DoS: EAPOL-Logoff Attack

WiFi Manager raises this alarm when it sees a wireless client sending too many EAPOL Logoff packets.

What is EAP ?

EAP stands for Extensible Authentication Protocol. It is a general protocol for authentication more commonly used in wireless networks and Point-to-Point connections. It supports multiple authentication methods such as EAP-MD5, EAP-TLS, EAP-SIM, EAP-TTLS, LEAP, PEAP.

What is this EAPOL Logoff Attack ?

Wireless clients using EAP authentication to connect to the wireless LAN, terminates their authenticated session by sending an EAPOL Logoff frame. This frame sent by the wireless client is not authenticated. Attackers use this vulnerability. They spoof this frame and send it to the Access point by having the source MAC to that of the wireless client, thus knocking the wireless client off the WLAN. Typically the wireless clients will try to re-establish the association, but the session will be short lived as the attacker will be sending this EAPOL Logoff frame continuously.