wifi deauthentication attack


How does it work and how do you stop it?

In: 14

The wikipedia deauth page is pretty good [https://en.wikipedia.org/wiki/Wi-Fi_deauthentication_attack](https://en.wikipedia.org/wiki/Wi-Fi_deauthentication_attack)

But a short summary is, the wifi protocol has a message that can be sent to forces a wifi access point to disconnect a client. It’s fairly easy to spoof these messages. Once the client has been disconnected you can try to set up a duplicate wifi access point of your own and get clients to connect to that, and sniff their wifi traffic. Alternatively you can just observe them re-connecting and try to extract the wifi password out of that.

I don’t know of a good way to prevent it at the moment.

It’s easier to picture the targets and attacker as people. So we’ll call these people A who’ll be a device on the network, B is the wifi router, and C is the device running the attack.

Here’s the scenerio, A and B are having a conversation. All is normal until C pops in slobbering drunk, starts yelling semi-coherently as loud as he can and will not shut up.

Since C is so loud A and B cannot effectively communicate and decide to stop their conversation for the moment. Eventually C passes out and it’s finally quiet. A walks back up to B and they exchange a secret handshake then continue talking.

What A and B don’t realize is D was sitting nearby and took a photo of their secret handshake and is now working on figuring out exactly how to do it so they can start talking to B.

As for protecting yourself, currently using newer wifi protocols will help, 2.4g is (hardware-wise) the easiest and cheapest way for attackers to exploit. But it’s best to assume that without hardwiring everything, you will not be able to completely mitigate the deauth portion of the attack.

However, because the handshake is the important part it’s best to use a strong password and the best encryption available to you. When attackers try to figure out the password from the handshake they throw “wordlists” at it or *maybe* attempt a brute force. Something like “Password123” is going to be in every wordlist whereas “Hd7+3dTFg{=9~2” would not.

Also turn off WPS, I always try to attack via WPS before trying to capture a handshake. It doesn’t often work anymore, but when it does it literally only takes a couple seconds.