Wifi De-authentication Attack

A Wi-Fi deauthentication attack is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point.

-Wikipedia

As you can see, this type of attack is pretty powerful and difficult to detect who is attacking. There are some tools(like “aircrack-ng”) for this attack(You can check the commands here).

So, basically the concept is the attacker broadcasts a wifi management “De-authentication” frame to victim’s devices/PC to tell deauthenticate. It is like, “Hey client! Can you please deauthenticate”. Once deauthenticated, then the client will reconnect to AP (Access Point). These types of frames are supposed to send by valid “AP” to its clients, but the attacker can mimic these frames and broadcast in the network.

Interestingly, the victim’s device/PC could not differentiate between the attacker and valid AP. Here, the attacker creates “De-authentication” packet/frame with source MAC address of valid AP’s MAC address. So, every device thinks, the management frame came from valid AP.

The attacker not just send the frame once, but sends continuously. Things get pretty bad, now the clients continuously trying to reconnect. In this way, the clients never connect to its valid AP until the attacker stops sending the “deauth” frames.

So, how to avoid this attack?

Simple, use 802.1w supported routers. Know more about 802.1w and read cisco document here.

Check your wifi network is vulnerable to this attack or not…

I have created a Python script which sends deauth packets using scapy python module. You can use this script to check your wifi network is vulnerable or not. Just run the script, select wifi network that you want to test and if you see network outage, your wifi is vulnerable!

Dependencies

wireless Install aircrack-ng and scapy

sudo apt-get install aircrack-ng -y
sudo apt-get install python-scapy -y
Download and run the script
sudo wget -O deauth.py https://goo.gl/5gGHbE
sudo python deauth.py

When you run the command, you should see like bellow.

Help

Command Run

When you start the script, it will create “mon0” interface(A monitoring virtual interface used to send our deauth frames) and observes wifi signals. After few seconds, it will display near APs and its MAC addresses. Choose one to broadcasts the “deauth” frames to that network which results network outage for connected clients to that AP.

NOTE: Inorder to work deauthentication attack successful, you should near to the target network. The deauth packets should reach the connected devices of the target network

Written on January 11, 2018