WiFi (DoS) Disclaimer
Danger - Important
Warning - Recommendations
Denial of service attacks tend to be some of the more dangerous techniques to practice or try to get hands on experience with. It is very easy to fat finger a mac address and take down a device that you do not have lawful permission to test against. For this reason, unless you are an adequately trained professional and adequately equipped to negate any potential inadvertent risks, it is advised to not attempt these techniques (even in a lab environment).
Warning - Inadvertent Outages
This technique can cause outages for any nearby WiFi-enabled devices. It is strongly advised to not attempt this technique unless you are adequately trained and equipped to do so safely and be in compliance with local laws and regulations.
Link to originalWarning - Regarding Legality
Performing this technique may not be in compliance with relevant laws and regulation. Please ensure that you confirm that any experiments or exercises are done within the bounds of the laws and regulations that apply to your location.
Description
Quote - HackTricks
Disassociation packets, similar to deauthentication packets, are a type of management frame used in Wi-Fi networks. These packets serve to sever the connection between a device (such as a laptop or smartphone) and an access point (AP). The primary distinction between disassociation and deauthentication lies in their usage scenarios. While an AP emits deauthentication packets to remove rogue devices explicitly from the network, disassociation packets are typically sent when the AP is undergoing a shutdown, restart, or relocating, thereby necessitating the disconnection of all connected nodes. HackTricks - Pentesting WiFi
Usage / Instructions
Requirements
- WiFi card capable of entering monitor mode
- Aircrack tool suite installed
mdk4tool installed- Legal authorization to perform technique against or within range of other WiFi-enabled devices and access points.
Example - Disassociation with
mdk4mdk4 wlan0mon d -c 5 -b victim_client_mac.txt -E WifiName -B EF:60:69:D7:69:2F
-cchannel-bvictim_client_mac.txt contains the MAC address of the device to eliminate-eWifiName is the name of the wifi-BBSSID is the BSSID of the AP # Notice that these and other parameters are optional, you could give onli the ESSID and md4k will automatically search for it, wait for finding clients and deauthenticate them.Source: HackTricks - Pentesting WiFi Tool: GitHub - aircrack-ng/aircrack-ng
Further Reading / Resources
See Also - Relevant Whitepaper
An interesting Whitepaper that discusses the technical details of deauthentication and disassociation attacks
Joshua Wright - Weaknesses in Wireless LAN Session Containment (2005)
See Also - HackTricks
HackTrick’s page on Wifi Pentesting. Contains a section on Disassociation Attacks.
Operational Security / Read Teaming Information
TLDR - Overview
Loudness (0-5) Detectability (0-5) Unintentional DoS likelihood (0-5) 4 (loud) 5 (Very Detectable) 0 (Very Unlikely)
Tip - Priotization
Sending disassociation packets is noisy can be easily detected if monitoring is in place. May be best to wait till towards the end of the engagement to test this if relevant.
Tip - Reducing Loudness
- May be slightly less noticable if you limit the number of disassociation packets to a small number.
Tip - Evasion
- Spoofing the MAC address of the wireless card being used to a mac address of an existing user of the network may function to obscure the severity of the attack if discovered or possibly divert attention.
- Spoofing your mac address to the mac address with a matching OUI of network hardware manufacturers used by the target client may indicate some faulty network equipment to the IT team if detected and not a malicious attack.