Thread replies: 78
Thread images: 5
Thread images: 5
Anonymous
How to defend from deauthorization attacks? 2017-01-16 01:16:06 Post No. 58506539
[Report] Image search: [Google]
How to defend from deauthorization attacks? 2017-01-16 01:16:06 Post No. 58506539
[Report] Image search: [Google]
File: screenshot04.png (108KB, 814x460px) Image search:
[Google]
108KB, 814x460px
How to defend from deauthorization attacks?
Anonymous
2017-01-16 01:16:06
Post No. 58506539
[Report]
One night I noticed my tablet kept getting disconnected from my WiFi. I didn't think a whole lot of it, because it's kinda a POS and just figured it was being the POS that it is. Then the next night, I noticed my chromecast kept getting disconnected. This annoyed the hell out of me because I couldn't watch netflix. Then, another night a 3rd device kept getting disconnected.
This looks to me like some ass hole is trying to capture my WPA handshakes to try to find my password. ...and I just so happened to have new neighbors move in less than 2 weeks ago. fukin ass holes. I'm confident they won't find my password, because I changed it so it's all random characters (no words at all); 63 characters long and all unique characters.
I do however, want to stop them from disrupting me watching netflix and other communications. I suppose there isn't much I can do to prevent this nonsense other than using wired networking?
>>
>>58506539
>This looks to me like some ass hole is trying to capture my WPA handshakes to try to find my password.
Are you just assuming this or did you actually see deauthentication requests?
>>
>>58506585
I'm assuming it. Because one device keeps disconnecting for a few hours, then it's fine. Then a different device keeps disconnecting for a few hours, and then it's fine. Rinse, repeat.
>>
>>58506539
>>58506626
>How to defend from deauthorization attacks?
How did you know that is deauth packets? Maybe it's just the radio from your router. Open Wireshark and/or airodump-ng and make a .cap and upload to us analyze.
>>
>>58506626
Also, some of the devices are 2.4 Ghz, and others on 5 Ghz. When one device continuously disconnects, others work fine, even devices on the same spectrum, so it's not interference from a microwave or something.
>>
>>58506673
It's not happening at this very moment, and hasn't for a few days (that I've noticed). I mostly want to know if there's a way to defend against this for future use.
>>
Stop broadcasting your SSID and change the name, make sure that only authorised MAC addresses can connect to the network.
>>
As others have said, sniff for deauth packets, of you have proof you can either go over to them and ask them to stop or report them to the police, since this is illegal.
there's not really a way to stop it without rewriting your wi-fi firmware to ignore deauths
>>
>>58506740
That won't stop a deauthorization attack.
>>58506752
>rewriting your wi-fi firmware
That's what I thought
>>
>>58506740
i mean just mac blacklist him. it's right there. that may stop it for a little while.
>>
>>58506724
You can defend yourself by setting a honeypot with the same BSSID but with different security and channel e.g.: Your router is: 00:00:00:00:00:01 with WPA2 AES channel 2, and your honeypot is 00:00:00:00:00:01 with WEP security channel 1.
>>
>>58506787
He can just spoof the AP with a white listed address
>>
Go cut the power to their apartment or something.
And change the password at least once every 24 hours, yes it's a pain in the ass but do it - and make sure the Admin account on the router has been renamed to something else, the connection port is altered, and the admin password is obviously something pretty secure.
Even in spite of all this if someone really wants to get in and they're already using deauth attacks sooner or later they will because you're going to miss something.
Nothing is secure anymore, hasn't been for a really long time.
>>
>>58506800
Pointless as the lack of traffic on the honeypot SSID will probably tip the attacker off. Granted if the attacker is only deauthing 1 device at a time, rather than all in range, they're either shit or thinking they're being sneaky.
>>
>>58506800
Altrough, this could interfere in your WiFi. :^)
>>
It would probably be a good idea to log some of this traffic, possibly turn off the device being attacked, then try to locate the attacker by walking around and finding where the signal strength is the strongest.
