Advisory Number: AV04-023 Vulnerability in IEEE 802.11
12 May 2004
This advisory brings attention to a denial of service vulnerability that exists
in hardware implementations of the IEEE 802.11 wireless protocol.
The vulnerability is related to the medium access control (MAC) function of
the IEEE 802.11 protocol. WLAN devices perform Carrier Sense Multiple Access
with Collision Avoidance (CSMA/CA) to minimise the likelihood of two devices
transmitting simultaneously. Fundamental to the functioning of CSMA/CA is
the Clear Channel Assessment (CCA) procedure, used in all standards-compliant
hardware and performed by a Direct Sequence Spread Spectrum (DSSS) physical
An attack against this vulnerability exploits the CCA function
at the physical layer and causes all WLAN nodes within range, both
clients and access points, to permanently defer transmission of
data. When under attack, the device behaves as if the channel is
always busy, preventing the transmission of any data over the wireless
Affected devices include those that implement IEEE 802.11 using
a DSSS physical layer (i.e. IEEE 802.11, 802.11b and low-speed
-below 20Mbps, 802.11g wireless devices.
Not afftected: IEEE 802.11a and high-speed (above 20Mbps) 802.11g
The results of a successful DoS attack will not be directly discernable
to an attacker, so an attack of this type may be generally less
attractive to mount. The effect of the DoS on WLANs is not persistent
- once the jamming transmission terminates, network recovery is
IEEE 802.11 device transmissions are of low energy and short range,
so the range of this attack is limited by the signal strength of
the attacking device, which is typically low. Well shielded WLANs
such as those for internal infrastructures should be relatively
immune, however individual devices within range of the attacker
may still be affected. Public access points will remain particularly
At this time no software or firmware upgrades are available for existing devices,
as the issue is inherent in the protocol implementation of IEEE 802.11 DSSS.
PSEPC recommends that environments in which network availability
is a primary importance should evaluate and take necessary steps
to ensure their susceptability to this vulnerability is limited.
For more information please see: http://www.auscert.org.au/render.html?it=4091
Note to Readers
Public Safety and Emergency Preparedness Canada (PSEPC) collects
information related to cyber and physical threats to, and incidents
involving, Canadian critical infrastructure. This allows us to
monitor and analyse threats and to issue alerts, advisories and
other information products. To report threats or incidents, please
contact the PSEPC operations coordination centre at (613) 991-7000
or firstname.lastname@example.org by
Unauthorized use of computer systems and mischief in relation to
data are serious Criminal Code offences in Canada. Any suspected
criminal activity should be reported to local law enforcement organizations.
The RCMP National
Operations Centre (NOC) provides a 24/7 service to receive such
reports or to redirect callers to local law enforcement organizations.
The NOC can be reached at (613) 993-4460. National security concerns
should be reported to the Canadian
Security Intelligence Service (CSIS) at
Links to sites not under the control of the Government of Canada
(GoC) are provided solely for the convenience of users. The GoC
is not responsible for the accuracy, currency or the reliability
of the content. The GoC does not offer any guarantee in that regard
and is not responsible for the information found through these
links, nor does it endorse the sites and their content.