DoS: Authentication-Failure Attack using Fata-Jack Tool

WiFi Manager raises this alarm when it gets an indication that Fata-Jack tool is being used in the WLAN and there is a possibility of DoS attack.

What is Fata-Jack ?

Fata-Jack is a tool to inject authentication failed packets in the WLAN. It is slightly modified version of Wlan-Jack which again is based on Air-Jack tool.

How does the attack work ?

In this attack, failed authentication packets are sent to the wireless client (mobile unit) with a reason code of previous authentication failure. While sending the packets the source MAC is spoofed to that of the Access point to which the client is associated, this makes the client think that the authentication failure is sent by the original Access point and as per the 802.11 standard the client removes itself from the wireless LAN.

A slight variation to the above attack is to send invalid authentication request frames to the Access point to by spoofing the MAC address of an associated client. In this case the Access point receives the invalid authentication requests, thinks that those requests came from the associated client and aborts its wireless service to that client.

What can the WLAN Administrator do ?

The best bet would be to monitor the wireless LAN and particularly the associations pattern in the WLAN. If there are too many authentication failures then it is better to analyze and find out the reason for the same. WiFi Manager when deployed, does this automatically and keeps the administrator warned of potential problems.