New Denial-of-Service Attacks Threaten Wireless Data Networks

alphadogg writes "Forget spam, viruses, worms, malware, and phishing. These threats are apparently old-school when compared to a new class of denial-of-service attacks that threaten wireless data networks. The threats were outlined in a talk in NYC Thursday by Krishan Sabnani, vice president of networking research at Bell Labs, at the Cyber Infrastructure Protection Conference at City College of New York. Sabnani said they are the result of inherent weaknesses in Mobile IP, a protocol that uses tunneling and complex network triangulation to allow mobile devices to move freely from one network to another. 'We need to especially monitor the mobile networks — with limited bandwidth and terminal battery — for DOS attacks,' Sabnani said, adding that the newest DOS attacks on wireless networks involve repeatedly establishing and releasing connections. These attacks are easy to launch and hard to detect, he said."

Backward?

[Anonymous Coward]

I think they got this backward. The DoS attack is the old school one since there is limited money in it (unless you are an organization that does DoS threat blackmailing, but even those don't make the kind of money that more modern attacks can generate). DoS is the old school one, not the worms, malware, and phishing that the summary claims are old school.

Re:Backward?

[phantomfive]

No, apparently DDoS attacks are a common use for botnets. Threaten to take down someone's website unless they pay you can get you $500 - $40,000 depending on the website. Here is a cool story talking about one of those cases [csoonline.com]. Basically an online casino got threatened with a DDoS attack unless he paid, but he didn't pay. So he worked with the ISP to try to keep the website up (which didn't completely succeed at first), and eventually the guy gave up. Then they started investigating to find out who did it. Interesting read.

I would rather have DOS

[dk90406]

than viruses, worms and malware. DOS can't harm me and my PC(as a private person), only inconvenience. The things are not even comparable. Just another article written by a a journalist who fails to understand basic IT.
And no, I am not talking about the operating system DOS.

Re:

[archont]

Viruses, worms and malware are like entering your house through the window you forgot to close. DDOS is like entering your house by driving an 18-wheeler into your living room. It's significantly easier to close your window than to rebuild your house using architecture that would make a truck bonuce off it.

Re:I would rather have DOS

[dk90406]

Keeping your analogy, a DoS or DDoS is IMO like keeping you and me from entering (or exiting) my house through doors or windows. It will not cost me a lot, unless I am a company, depending on a lot of traffic through the door.
Your truck would be an ICE breaker that opens my house for all. Not the same, since I would notice a locked down house, but not necessarily someone who crept through my window.

Re:

[archont]

An analogy can't be 100% accurate, so it's sometimes easy to misinterpret it. Either way, what I meant is: Viruses, worms and other malware exploit particular weaknesses, which you can easily patch. Once that's done, the worm can't get in and is harmless. Now DOS and in particular DDOS is something you can't protect against - it's using brute force to inflict damage - disable clients from accessing the network, hogging up system resources, disk space, spamming the logs, posting rubbish or spam - there's

Re:

[__aanmys7397]

That's true. DOS attacks are usually only harmful for the company involved.. ie, if a mobile phone carrier is DOS attacked, the customers will think that the service is just bad, and switch over to another network. But if they get a virus, they'll blame themselves.

Re:

[phantomfive]

In this case, a DOS attack can cause you significant pain. It is talking about DOS over a cell phone network, where depending on your dataplan, you may end up with a thousand dollar phone bill. Ouch. Personally I'd rather have my harddrive wiped

Also, one of the attacks mentioned can drain your battery quickly. Not THAT bad, but still rather annoying.

Lucky for you...

[commodoresloat]

you don't have to choose! you can have both!

What attack?

[yourassOA]

The article doesn't say anything. New "old school" Dos attacks. I feel dumber for having been suckered into reading the article.

Technical Limitations.

[Celeste R]

DoS is a natural part of the race of technology.

Can it be used against us? Yes.
Can we prevent those attacks? Most likely, and with a little time.

The real question is -how likely- is it to be a problem?

DoS attacks on the internet can be sent from anywhere.
DoS attacks on the celluar network can only be sent from within that area. (afaik)

This limitation alone limits the scope of this type of DoS attack, making it a tool of advance planning and high-profile national security aspects than a tool to be feared by the average Joe.

Re:

[Mjec]

Can we prevent those attacks? Most likely, and with a little time.

Alas, no*. That's the point of DoS: government datacentres have incredible security, hardened buildings that can survive a nuke... but when it comes to it you can cut the fibre and there's no communication. Radio-based data transport is even worse: broadcast some strong noise and there's no more data.

