Re: Continous Preamble DoS?

Raul,
To support your statement, this is most definitely covered in the SANS 
course, (awesome stuff!).

However, for the Window side, the commercial tools/drivers that support 
this functionality for certain cards have become harder and harder to 
come by.

Cheers.
-Nick

Raul Siles wrote:
> Asier is right.
>
> I would point out that the functionality was created by wireless
> engineers as a debug option to test the transmission capabilities of
> the WiFi cards and tune the chipset. Wireless cards check if the radio
> link is clear before transmitting, but when this option is used, it
> transmits constant energy in a specific 802.11 channel, so nobody
> using that frequency can connect to the network.
>
> We cover this attack in the SANS wireless security course [1], and
> unfortunately, there are Windows-based GUI tools that implement this
> functionality for specific drivers (sorry, no names here), and can be
> used as point-and-click DoS tools :(
>
> When testing it, be careful and check the card temperature. It is
> going to become dangerously hot!!
> --
> Raul Siles
> GSE
> www.raulsiles.com
>
> [1] Shameless plug :)
> http://www.sans.org/brussels07/description.php?tid=343
>
>
> On 5/2/07, Asier Martinez <axierr@xxxxxxxxx> wrote:
> > Yes,
> > check this http://www.auscert.org.au/render.html?it=4091
> >
> > It exist because it's usefull for network problem debugging, initially
> > it exists as PLME.DSSSTESTMODE primitive in 802.11b standard and
> > because it's obvius potential damage it was removed from comercial
> > driver versions.
> >
> > 2007/5/2, Seth Fogie <seth@xxxxxxxxxxxxxxx>:
> > > I recently came across this driver that allows the Linksys WCF54G card
> > > to support wireless sniffing from WM5. Typical stuff...except then I
> > > noticed something called ' Continuous preamble mode ', which I had 
> > never
> > > heard before...
> > >
> > > I asked the creator about it and this was his response:
> > > Primary I needed WM5.0 driver for WCF54G card.
> > > Driver was written with Linux similar driver sources information.
> > > In these sources I found continuos preamble debug option.
> > > I had only mode Name and Comments...
> > >
> > > Possible GPL issues aside, when I enable this mode my network goes 
> > down.
> > > However, no packets are detected using Airmagnet, Wireshark, or any
> > > other program. AirPCap does pickup something...but it is like 
> > random data.
> > >
> > > I used an RF analyzer to see if it was doing something odd and sure
> > > enough, when I enabled the mode I saw a HUGE spike in RF around 
> > channel
> > > 6 (current channel) and then a constant RF emission from then on 
> > spread
> > > across the entire 2.4 range.
> > >
> > > Has anyone seen anything like this or know what it could be or why it
> > > exists?
> > >
> > > Thanks
> > > Seth
> > >

____________________________________________________________
FREE 3D EARTH SCREENSAVER - Watch the Earth right on your desktop!
Check it out at http://www.inbox.com/earth