Wireless network users are being threatend by a new generation of denial of service (DoS) attacks according to a leading researcher.

Krishan Sabnani, vice president of networking research at Bell Labs, said that the latest wireless data network threats were the result of inherent weaknesses in Mobile IP, a protocol that uses tunnelling and complex network triangulation to allow mobile devices to move freely from one network to another.

"We need to especially monitor the mobile networks - with limited bandwidth and terminal battery-for DoS attacks," Sabnani said.

Sabnani said the newest DoS attacks on wireless networks involve repeatedly establishing and releasing connections. These attacks are easy to launch and hard to detect, he added.

"One cable modem user with 500Kbit/s upload capacity can attack over 1 million mobile users simultaneously," he said.

Sabnani outlined five main threats:

  • Signalling DoS where small amounts of data are sent to re-initiate a session after it has been released. The low-volume attack can create congestion at the radio network controller (RNC).
  • Battery Drain which works by sending packets to a mobile device to prevent it from going into sleep mode, thus draining batteries.  The attack can involve as little as 40 bytes every 10 seconds.
  • Peer-to-Peer Applications where excessive use of peer-to-peer websites can affect performance.
  • Malfunctioning Air Card where DoS overloads can occur thanks to a malfunctioning card.
  • Excessive Port Scanning as carriers waste resources combatting worms. Bell Labs noted that worms were targeting ports 135, 137, 139, 1026 and 5900.

Sabnani said Bell Labs' research in DoS threats to wireless networks led to the development of a new product for 3G and 4G wireless carriers called AWARE Detector, a packet inspection engine designed specifically for wireless network architecture and protocols. Alcatel-Lucent is offering the product as the 9900 Wireless Network Guardian.

"We have developed algorithms based on traffic profiling and statistical models that can detect low-volume wireless DOS attacks," Sabnani said. "The system detects and mitigates traffic that will cause RNC signaling overload, unnecessary airlink usage, paging overload, and unnecessary subscriber battery drain."