Sunday, October 16, 2016

WI-FI PT / 2 - ATTACKS AGAINST INFRASTRUCTURE / 2.4 - Denial of Service by deauthenticating clients

2.4 - Denial of Service attack by deauthenticating clients

- First of all, let's see the process to deauthenticate one client; airodump-ng informs about clients connected to the AP, whose MAC address is 00:25:F2:9B:91:23:

- The station 28:C6:8E:63:15:6B ("roch") is connected:

- Using aireplay-ng with option --deauth it is possible to deuthenticate the 28:C6:8E:63:15:6B station ("roch"): computer). Option 1 means just "1 client":

- Now, "roch" is disconnected from the AP:

- The concept or Denial of Service implies to render unavailable a system. One instance would be to deauthenticate all the clients connected to an AP. The difference with the previous aireplay-ng command is the option "0", which acts as a "broadcast deauthentication" for all clients:

- Wireshark constantly captures deauthentication packets from the victim to the AP, and from the AP to the client:

- After this attack, no client would be able to reconnect to the AP, while the attack is happening. Anyway, as soon as a client is disconnected, it will try to connect back immediately. For this reason, to have a successful DoS attack like this, it needs to be done in a steady way for some time, no letting clients to reconnect. The effect of this easy attack is devastating, because the whole network renders unavailable during the time the attack is being performed.