>>
>>58506740
This literally does nothing. A person can find your hidden network, determine the MAC address of any connected devices, perform a deauth, and then connect using a spoofed MAC address stolen from one of the connected devices.
>>
Let them into your network then fuck them in the ass
>>
>>58506539
Change your SSD to:" Asshole from unit X, quit your shit"
>>
Create a honeypot with internet access just for them and mitm it. Steal their logins and backdoor everything they download.
>>
>>58507263
Rollin forn this
>>
File: chillax friendo.jpg (68KB, 583x651px) Image search:
[Google]
68KB, 583x651px
>>58506818
>OP has cheap neckbeard asshole neighbourhg that can open aircrack
>you assume he is full on master hacker NSA badass navy seal
>mfw reading some of the advice here
OP, change the SSID of your network to something like "itsuckstobepoorandnotknowshitaboutaircrack" and let it rage for a while.
>>
File: 1429292234679.jpg (101KB, 491x404px) Image search:
[Google]
101KB, 491x404px
>>58506539
yeah, take a crowbar and trash their home infront of them betcha they wont be able to fuck with your wifi anymore since you probably will be kicked out and in prison
>>
>>58507230
Even though they likely simply want to do the same thing I do with the internet (watch youtube, netflix and check email/bank account, etc), but on some one else's dime, I'm not risking it. I mean, after all, they appear to be actively attacking my network over a $55 per month subscription, which happens to be a felony in the US, btw. Who the fuck risks felony charges over $55??? Considering this, who knows wtf else they're capable of or willing to do. Maybe they want to send threatening letters to Obama or Trump from my account; I don't know nor care what their intention is. They're not doing it on my watch, and it's just pissing me off that they're interfering with me watching Netflix.
>>58507263
haha that'd be pretty funny. Unfortunately I see that going down one of two ways... Hopefully it'll get them to knock this shit off... OR it'd make this personal to them. ...you know, giving something for the lunatic/psychopath to react to.
>>58507275
If it weren't for PKI (public key infrastructure) I'd totally do this. And I believe I'd be completely within my rights to do so, so much so as long as it's within my domain.
>>
>>58506539
Switching to wired was the correct answer.
>>
>>58506724
Not really. WiFi isn't very secure, that's why someone outside your network can literally deauth you and kick you off your own network. WiFi security is kind of a joke.
>>
>>58507390
Yeah or change the SSID to e.g. "ChangesPasswordDaily" to discourage them trying to brute force a captured WPA2 handshake.
>>
>>58506539
I successfully got through a WP2A network like 7-ish years ago.
>my apartment neighbors
>deauth'd and captured a WPA2 handshake
>time for dictionary attack
>cracked it within 2 minutes
>WiFi password was "aviation", which was at the beginning of the alphabetical dict list
>felt like a god
Being a script kiddy is fun sometimes.
>>
There's no way to hide a connected device in the connected devices list is there? On closed source firmware that is and then what about open?
>>
File: 1481117669207.png (96KB, 177x224px) Image search:
[Google]
96KB, 177x224px
>>58506539
stop using wifi
>>
>>58506752
>since this is illegal.
[citation needed]
You might be able to slide it as a DoS under CFAA, but local police either:
1. Won't have a clue what you're talking about, or
2. Won't give a shit because it's technically the FBI's job to van them
>>
>>58506539
>netflix
>>>/v/
>>
Change SSID to 'PasswordisYou'
Then change the password to faggot
Then change it a few days later to a 64 character WPA2 keyboard mash, stop broadcasting SSID and reduce the power output as much as you can while still having good coverage where you want it
>>
>>58506539
it could be anything, wifi is shit, all bets are off when there's 20 APs overlapped in an apartment complex
>>
>>58509413
> someone outside your network can literally deauth you and kick you off your own network. WiFi security is kind of a joke.
That's kind of scary actually.
If Wi-fi is this insecure, why is it so popular? That's actually quite concerning.
>>
>>58510885
>If Wi-fi is this insecure, why is it so popular?
