Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Protecting against Virtual Jamming (RTS/CTS) attacks ?

I am new to Wireless, and was wondering how Cisco products guard againts "Virtual Jamming" attacks where a station keeps sending RTS/CTS packets, and causes the NAV of all other stations to be reset.

I believe that the "Rouge AP" detection / prevention mechanism infact uses this very same method to block out rouge access points.

So what prevents a rouge station from doing the same ?

I am also not sure if this problem is eliminated in 802.11n due to its full-duplex like behaviour ??

Thanks

5 REPLIES
Hall of Fame Super Gold

Re: Protecting against Virtual Jamming (RTS/CTS) attacks ?

Re: Protecting against Virtual Jamming (RTS/CTS) attacks ?

802.11 uses CSMA/CA.

There are 2 ways a radio will sense the medium.

Physical Carrier Sense - is a mech that allows the radio to sense if there is transmissions on the channel

Virtual Carrier Sense - is the use of rts-cts and cts-to-self to reserve the network with NAV timers.

yes, you can do DoS attacks with the correct software to 'jam' the MAC later and not allowing ANY radios to talk at ALL.

Rogue detector with the WLC does not operate in this way. It simply spoofs the rogues access point BSSID and sends deauth frames telling surrounding clients not to attach.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
Silver

Re: Protecting against Virtual Jamming (RTS/CTS) attacks ?

Any RF communication can be jammed. It doesn't matter what you do with clever packet tricks; if someone puts enough noise on your channel then you have no wireless. There's nothing you can do about that other than have a good incident response plan.

That being the case, why worry about the RTS/CTS problem? That's worrying that your back door is unlocked when your front door can't be locked anyway.

Re: Protecting against Virtual Jamming (RTS/CTS) attacks ?

Correct. You can jam the medium as you know. In fact there are may devices that are against FCCC regulations that can be used as 'jammers'. But as the poster mentioned he is new to wireless and had specific questions on virtual jamming.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
Hall of Fame Super Gold

Re: Protecting against Virtual Jamming (RTS/CTS) attacks ?

It's called Rogue Containment. Using the WLC, you can "contain" a Rogue AP, Rogue Client and Ad-Hoc Rogue. A minimum of 1 AP to a maximum of 4 AP will contain any or all three of the abovementioned by sending De-Authenticate packets to the target. If there are more then 4 AP's available, a round-robin will ensure.

Under Wireles Protection Policy, Auto-Contain Rogue On the Wire (Rogue AP, Client or Ad-Hoc wired to your LAN) is disable by default.

817
Views
8
Helpful
5
Replies
CreatePlease to create content