Wireless Network Security and Attacks

Introduction

• Disconnecting from a wireless network can be due to a wireless deauthentication attack.
• Affects anyone on the network; involves denial of service (DoS) by disconnecting users.

Deauthentication Attack

Key Points

• Targets management frames between devices and access points (APs).
• Early 802.11 protocols did not encrypt management frames.
  • Frames include device connection, authentication, disconnection.
• Attackers manipulate these frames to disrupt network access.

Example

• Packet Capture: Shows management frames are unencrypted.
  • Displays addresses, SSID, supported rates, etc.
• Execution:
  • Use utilities like aerodump-ng to identify MAC addresses.
  • Use aireplay-ng to send deauthentication frames and disconnect devices.
  • Continuous sending keeps the device off the network.

Mitigation

• 802.11ac and newer standards encrypt management frames.
  • Encrypts frames like disassociation, deauthentication, channel announcements.
  • Some frames (beacons, probes) still unencrypted before encryption starts.

RF Jamming

Overview

• Another form of DoS; disrupts all devices by overwhelming network signals.
• Involves sending interfering signals to decrease signal-to-noise ratio.

Causes

• Unintentional interference from devices like microwaves, fluorescent lights.
• Malicious actors sending unwanted signals to jam networks.

Types

• Continuous signal interference.
• Random data or sudden legitimate traffic bursts.

Detection and Prevention

• Fox Hunting: Locating jammers using directional antennas and attenuators.
  • Technique used by radio operators to find signal sources.

Conclusion

• Awareness of these attacks and security measures in modern standards help mitigate risks.
• Continuous monitoring and physical security can help in identifying and stopping attackers.