Wi-Fi deauthentication attack against 802.11 protocol

[x32x01]

Wi-Fi deauthentication attack against 802.11 protocol

A Wi-Fi deauthentication attack is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point.

The final attack against wireless networks that we’ll evaluate is the denial-of-service attack, where an attacker deprives a legitimate user of access to a wireless network or makes the network unavailable by causing it to crash. Wireless networks are extremely susceptible to DoS attacks, and it is difficult to localize the attacker on a distributed wireless network.

Examples of DoS attacks include the following:

• Injecting crafted network commands, such as reconfiguration commands, onto a wireless network can cause a failure of routers, switches, and other network devices.
• Some devices and applications can recognize that an attack is taking place and will automatically respond by disabling the network. A malicious attacker can launch an obvious attack and then let the target create the DoS itself!
• Bombarding the wireless network with a flood of data packets can make it unavailable for use; for example, an HTTP flood attack making thousands of page requests to a web server can exhaust its processing ability. In the same way, flooding the network with authentication and association packets blocks users from connecting to the access points.
• Attackers can craft specific deauthentication and disassociation commands, which are used in wireless networks to close an authorized connection and to flood the network and stop legitimate users from maintaining their connection to a wireless access point.

To demonstrate this last point, we will create a denial-of-service attack by flooding a network with deauthentication packets. Because the wireless 802.11 protocol is built to support deauthentication upon the receipt of a defined packet (so that a user can break a connection when it is no longer required), this can be a devastating attack—it complies with the standard, and there is no way to stop it from happening.

The easiest way to “bump” a legitimate user off a network is to target them with a stream of deauthentication packets. This can be done with the help of the aircrack-ng tool suite using the following command:

aireplay-ng -0 0 -a (bssid) -c (Station) wlan0mon

This command identifies the attack type as -0, indicating that it is for a deauthentication attack. The second 0 (zero) launches a continuous stream of deauthentication packets, making the network unavailable to its users.

The Websploit framework is an open source tool used to scan and analyze remote systems. It contains several tools, including tools that are specific to wireless attacks.

To launch it, open a terminal and simply type websploit. The Websploit interface is similar to that of recon-ng and the Metasploit Framework, and it presents the user with a modular interface.

Once launched, use the show modules command to see the attack modules present in the existing version.

Select the WiFi jammer (a stream of deauthentication packets) using the use wifi/wifi_jammer command.

As shown in the above screenshot, the attacker just has to use the set commands to set the various options and then select run to launch the attack.

Like if you want to set the bssid of the target network to which you want to launch an deauthentication attack, just type “set bssid <address>” and same for channel “set channel <channel number>“.