* Ok, so content servers can use geographically diverse distribution points to limit DoS but most people don't have that... hell, even wikipedia only has three data centres (ergo what, six fibre lines?) you'd n

A couple points not clear in the summary

[phantomfive]

There are a couple points that aren't completely clear in the summary. The first is it is talking about connecting to cell phone networks, not WiFi (the best protection against DOS attacks on a wireless network is a baseball bat and a firewall). It is not talking about WiFi, thus the baseball bat defense doesn't work. Quote from the article:

"One cable modem user with 500Kbps upload capacity can attack over 1 million mobile users simultaneously," he said.

He then goes on to discuss the types of attacks and statistical techniques you can use to detect them. Honestly I don't see how the problem wouldn't be solved with a firewall. If the mobile devices don't have static IP addresses (some do, I'm not sure what percentage), it will be hard to implement any of the attacks described.

Re:

[Anonymous Coward]

The article is an ad for an Alcatel-Lucent IDS/Firewall product. That aside, the two scenarios which are actually attacks (the others aren't really attacks but broken devices and unexpected usage) are relatively unsurprising and straight forward. The first is a denial of service through overloading a stateful network component. (There is a reason why the internet was designed as a dumb network... NAT is going to bite you again, you have been warned.) The second is a classic "make the target do something cos

Re:

[Zayin]

The first is it is talking about connecting to cell phone networks, not WiFi (the best protection against DOS attacks on a wireless network is a baseball bat and a firewall).

How will you locate the device causing the DoS in a WiFi network? If you don't know the location, your baseball bat won't do much (good|harm). Also, a firewall won't do anything to protect against a deauthentication DoS attack on WiFi (which is one of the most efficient, if not the most efficient, DoS attacks known to date).

Re:

[phantomfive]

I pick up the baseball bat, look around at people in the area, see who has a laptop, and explaining that we have a hacker and asking them one by one questions about their network, and looking at their computers. If you're still around by the time I get to you, then you have balls of iron. But you won't for long.

Assuming it's a long distance directional attack, then I can move the router 10 feet to the left and fix the problem. In the worst case I can run wire out to everyone who is using it.

Your seco

Easy to Detect, hard to trace

[sam0737]

DoS should be easy to detect...you know when something is DoS'ed or Slashdotted. I think he means it's hard to trace the source.

Mobile virus?

[Anonymous Coward]

Associated with a virus for mobile this technique can become a huge problem for the providers!

Just fearmongering

[puhuri]

That was total crap, was he selling some solution for it?

At first, I do not know any large-scale deployment of Mobile-IP. 3G networks provide mobility below IP and they do not use any "complex network triangulation" in it. Mobile-IP does have its weakness, but AFAIK the latest RFCs should provide quite solid (not worse-than-fixed) protection from DOS.

You can somewhat DOS high-speed data channels in 3G networks by sending packets with at intervals, but that is limited to single sector in base station, so that is not a big problem either. Battery drain DOS can be a real problem, but that is pretty much solved if you close your browser and your data channel is closed. If you do not have active data connections, nobody can sen you packets.

Again, was it some North-Zimbabwe 3G provider that took hit from 4.5GB data transfer? Last time I checked, it was less than 10 second traffic volume at small-country 3G providers. From "peer-to-peer Web sites".

Re:

[EtaCarinae]

Yet TFA provided examples of 3G disruptions.

I for one can easily imagine scenarios where our mobile networks are heavily degraded due to viruses on phones and maybe even due to subtle DoS attacks between operators! I know there are products where operators actually may drain (very little) of its own customer's battery time to make measurements on its competitors' coverage. It's a war out there. Possibly the radio networks have to be governmentally run in the long run.

I have no idea how hardened the signalin

Re:

[ADenyer]

Battery drain DOS can be a real problem, but that is pretty much solved if you close your browser and your data channel is closed. If you do not have active data connections, nobody can sen you packets.

Which is fine unless you're using a BlackBerry...

Another idea

[nauseum_dot]

working_connection != multicast_traffic + WIFI

Spam?

[Lord Lode]

Can't send spam to a device that's denied of service - I think I know what's more dangerous.

Continuous Preamble

[Anonymous Coward]

It's real easy to DOS wireless devices. Its called Continuous Preamble. This has been around for years.

The risk potential

[SinShiva]

The risk potential of DDoSing cellular networks primarily occurs during a homeland attack. while the scope of the attack is obviously small, theoretically this could be used in conjunction with precision attacks to further prevent help/rescue as needed. otherwise, the value of such an attack is relatively minimal and i'm sure this type of attack can be prevented. these attacks sound mostly like a proof-of-concept.

Wireless networks

[mysidia]

Limited range, limited risk... At least mobile networks normally require identification of end-nodes. 802.11b is at limited risk to a DoS attack, because there are a limited number of people in an area, and you would have some idea of who is responsible....

By the way, certain vendors have "Rogue Access Point" Containment functions which are essentially a DDoS attack; WCS which plays man-in-the-middle attack against a target AP, and uses N APs to send disassociate and deregister commands to c