Authentication Request Flooding Attack
This DoS attack is against the wireless Access Point. The idea is to flood the AP with authentication requests. Every AP has a finite number of connection requests it can handle. After reaching this number the system might:
- Stop accepting new connections
- Freeze
- Reboot to clean its physical memory
Steps:
Create a monitoring interface with the following command:
airmon-ng start INTERFACEI’ll use Wireshark in order to identify the target network MAC address and filter for real time beacon frames:
wlan.fc.type_subtype == 0x08The filter for real time authentication frames is:
wlan.fc.type_subtype==0x0bIt’s a good practice to put the WNIC (Wireless Network Interface Controller) to the same channel as with the target AP.
ifconfig INTERFACE down
iwconfig INTERFACE channel CHANNEL
ifconfig INTERFACE upIn this step, I’ll launch the mdk3 tool to transmit multiple authentication requests. It has the ability to transmit authentication requests using randomly selected source MAC addresses causing the Access Point to stop accepting new wireless traffic or completely crash.
mdk3 MONITOR_INTERACE a -a AP_MAC_ADDRESSWireless Denial of Service attack is an active attack meaning that we are transmitting malicious frames that can be detected by an intrusion detection or prevention system or by sniffing traffic with Wireshark. Although we are protecting the real identity of our system by not exposing its real MAC address, it’s really “noisy” on the network.
Before you go
Thank you for taking the time to read my article. If you found it helpful, please hit the 👏 button 👏 (up to 50x) and share it to help others with similar interest find it! + Feedback is always welcome! 🙏