Because it's nice and easy for normies.
>>
>Be me
>Surrounded by kids going to one of the best technical colleges in the world
>Lived here for 8 years, slowly learned to adapt and was even instructed on how to better secure things by a few who broke in to my network a couple of times.
>Fast forward to today
>Fucking kids flying drones with cameras looking in people's windows
>ATMs and gas pumps around the area frequently have card skimmers on them
>Kids challenging each other to figure out how to break into electronically locked cars. It's not uncommon to walk to your car and see some idiot standing next to it, then pretend they were just looking up something on the phone
>I just want to watch porn and Netflix in peace
>WPA 2 AES
>Signal as low as possible
>Authorized MACs only
>20 word network password.
How fucked am I /g/?
>>
>>58506818
>And change the password at least once every 24 hours
Won't do shit if OP has a strong password in the first place.
>>58507753
>If it weren't for PKI (public key infrastructure) I'd totally do this.
Still do it. If they notice websites aren't secure anymore, they will stop using your wifi.
If they don't notice it, you have fresh logins to pretty cool websites
win-win
>>
>>58510903
get rid of all electronics
>>
>>58506539
buy some ethernet cords
>>
>>58506539
Pls enlighten me, but isn't just one WPA handshake capture enough for bruteforcing?
No point in disconnecting someone from his wifi network unless you want to annoy him.
Probably your equipment is malfunctioning or something is interfering.
>>
>>58506539
Hide and rename your current wifi network, filter with MAC.
Set up another router with the same SSID and MAC, and with a proxy that replaces all pictures with horse porn, and let him have this one.
>>
File: Windows+firewall+_3f8cb5bea35ecbc843265da07f9869f6.png (128KB, 459x343px) Image search:
[Google]
128KB, 459x343px
>>58511289
>Hide wifi network
>>
>>58506539
change your ssid to "iknowwhatyouredoing"
>>
>>58506539
I think the only way to stop this is with custom firmware or you need to physically locate the mischief
>>
AFAIK if you are SURE that this is going on they are doing something similar to a DDoS
(i am not tech savvy i am a newfag i dont even have linux pls no bully).
But the thing about technology is that the smart guy always win. This isn't a deal about who can secure better vs a hacker, but who's smarter.
Overall the best and most secure way to deal with this is so either remove all electronics or get rid of your wi-fi permanently. However considering that you use shit like tablets and smart TVs that's not what you are likely to use. Having a small lan system with very small range routers might be a good idea.
If you cant stop them from getting into your area, get the area away from them.
>>
>>58510885
If HTTPS is this insecure, why is it so popular? That's actually quite a lot more concerning that Wi-Fi.
>>
>>58511326
That's better than nothing anon, many people don't even know it's possible.
>>
>>58511417
is it?
>>
>>58511452
HTTPS is pretty popular.
>>
>>58507204
It's gonna slow him down. If it starts happening within a few hours of your changes then it's likely not deauth.
>>
leave em a note saying that if they try to bruteforce your wireless password again you'll call the police on them
>>
>>58511437
I agree, but hiding wifi network from someone who is doing auth attack is a joke.
>>
>>58510885
It's not insecure, don't listen to the FUD here.
Go ahead, try to crack a WPA2 secured router, I'll be waiting a few hundreds years for you to do it.
>>
>>58511511
Who knows how he picks his next target? Could be from looking at the list of available networks on his Windows 10 computer.
>>
>>58506539
change ssid to "StopDeathAttackOrICallThePoliceOnYou" or "IhaveAstrongpasswordStopTrying" is your best bet. Or just grow some spine and knock on their door.
>>
>>58509413
that's a reliability issue, not a security issue
WPA2 is as secure as your password.
>>58511520
dictionary attacks certainly work against weaker passwords
>>
>>58511395
if you have no idea about technology, why try to give advice when there's plenty of people who actually know what they're doing around?
>>
>>58511520
If your password is in a dictionary, WPA2 doesn't matter.
