Australian Digital Forensics Conference

Document Type

Conference Proceeding


School of Computer and Information Science, Edith Cowan University, Perth, Western Australia


This paper presents the results of a simulated wireless DoS attack against a 802.11g connection that uses Single Input Single Output (SISO), and an 802.11n device that utilizes MIMO. The aim of the experiment was to determine whether the impact of a denial of service attack against MIMO architecture is greater than SISO, since it is capable of receiving more(multiple) attack frames/packets within a given time frame. It was found that both devices were negatively impacted by such attacks, and that throughout was similarly affected. It was also observed that increasing the packet flood rate resulted in a corresponding and linear reduction in throughput for both 802.11n and 802.11g devices. Additionally, the 802.11g device appeared to reach a saturation point at 1000pps, with minimal reduction in throughout at 2000ps. Further observations were that although the overall throughput reduction in terms of percentage was greater for 802.11n than for 802.11g, the 802.11n device still achieved a higher throughput, despite a flooding rate of 2000 packets per second. Implications for network forensics are considered, given that wireless network devices are inherently difficult to identify. It was concluded that such an attack would be very difficult to tie to a particular attacking device, and to do so would require discovery of the attacker’s computer by other means.


Originally published in the Proceedings of the 8th Australian Digital Forensics Conference, Edith Cowan University, Perth Western Australia, November 30th 2010