Home About UsOur mission, Our name, Contacting us Events & Topics Articles Business General Technical Surveys FAQ

Wireless and Denial of Service Attacks

by Ed Sawicki
Accelerated Learning Center
Tailored Computers

April 15, 2002

This article deals with the issue of crippling a wireless network so it can't be used - a denial of service attack. This can be done by an unskilled attacker with readily-available components.

Wireless security

Wireless technologies are very popular. This is no surprise given the advertising budgets of wireless suppliers. There are those idiotic "Can you hear me now?" TV commercials. Are we to believe that the wireless companies have abandoned their sophisticated testing gear in favor of dweebs walking around with cell phones? No, but non-technical people seem to eat this up.

In the data world, wireless Ethernet is riding this wave as well. In many cases, companies are replacing their traditional wired networks with wireless - even for non-mobile applications.

There have been numerous warnings from security experts about wireless protocols, such as WEP, being grossly insecure. Company data networks are easily accessible to nearby evesdroppers. Numerous programs are available for Windows and Linux that allow crackers to attack these wireless networks. None of this seems to have deterred companies from deploying wireless Ethernet as replacements for wired networks.

This article does not focus on these security issues, because there's no point in alerting people to vulnerabilities they don't care about. It would be the same as warning companies about serious security holes in Windows. Let's focus on another issue that may be harder to ignore.

Denial of Service

Suppose your company replaced your wired network (100BaseT) with wireless Ethernet. This may have happened because the wireless salesman convinced someone that it eliminates the high cost of adds, moves, and changes (what happens when office space is rearranged and wires must be installed or rerouted). Has network reliability (not security) been affected in any way by the move to wireless?

It may not seem so, but the risk of sabotage has been dramatically increased. An ill-funded attacker with little knowledge (perhaps a disgruntled employee) can easily take down most or all of your network and you'd likely not know the cause. A smart attacker can vary the attack such that you'd be fighting the problem forever, never knowing that you were under attack.

The attack is simply jamming - the same principle used by the Russians and Cubans when they wanted to block the anti-Communist, pro-Democracy radio broadcasts from the Voice of America radio transmitters in the 1960s and 70s. To jam, you just need to broadcast a radio signal at the same frequency but at a higher power.

To cripple a wireless Ethernet, you jam it by broadcasting radio signals at the same frequency as the wireless Ethernet transmitters - 2.4 GHz for most wireless Ethernet being used now (IEEE 802.11b). Since wireless Ethernet transmitters use far less than one Watt of power, it would be trivial to broadcast signals of greater power.

How does an attacker get hold of a 2.4 GHz transmitter with enough power to jam a wireless network in, say, a building?

Simple. You can buy 1000 Watt transmitters at your local home applicance store. This is far more than enough power for jamming. I've seen them on sale for as low as $55. They're called microwave ovens.

Normally, a microwave oven doesn't emit radio signals beyond its shielded cabinet. They must be modified to become useful at jamming but the only skill required is knowing how to use a screwdriver. An attacker can simply remove the device that produces the microwave signals and its power supply. The device is called a klystron or magnetron as is shown below. It's about 4 inches on each side and about 5 inches tall. It can be placed inside a box smaller than the microwave oven it came from. It can be disguised as some other object - a computer printer cabinet for example.

What range would the device have? On the order of several hundred feet. A well-designed antenna can extend that distance considerably. It's possible that an attacker can be quite a distance from your building and still disrupt your network.

Health risks

This kind of attack is a threat to more than just your network. It's a considerable threat to people. Anyone in the path of the microwave radio beam is in danger. The danger is grave when their distance to the source is down to tens of feet or less. Death is likely if exposed for an extended period. Exposure to high-energy, microwave radio transmissions causes blisters, boils, internal bruising, internal bleeding, stimulates cancer and tumors, and causes cataracts. Early signs are red blotches that appear on the skin.

Proof that microwave ovens can be sources of high-energy, microwave radio signals are here. This page describes how a kitchen microwave oven can be used to melt metals at temperatures up to 1000 degrees Celsius.

Solutions

Your strategy should be to deploy wireless Ethernet only where it's needed, such as mobile applications, where an attacker has a moving target. Replacing more robust wired networks with wireless when it's not necessary seems silly given the ease with which wireless networks can be attacked.

Another partial solution is to deploy IEEE 802.11a instead of IEEE 802.11b. The reason is that 802.11a operates in the 5GHz range. Microwave ovens don't operate at that frequency and no other commodity-priced devices capable of jamming that frequency with considerable power exist. However, it would not be difficult for a smart attacker to build a few low-power 5 GHz transmitters. Perhaps wireless Ethernet cards can be modified to be jammers. After all, most of these cards can have their software updated easily. These can be placed close to wireless access points to take down your network. These would also be more difficult to detect.

Back