Authentication / Deauthentication Dos Attack Possible

Description

Deauthentication DoS Attack is a type of attack in which an attacker sends deauthentication frames to the wireless access point or wireless client, thereby disabling the wireless connection and preventing the client from reconnecting to the access point. This attack is also known as “Deauth Attack”, “Deauthentication Flood”, or “Deauth Flooding”.

Risk

This attack can have serious consequences. It can cause denial of service (DoS) which can lead to an inability to access critical resources. Since the attack does not require authentication, it can be carried out anonymously. Additionally, since the attack does not require much technical knowledge, it can be carried out by anyone with access to the network, making it a risk to the entire network infrastructure.

Solution

The best way to mitigate this vulnerability is to enforce the use of Protected Management Frames (PMF) according to IEEE 802.11w. PMF are mandatory in WPA3, but optional in WPA2.

Example

The following code example is taken from CVE-2020-3702 and illustrates an example of a deauthentication DoS attack:

$ aireplay-ng --deauth 0 -a <AP_MAC_Address> -c <Client_MAC_Address> <Interface>

In this example, the attacker is sending a deauthentication frame to the access point (AP_MAC_Address) from the client (Client_MAC_Address) using the interface specified by .