New wireless DOS attacks? … Maybe not.

A few days ago, City College of New York hosted the “Cyber Infrastructure Protection Conference”, including a keynote speech by Krishnan Sabnani who described “new class of denial-of-service (DOS) attacks that threaten wireless data networks” … or so the Network World claims in its article.

The conference web site is only accessible through an IP-address-only URL (which immediately triggered suspicions in my browser) and the presentations are not available on-line, so I cannot comment on what mr. Sabnani actually told the participants, but the summary provided by Network World is 80% hot air. Here’s their list of “five wireless data network threats outlined by Sabnani”:

  1. DOS attacks on Mobile IP. Possible. I don’t know enough about Mobile IP to comment on this item.
  2. Battery drain on mobile phones triggered by continuous stream of packets sent by an intruder. Hilarious.
  3. Peer-to-peer applications. Some Service Providers get real problems (and PR headaches) from them, but classifying them as a “new class of DOS attack” is creative.
  4. Malfunctioning cards. So 1990’s (OK, we were fighting low-cost Ethernet NICs then).
  5. Excessive port scanning. So what? This is news?

It looks like some 3G Service Providers have only now started to grasp the intricacies of the environment we had to live in for the last 15 years. Welcome to Internet. It’s fast, it’s cheap, it’s ubiquitous, but not always nice.

As for the source of this ingenious list, we’ll probably forever wonder: was it really presented at the conference or was it another journalistic success?


  1. None of these things is new, they've all been taking place for quite some time, as you indicate. The problem is that a lot of mobile networks are designed like poorly-designed enterprise networks; that a lot of mobile network operators don't implement even minimal BCPs to protect their infrastructure and/or their customers; that on the RF side, there's little or nothing in terms of policy enforcement functionality and/or instrumentation; and that a lot of the mobile-specific gear has weak IP stacks, poor instrumentation, and little or nothing in the way of policy enforcement and/or other self-protection mechanisms.
  2. This link looks interesting but unable to find any presentations. Does any body have the presentations handy to share.
Add comment