Let's configure the Wireless Lab network to use Open Authentication and no encryption. This will allow us to see the packets using Wireshark easily:
Let's connect a Windows client to the access point. We will see the connection in the airodump-ng screen:
Now, on the attacker machine, let's run a directed deauthentication attack against this:
Note how the client gets disconnected from the access point completely. We can verify this on the airodump-ng screen as well:
If we use Wireshark to see the traffic, you will notice a lot of deauthentication packets over the air that we just sent:
We can do the same attack by sending a Broadcast deauthentication packet on behalf of the access point to the entire wireless network. This will have the effect of disconnecting all connected clients:
What just happened?
We successfully sent deauthentication frames to both the access point and the client. This resulted in them getting disconnected and a full loss of communication between them.
We also sent out Broadcast deauthentication packets, which will ensure that no client in the vicinity can successfully connect to our access point.
It is important to note that, as soon as the client is disconnected, it will try to connect back once again to the access point, and thus the deauthentication attack has to be carried out in a sustained way to have a full denial of service effect.
This is one of the easiest attacks to orchestrate but has the most devastating effect. This can easily be used in the real world to bring a wireless network down on its knees.
Have a go hero – disassociation attacks
Try to check how you can conduct Dis-Association attacks against the infrastructure using tools available on Kali. Can you do a broadcast disassociation attack?