Wireless Network Deauthentication and Jamming Attacks

Introduction

Occasional, unexplained disconnections from a wireless network can be due to deauthentication attacks.
Such attacks cause denial of service by disconnecting devices from the network.
Vulnerability arises from unprotected management frames.

Management Frames: Used for network connection management but unprotected in earlier 802.11 specifications.
- Sent in the clear, easily intercepted and manipulated by attackers.
Packet Capture Example:
- Management frames show clear text information like SSID, supported rates, etc.
Attacking Process:
- Requires knowledge of the MAC address of the target device.
- Tools like aerodump-ng and aireplay-ng used to identify and attack the target.
- Sends deauthentication frames to disconnect the target device.
- Continuous frame sending keeps the target disconnected.

802.11ac and Newer:
- Enhanced security with encrypted management frames.
- Frames like disassociate, deauthenticate now encrypted.
- Some frames (beacons, probes) remain unencrypted due to necessity.

Another Denial of Service Method:
- Interferes with wireless frequencies, affecting all devices.
- Decreases the signal-to-noise ratio, preventing effective communication.
Common Sources:
- Everyday devices like microwave ovens and fluorescent lights can cause interference.
- Deliberate jamming sends continuous or random signals.
Detection and Mitigation:
- Requires proximity to the access point to be effective.
- Techniques like directional antennas and signal attenuators used in "fox hunts" to locate jammers.

Wireless network security vulnerabilities can lead to significant connectivity issues.
Understanding and implementing security updates reduce the risk of such attacks.
Awareness of jamming sources and locating techniques can aid in resolving interference problems.