next up previous
Next: Power Saving Up: Identity Vulnerabilities Previous: Deauthentication
Whole Paper:Single Page Version


A very similar vulnerability may be found in the association protocol that follows authentication. Since a client may be authenticated with multiple access points at once, the 802.11 standard provides a special association message to allow the client and access point to agree which access point shall have responsibility for forwarding packets to and from the wired network on the client's behalf. As with authentication, association frames are unauthenticated, and 802.11 provides a disassociation message similar to the deauthentication message described earlier. Exploiting this vulnerability is functionally identical to the deauthentication attack. However, it is worth noting that the disassociation attack is slightly less efficient than the deauthentication attack. This is because deauthentication forces the victim node to do more work to return to the associated state than does disassociation, ultimately requiring less work on the part of the attacker.

John Bellado 2003-05-16
In Proceedings of the USENIX Security Symposium, Aug 2003