wireless Attacks ~ Rogue Access Points
Rogue access points are those connected to a network without planning or permission from the network administrator. For example, we know one administrator in Dallas who just did his first wireless security scan (war driving) on his eight-building office campus. To his surprise, he found over thirty access points. Worse, only four of them had authorization to be connected to the network. Needless to say, heads rolled. Rogue access points are becoming a major headache in the security industry. With the price of low-end ac...

7. Wireless Network Protocols ~ Advantages and Disadvantages of Bluetooth
There are various wireless communication protocols. These technologies range in scope from long distance WLANs to one-meter IrDA devices. Each of these technologies has its niche, as well as its attendant strengths and weaknesses. For example, WLANs enable the transmission of data up to several hundred feet, but often require manual configuration changes that are difficult to implement. On the other hand, IrDA permits a seamless connection between devices without the need for extra configuration. However, their usability is de...

8. Wireless Network Protocols ~ Understanding HomeRF and IrDA
About the same time WECA approved the 802.11 standard, several other types of wireless technologies were being introduced. Although a few have made a rather impressive niche in the Personal Area Network (PAN) market, the only other WLAN technology that came close to competing with 802.11 was HomeRF. Using the Shared Wireless Access Protocol (SWAP), HomeRF merges the 802.11 FHSS standard with the six voice channels based on Digital Enhanced Cordless Telecommunications (DECT). In other words, the home network included both ...

9. WLAN Broadcasting ~ MiniStumbler ~ a wireless network scanner
MiniStumbler is a very user-friendly wireless network scanner that listens for beacon signals coming from open and broadcasting WLANs. In addition, this program will provide a plethora of information that makes it very useful for both hackers and the security professionals. As you will see, MiniStumbler might be small, but it packs a load of power in its functionality. Installing MiniStumbler MiniStumbler is a basic one-file program that simply needs to be downloaded, unzipped, and placed in the My Documents sha...