>>
>>58509413
B-but Applel says that wireless is the future. T-they know best don't they?
>>
>>58511452
You send a request to an authority to verify that you're not Hackerman Hackson.
Now, it costs $50 000 dollars to be allowed to say that. This puts this sort of thing way out of reach of three letter agencies as they would never spend that amount to be able to MITM everything on the fucking planet.
>>
>>58510818
>the entire world is america
>>
>>58512197
So replace the names with what ever the agencies are called in your stupid country.
>>
>>58510903
Set up a vpn server on your router, so you will need to connect to it first to access the internet.
>>
>>58506740
Don't do this. Some other router will use the same channel and wifi will be fucking bad.
>>
>>58511520
So what? An attacker still can take your network down
>>
Dude, from my experience, he is not trying to deauth to capture your 4-handshake of the WPA, becouse the deauth will be me Minimum and happen for milliseconds that won't disturb your video watching or browsing.
However, what I think he is doing is deauth on purpose, using a tool like "mdk3" to kick your devices from your router and/or flooding the packets to cause clients to reset.
And usually they go on this method becouse they didn't break into your WiFi (as you said, it is hard to break)
How to defend, well, unfortunately not with your home equipments, on enterprise, it is very easy to do so.
So my best advise for you, give him the password.
>>
>>58512394
How wil that stop deauth?
>>
>>58514206
It will stop unauthorized logins, otherwise use cable.
>>
>>58514227
So it wont solve OPs problem.
>>
>>58512170
Of course they do, why else would their stuff be so expensive?
>>
>>58510775
My router kinda sucks in this area. It only shows currently connected MACs (I can't find a log if it exists). Fortunately the DHCP server keeps logs of which MAC has which IP, as long as the lease is valid, so I can go by that. Otherwise if they statically set an IP then I can only see them if they're currently connected.
>>58510941
>Still do it.
Haha maybe I should >: ]
>>58511191
It's been a long ass time since I messed with this wifi cracking stuff, but when I did it to my own network, it often disconnected the device for a short moment. It happened so fast, the device didn't show any time it was actually disconnected, just a pop-up or whatever showing "now connected to network". I don't remember what I did to get this done; I'm pretty sure I sent a lot of the requests like the pic in 1st post.
>>58511395
>small range routers
I suppose it wouldn't hurt to turn down the power a little bit.
>>58512394
I ultimately want prevent future disruptions from future deauth attacks. I'm confident they won't find my password for centuries (I used a damn good password)
>>58514174
>will be me Minimum and happen for milliseconds that won't disturb your video watching or browsing.
So he's a script kiddie or just being a dick?
>on enterprise, it is very easy to do so.
I've been wanting to get enterprise/business grade equipment because why not. Actually, I want to learn on a non-production network and I like high-end things. Anything on ebay you suggest?
>>
>>58510885
Because people are like "Oh, I can have internet on my computer and not have to worry about wires".
Then they start complaining about how their internet is so slow and how they're going to stop paying their bill unless the issue is resolved.
Then you realize they're 30 ft from their Wi-Fi router or gateway, with no access points setup, and they have a signal of like -96 or worse.
>>
>>58515046
>I suppose it wouldn't hurt to turn down the power a little bit.
Keep in mind that turning the power down doesn't necessarily mean the deauths will not happen anymore.
Them deauthing only 1 device every night seems more like a way to annoy you, than to capture the WPA handshake.
>>
>>58506539
Some script kiddie noob is using aireplay on you but forgot to set the count so it's deauthing you forever.
>>
>>58510903
This talk should help with the drones.
https://www.youtube.com/watch?v=5CzURm7OpAA
As for the rest, no idea anon.
>>
Your new neighbour has a shitty microwave and you have a shitty router. Or get Wireshark and confirm that you're actually getting flooded with deauths.
>>
>>58506626
>I'm assuming it.
are you retarded ? It's not that hard to run god damn wireshark and capture traffic. then come back and ask solution.
Thread posts: 78
Thread images: 5
Thread images: 5