DoS: De-authentication Flood Attack

DoS: De-authentication Flood Attack

WiFi Manager raises this alarm when it gets an indication that tools like WLAN Jack or Void11 is being used in the WLAN and there is a possibility of DoS attack.

What is WLAN Jack?

WLAN-Jack is a tool to flood WLAN with de-authentication packets and to disrupt the wireless service to the wireless clients. It is based on Air-Jack tool.

How does the attack work ?

The attacker initially identifies the targets (wireless clients) and their association (Access point to which it is associated).
Injects de-authentication frames into the WLAN by spoofing the source and destination MAC to that of the Access point and wireless client respectively.
The wireless client upon reception of the frames de-authenticate themselves from the Access point, thinking that the packets have come from the Access point.
After disrupting an wireless client of the wireless service, the attacker would continue the same with the other wireless clients in the WLAN to keep them all out of the WLAN.
Typically the wireless clients will re-associate themselves to regain service, but this will be short lived as the attacker will be continuously sending the de-authentication packets.

What can the WLAN Administrator do ?
The best bet would be to monitor the wireless LAN and particularly the associations pattern in the WLAN. If there are too many authentication requests and lot of short lived sessions then it is better to analyze and find out the reason for the same. WiFi Manager when deployed, does this automatically and keeps the administrator warned of potential problems.