A Wi-Fi deauthentication attack is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point.

-Wikipedia

As you can see, this type of attack is pretty powerful and difficult to detect who is attacking. There are some tools(like “aircrack-ng”) for this attack(You can check the commands here).

So, basically the concept is the attacker broadcasts a wifi management “Deauthentication” frame to the victim’s devices/PC to tell them to deauthenticate. It is like, “Hey client! Can you please deauthenticate”. Once deauthenticated, then the client will reconnect to AP (Access Point). These types of frames are supposed to send by valid “AP” to its clients, but the attacker can mimic these frames and broadcast in the network.

Interestingly, the victim’s device/PC could not differentiate between the attacker and valid AP. Here, the attacker creates a “Deauthentication” packet/frame with the source MAC address of valid AP’s MAC address. So, every device thinks, the management frame came from valid AP.

The attacker not just sends the frame once, but sends continuously. Things get pretty bad, now the clients are continuously trying to reconnect. In this way, the clients never connect to its valid AP until the attacker stops sending the “deauth” frames.

So, how to avoid this attack?

Simple, use 802.1w supported routers. Know more about 802.1w and read cisco document here.

Check if your wifi network is vulnerable to this attack or not…

I have created a Python script which sends deauth packets using the scapy python module. You can use this script to check if your wifi network is vulnerable or not. Just run the script, select the wifi network that you want to test and if you see a network outage, your wifi is vulnerable!

Dependencies

wireless Install aircrack-ng and scapy

$ sudo apt-get install aircrack-ng -y
$ sudo apt-get install python-scapy -y

Download and run the script

$ wget -O deauth.py https://raw.githubusercontent.com/veerendra2/wifi-deauth-attack/master/deauth.py
$ python deauth.py

When you run the command, you should see it like below.

Help

Command Run

When you start the script, it will create a “mon0” interface(A monitoring virtual interface used to send our deauth frames) and observe wifi signals. After a few seconds, it will display near APs and its MAC addresses. Choose one to broadcast the “deauth” frames to that network which results network outage for connected clients to that AP.

NOTE: Inorder to work a deauthentication attack successfully, you should be near the target network. The deauth packets should reach the connected devices of the target network