Although unlikely, a malicious user could intentionally initiate a DoS attack using RF jamming devices that produce accidental interference. It is likelier that they will attempt to manipulate management frames to consume the AP resources and keep channels too busy to service legitimate user traffic.

Management frames can be manipulated to create various types of DoS attacks. Two common management frame attacks include:

Figure 1 displays how a wireless client and an AP normally use CSMA/CA to access the medium.

Figure 2 illustrates how a CTS flood is created by an attacker sending out CTS frames to a bogus wireless client. All other clients must now wait the specified duration in the CTS frame. However, the attacker keeps sending CTS frames; thus, making the other clients wait indefinitely. The attacker now has control of the medium.

Note: This is only one example of a management frame attack. There are many others that exist.

To mitigate many of these attacks, Cisco has developed a variety of solutions, including the Cisco Management Frame Protection (MFP) feature, which also provides complete proactive protection against frame and device spoofing. The Cisco Adaptive Wireless IPS contributes to this solution by an early detection system where the attack signatures are matched.

The IEEE 802.11 committee has also released two standards in regards to wireless security. The 802.11i standard, which is based on Cisco MFP, specifies security mechanisms for wireless networks while the 802.11w management frame protection standard addresses the problem of manipulating management frames.