A deauthentication, or deauth, attack injects deathentication frames in order to disconnect a target from a network. It works on pretty much any network and can be extremely useful in many other attacks in order to force a handshake, since most devices automatically try to connect to any networks in the area that they recognise. Moreover, a deauth attack can serve as a DOS attack, temporarily precluding a particular client from connecting to a network.
aireplay-ng
can be to disconnect a device already connected to the network:
aireplay-ng --deauth <count> -a <access point> -c <client> -D <dev>
--deauth
specifies the amount of deauth frames to send. If this is 0, then aireplay-ng
will produce a continuous stream of deauthentication packets, resulting in a DOS attack.-a
is the MAC address (BSSID) of the network you want to attack.-c
is the MAC address (BSSID) of the device you want to disconnect from the network. If this is not specified, aireplay-ng
will disconnect all devices connected to the network.-D
will ensure that the deauth packets are forcibly sent. The attack may not work if this option is not specified, since aireplay-ng
will look for the target network in all channels and may not find it in time. This can be omitted if the wireless adapter is already locked on a specific channel by, for example, airodump-ng
when listening to a particular network and channel. <dev>
is the wireless adapter you wish to use for the attack.If the target is not disconnected on the first try, you can always send more deauthentication frames!