New Denial-of-Service Attacks Threaten Wireless Data Networks

alphadogg writes "Forget spam, viruses, worms, malware, and phishing. These threats are apparently old-school when compared to a new class of denial-of-service attacks that threaten wireless data networks. The threats were outlined in a talk in NYC Thursday by Krishan Sabnani, vice president of networking research at Bell Labs, at the Cyber Infrastructure Protection Conference at City College of New York. Sabnani said they are the result of inherent weaknesses in Mobile IP, a protocol that uses tunneling and complex network triangulation to allow mobile devices to move freely from one network to another. 'We need to especially monitor the mobile networks — with limited bandwidth and terminal battery — for DOS attacks,' Sabnani said, adding that the newest DOS attacks on wireless networks involve repeatedly establishing and releasing connections. These attacks are easy to launch and hard to detect, he said."

A couple points not clear in the summary

[phantomfive]

There are a couple points that aren't completely clear in the summary. The first is it is talking about connecting to cell phone networks, not WiFi (the best protection against DOS attacks on a wireless network is a baseball bat and a firewall). It is not talking about WiFi, thus the baseball bat defense doesn't work. Quote from the article:

"One cable modem user with 500Kbps upload capacity can attack over 1 million mobile users simultaneously," he said.

He then goes on to discuss the types of attacks and statistical techniques you can use to detect them. Honestly I don't see how the problem wouldn't be solved with a firewall. If the mobile devices don't have static IP addresses (some do, I'm not sure what percentage), it will be hard to implement any of the attacks described.

Re:A couple points not clear in the summary

The article is an ad for an Alcatel-Lucent IDS/Firewall product. That aside, the two scenarios which are actually attacks (the others aren't really attacks but broken devices and unexpected usage) are relatively unsurprising and straight forward. The first is a denial of service through overloading a stateful network component. (There is a reason why the internet was designed as a dumb network... NAT is going to bite you again, you have been warned.) The second is a classic "make the target do something costly" attack; In this case "something costly" is staying on the network to process small bits of useless data, thus draining the battery.

Re:Backward?

[phantomfive]

No, apparently DDoS attacks are a common use for botnets. Threaten to take down someone's website unless they pay you can get you $500 - $40,000 depending on the website. Here is a cool story talking about one of those cases. Basically an online casino got threatened with a DDoS attack unless he paid, but he didn't pay. So he worked with the ISP to try to keep the website up (which didn't completely succeed at first), and eventually the guy gave up. Then they started investigating to find out who did it. Interesting read.

Continuous Preamble

It's real easy to DOS wireless devices. Its called Continuous Preamble. This has been around for years.