Duration Attack

WiFi Manager raises this alarm when it senses a duration attack.

What is Duration Attack ?

802.11 uses CSMA-CA (Carrier Sense Multiple Access - Collision Avoidance) as opposed to CSMA-CD (Carrier Sense Multiple Access - Collision Detection) used by Ethernet. So, in WLAN the devices before sending the packets in the radio channel observes the channel and check whether it is free, then reserves the channel for a particular period of time and then starts using the radio channel. This reservation of channel is for a particular period of time and this time period is present in the 802.11 packet. Other devices in the WLAN check this time field value in the 802.11 packet and don't send any packet during that time frame.

802.11 packet format

The duration value in the frame indicates the time duration in milliseconds for which the channel is reserved. The Network Allocation Vector (NAV) stores this duration information. The rule is that any node can transmit only if the NAV reaches zero.

Attackers make use of the above vulnerability. They inject packets into the WLAN with huge duration values. This would force the other nodes in the WLAN to keep quite as they cannot send any packet until this value reaches zero. If the attacker sends such frames continuously it will prevent other nodes in the WLAN from operation for a long time and there by disrupting the entire wireless service.

WiFi Manager alert

WiFi Manager triggers an alert when it detects unusual duration timings being sent. WLAN administrators should act immediately to analyze whether an attack is underway.