Ticket #98 (closed defect: fixed)

Opened 5 years ago

Last modified 5 years ago

dynamic beacon interval is susceptible to remote abuse by packet injection

Reported by: xmxwx Assigned to: xmxwx
Priority: high Milestone: 2.0
Component: Madwifi Version: 0.2rc1
Severity: critical Keywords:
Cc:

Description

003-dynamic_bintval.diff introduced immediate reprogramming of beacon miss timer. It let STA seamlessly follow AP's Beacon Interval changes instead of entering an infinite loop. This bugfix resists Probe Response BI injection attack, however opens possibility to perform Beacon Frame BI injection attack. The latter one is more explicit and thus easily recognizable, but the impact on network performance is similar.

Change History

08/20/06 13:19:06 changed by xmxwx

  • status changed from new to assigned.

08/21/06 01:20:51 changed by xmxwx

  • status changed from assigned to closed.
  • resolution set to fixed.

Fixed by 006-smart_dynamic_bintval.diff

"The goal was accomplished by defering the bmiss timer reconfiguration until a clear BI change has been detected. If during the "measurement" time old BIs were received as well, reconfiguration is cancelled."

BTW. "Impact of Probe Response BI injection attack is indirectly reduced to disruption for period of one BI."

My present packet injection tools are not able to disrupt the communication anymore.