How to prevent wireless DoS attacks

I think it's because, um, YOU CAN'T! You simply cannot prevent a wireless DoS attack against the RF layer of the network.

Don't let wireless intrusion prevention system (WIPS) vendors fool you. You can detect a wireless denial of service (DoS) attack, but you cannot prevent it if it is an RF-level attack. Sure, if it's a frame level attack, you can prevent it through algorithms and dynamic network configuration management procedures. But if you're dealing with a physical level (RF) DoS attack, you can only remove it once the source is located – you cannot prevent it.

All I need is a 2.4 GHz RF generator and I can blanket the entire 2.4 GHz license free ISM band that is used by 802.11 b/g/n. With a 5 GHz RF generator, I could potentially do the same for the U-NII bands used by 802.11a/n. The point is that an RF generator or set of such generators can completely saturate the available spectrum with energy levels that prevent functional communications on any allowed channel. Dynamic channel management and "self-healing" solutions cannot help with this.

A good old fashioned human being with a spectrum analyzer is one of the best ways to locate a physical layer wireless DoS attack. WISP solutions may also be able to triangulate the source of the attack if sensors or multi-purpose access points (access points that both provide wireless functionality and sensing abilities) are used; however, it's not like the WIPS system can somehow zap the attacking device and kill it (though that's a nice thought for the future). The end result is that a physical layer DoS simply CANNOT be prevented. It can only be mitigated (i.e., the severity is reduced by detecting it quickly, locating it and eradicating it).

Personally, I find no greater joy in my IT work than tracking down an attacker and letting him see me with my spectrum analyzer as he flees in fear (and I memorize is license plate number to report him to the police). Would I really even want a software program and hardware set to take away that joy?

Inventors of the world, if you can find a true solution that truly prevents wireless denial of service attacks, you can make billions. Get started.

UPDATE: About an hour after first writing this post I was extremely annoyed by the following press release:

http://www.airtightnetworks.com/home/news/press-releases/pr/article/123/airtight-wireless-dos-attack-prevention-named-top-security-innovation-for-2009.html

Notice the press release uses the phrase DoS attack prevention, but then the actual press release admits frankly that all it does is "counter wireless DoS attacks". My point is still the same: On a wired network, you can immediately shut of the port from which a DoS attack is originating . This can be accomplished in just a few seconds. You cannot accomplish this today when a wireless DoS attack is launched against the entire unlicensed spectrum in which your wireless LAN operates. Please, vendors, just be honest and quit using the word prevent in relation to wireless DoS attacks!