Sponsored Links
-->

Sunday, August 12, 2018

wifi deauthentication attack y fake beacon ap todo en uno - YouTube
src: i.ytimg.com

A Wi-Fi deauthentication attack is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point.


Video Wi-Fi deauthentication attack



Technical details

Unlike most radio jammers, deauthentication acts in a unique way. The IEEE 802.11 (Wi-Fi) protocol contains the provision for a deauthentication frame. Sending the frame from the access point to a station is called a "sanctioned technique to inform a rogue station that they have been disconnected from the network".

An attacker can send a deauthentication frame at any time to a wireless access point, with a spoofed address for the victim. The protocol does not require any encryption for this frame, even when the session was established with Wired Equivalent Privacy (WEP) for data privacy, and the attacker only needs to know the victim's MAC address, which is available in the clear through wireless network sniffing.


Maps Wi-Fi deauthentication attack



Usage

Evil Twin Access Points

One of the main purposes of deauthentication used in the hacking community is to force clients to connect to an Evil twin access point which then can be used to capture network packets transferred between the client and the RAP.

The attacker conducts a deauthentication attack to the target client, disconnecting it from its current network, thus allowing the client to automatically connect to the Evil twin access point.

Password attacks

In order to mount a brute-force or dictionary based WPA password cracking attack on a WiFi user with WPA or WPA2 enabled, a hacker must first sniff the WPA 4-way handshake. The user can be elicited to provide this sequence by first forcing them offline with the deauthentication attack.

In a similar phishing style attack without password cracking, Wifiphisher starts with a deauthentication attack to disconnect the user from his legitimate base station, then mounts a man-in-the-middle attack to collect passwords supplied by an unwitting user.


Kali Linux Tutorial 5 - Wireless Deauthentication Attack - Kick ...
src: i.ytimg.com


Attacks on hotel guests and convention attendees

The Federal Communications Commission has fined hotels and other companies for launching deauthentication attacks on their own guests; the purpose being to drive them off their own personal hotspots and force them to pay for on-site Wi-Fi services.


WatchGuard LiveSecurity
src: www.corecom.com


Toolsets

Aircrack-ng suite, MDK3, Void11, Scapy, and Zulu software can mount a WiFi deauthentication attack. Aireplay-ng, an aircrack-ng suite tool, can run a deauthentication attack by executing a one-line command:

aireplay-ng -0 1 -a xx:xx:xx:xx:xx:xx -c xx:xx:xx:xx:xx:xx wlan0  
  1. -0 arms deauthentication attack mode
  2. 1 is the number of deauths to send; use 0 for infinite deauths
  3. -a xx:xx:xx:xx:xx:xx is the AP (access point) MAC (Media Access Control) address
  4. -c xx:xx:xx:xx:xx:xx is the target client MAC address; omit to deauthenticate all clients on AP
  5. wlan0 is the NIC (Network Interface Card)

Pineapple rogue access point can issue a deauth attack. Wifijammer can also automatically scan for and jam all networks within its range. An ESP8266 can be used to perform & detect deauth attacks, using Wi-PWN On Android, Nexmon supports Broadcom WLAN chip for deauth attacks.


How To: Perform A Deauth Attack With An Android Device - YouTube
src: i.ytimg.com


See also

  • Radio jamming
  • IEEE 802.11w - offers increased security of its management frames including authentication/deauthentication

Deauthentication DOS Attack on Wireless Access-Points - YouTube
src: i.ytimg.com


References


Deauthentication Attack Aireplay-ng Vs Mdk3 [ Wireless ] - YouTube
src: i.ytimg.com


Further reading

  • Nguyen, Thuc D.; Nguyen, Duc H. M.; Tran, Bao N.; Vu, Hai; Mittal, Neeraj (August 2008), "A Lightweight Solution for Defending against Deauthentication/Disassociation Attacks on 802.11 Networks", Proceedings of the 17th IEEE International Conference on Computer Communications and Networks (ICCCN), St. Thomas, Virgin Islands, USA, pp. 185-190, doi:10.1109/ICCCN.2008.ECP.51, ISBN 978-1-4244-2389-7 (subscription required)
    • author's link (no paywall)
  • GPS, Wi-Fi, and Cell Phone Jammers -- FCC FAQ

Source of article : Wikipedia