This Denial of Service attack is against the connected clients of a wireless network. The idea is to send deauthentication frames on behalf of the Access Point to the clients. When a connected client receives this type of wireless frame is obligated to disconnect immediately from the network.
Create a monitoring interface with the following command:
airmon-ng start INTERFACE
I’ll use Airodump-ng in order to identify the target network, but there are a number of tools out there for this job.
Usually, you are presented with a huge amount Access Points. You can simply narrow down the list to only show that specific AP.
airodump-ng —-bssid AP_MAC_ADDRESS MONITOR_INTERFACE
It’s a good practice to put the WNIC (Wireless Network Interface Controller) to the same channel as with the target AP.
ifconfig INTERFACE down iwconfig INTERFACE channel CHANNEL ifconfig INTERFACE up
You can capture deauthentication frames being sent in Wireshark with this filter:
wlan.fc.type_subtype == 0x0c
In this step, I launch the aireplay-ng tool to transmit deauthentication frames on behalf of the AP to all the clients.
aireplay-ng -0 10 -a AP_MAC_ADDRESS MONITOR_INTERFACE
The “-0 10” specifies that this is a deauthentication attack and 10 is the number of frames, which you can freely change. You can also disconnect a specific client with the help of the -c CLIENT_MAC_ADDRESS switch.
Wireless Denial of Service attacks are active attacks meaning that we are transmitting malicious frames that can be detected by an intrusion detection system or by sniffing traffic with Wireshark.
If you found this article helpful, please share to help others with similar interest find it! + Feedback and donations are always welcome!