Disconnecting Wireless.

Devices that are connected to a wireless access point can be disconnected against the users' will.

This is called 'Denial of Service' (DoS) attack.

Methods include:

- Radio Frequency Jamming.

any high power radio-frequency electromagnetic wave emitter has capability to interfere with 802.11 standard networks (WiFi).

- CSMA/CA jamming.

anyone using a device with properly modified hardware driver software can interfere with 802.11 standard networks (WiFi).

CSMA/CA stands for Carrier Sense Multiple Access with Collision Avoidance, a protocol for wireless physical medium access that allows for 'collisionless' communication between many wireless network devices.

this protocol uses idea of a communication channel, different devices attempt to use different channels to avoid collisions in communication.

CSMA/CA jamming method is about sending noise data on multiple communication channels, basicly blocking each of the communication channels, making the devices that would use them otherwise wait for as long as the noise data is in the air.

- Deauthentication attack.

this attack is about sending signal to a wireless access point's client that deauthenticates user, making him/her go through authentication/authorization procedures again, reinitializing a wireless connection.

sending deauthentication signals constantly blocks user from using wireless network.

there's tool called aireplay-ng, part of aircrack-ng tool suite, that allows for this type of attack, but there are also other means.

command is as follows:

> aireplay-ng -0 0 -a 54-E6-FC-CC-2E-70 -c FF:FF:FF:FF:FF:FF mon0

where:
-0 : attack type.
  0 means deauthentication attack.
0 : number of repeats of an attack.
  here, 0 means infinity.
-a 54-E6-FC-CC-2E-70 : access point's LAN MAC address.
  there are at least two MAC addressess for access point: LAN & WAN MAC address.
  we've attacked using one of access point's LAN MAC addresses.
-c FF:FF:FF:FF:FF:FF : target of an attack's MAC address.
  FF:FF:FF:FF:FF:FF is special address, broadcast address that applies to all clients of our network.
mon0 : our network's card interface, choose the one that is in monitor mode.

sometimes we have to add additional parameter of: '--ignore-negative-one', when the network interface's channel can't be determined.


access point's & attacked device's MAC addresses can be read using airodump-ng tool.

command is as follows:

> airodump-ng mon0

where:
mon0 : our network's card interface,
  choose the one that is in monitor mode (see: 'Hacking Wireless' post for details).

BSSID field is access point's MAC address.
STATION field is client device's MAC address.

they can be read from lower part of airodump-ng's output.

Hacking Wireless.

how to crack password in a wireless router?

(of a network, not router's).

using aircrack-ng tool suite, for example.

we need also a computer with wireless network card that can go into 'monitor mode'.

this tutorial shows how, with kali linux pc (Paco):

---

first we turn on network card's monitor mode.




then we start 'sniffing' for data with airodump-ng tool.






we have to provide a dictionary file, either script-generated or downloaded.

if we want to use letter/digit/word/syllable combinations or something similar, we have to prepare dictionary properly, for example with a script.

this time i've provided modest three-word dictionary by typing it in Linux's vi editor.

i didn't see a Linux version without this editor as of yet.




then we can use aircrack-ng command to attack password.

command below attacks password protected by WPA standard, using dictionary method.

for more, reader should consult linux man pages or a proper course, perhaps more.






data 'sniffed' can be also decrypted with airdecap-ng tool, for example.

see also, if You wish: Wireless Network Cards with Linux.