How to detect and protect your Wifi from Wifi-Attacks and Deauthentication Attacks

Detecting a Wi-Fi deauthentication (deauth) attack can be tricky but is possible using some tools and methods that can help you monitor your network for unusual activity. Here are some common approaches to detecting such attacks:

1. Monitor Network Traffic with Wireshark

Wireshark is a powerful network protocol analyzer that can help you detect unusual Wi-Fi activity:

• Install Wireshark: You can download it from Wireshark.
• Capture Packets: Set up Wireshark to capture packets on your Wi-Fi interface.
• Filter for Deauth Packets: Use a filter like wlan.fc.type_subtype == 12 to detect deauthentication frames.
• Analyze Patterns: A high number of deauth packets could indicate an attack.

2. Use Airodump-ng (Aircrack-ng Suite)

Airodump-ng is a tool that can monitor the wireless environment for deauthentication frames:

• Install Aircrack-ng: Most Linux distributions have it in their repositories (sudo apt-get install aircrack-ng).
• Run Airodump-ng: Use the following command:

  sudo airodump-ng wlan0

Replace wlan0 with your wireless interface name.

• Look for Deauth Frames: Airodump-ng will display a list of networks and clients. If you see many deauth packets, it’s a sign that your network might be under attack.

3. Use Kismet

Kismet is a wireless network detector and intrusion detection system:

• Install Kismet: You can download it from Kismet.
• Monitor Wi-Fi: Kismet will passively monitor Wi-Fi traffic and alert you if it detects deauth packets or other suspicious activity.
• Set Up Alerts: You can configure Kismet to notify you if it detects deauthentication packets.

4. Set Up Raspberry Pi as a Wi-Fi Intrusion Detection System (WIDS)

You can set up a Raspberry Pi with a wireless adapter to continuously monitor your network for potential attacks.

• Install Kismet or Airodump-ng: Use the Raspberry Pi to run these tools.
• Automate Alerts: You can write scripts to alert you when deauth packets are detected.

5. Use Commercial Intrusion Detection Systems

There are commercial Wi-Fi intrusion detection systems (WIDS) that can automatically detect deauth attacks. Some options include:

• Cisco Umbrella
• Ubiquiti UniFi
• Aruba Networks

6. Enable WPA3 on Your Wi-Fi Network

WPA3 is more resistant to deauth attacks compared to WPA2. Upgrading your router’s security to WPA3 (if supported) can help protect against such attacks.

Signs of a Deauth Attack:

• Frequent disconnections from Wi-Fi.
• Inability to reconnect to your network.
• Slower network performance during the attack.

By using one or a combination of these tools, you can effectively detect deauth attacks and take appropriate measures to secure your Wi-Fi network.

How to protect yourself from Wi-Fi deauthentication attacks

To stop or mitigate a Wi-Fi deauthentication (deauth) attack, commonly referred to as a “deauth hack,” you can follow several strategies and techniques that involve both securing your network and using detection tools to defend against such attacks. Below are some steps to help you protect your network:

1. Upgrade to WPA3 Encryption

• Why: WPA3 is designed to mitigate vulnerabilities that are present in WPA2, such as deauth attacks. It uses improved encryption and authentication methods, making it harder for attackers to exploit.
• How: Ensure your router and connected devices support WPA3, then enable WPA3 in your router’s settings.

2. Use a Wired Connection (Ethernet)

• Why: Deauth attacks specifically target wireless networks. If possible, use wired connections for important devices, which are immune to such attacks.
• How: Connect critical devices (e.g., computers, routers) directly to the network via Ethernet cables.

3. Use a Hidden SSID (Service Set Identifier)

• Why: Hiding your SSID makes it less visible to casual attackers, though it’s not foolproof as dedicated attackers can still sniff it.
• How: In your router’s settings, disable the SSID broadcast feature. Be aware that even though this is not a strong defense, it adds a layer of complexity for attackers.

4. Enable Management Frame Protection (802.11w)

• Why: 802.11w adds encryption to management frames like deauth packets, making it difficult for an attacker to spoof them.
• How:
• Access your router’s advanced settings.
• Look for Management Frame Protection (MFP) or Protected Management Frames (PMF).
• Enable “optional” or “required” protection, depending on your router’s capability and the devices on your network.
• Note: Ensure your devices support 802.11w, as older devices may not connect if MFP is enforced.

5. Reduce Wi-Fi Signal Range

• Why: If your Wi-Fi signal extends beyond the physical boundaries of your home, it becomes easier for attackers to attempt deauth attacks from outside.
• How: Reduce the transmit power of your router to limit the signal range:
• Access the router’s settings.
• Reduce the transmission power (TX power) to a level that still covers your home but not far beyond.

6. Use MAC Address Filtering

• Why: MAC address filtering allows only specific devices (with approved MAC addresses) to connect to your network.
• How:
• Access your router settings.
• Add the MAC addresses of trusted devices to the whitelist.
• Note: MAC addresses can be spoofed, so this is not a foolproof method but adds another layer of defense.

7. Regularly Update Firmware on Router and Devices

• Why: Router manufacturers often release firmware updates to fix vulnerabilities and improve security features.
• How: Check for firmware updates on your router’s admin page and apply them regularly.

8. Set Up a Wireless Intrusion Detection System (WIDS)

• Why: Tools like Kismet or Snort can monitor your network and alert you of potential deauth attacks.
• How:
• Use a dedicated device (like a Raspberry Pi) to monitor your network continuously.
• These tools will detect deauth frames and can alert you when an attack is happening.

9. Deploy Dual-Band Networks (Separate 2.4 GHz and 5 GHz)

• Why: Splitting your network into two different frequencies (2.4 GHz and 5 GHz) helps isolate devices and reduces the impact of a deauth attack on all devices at once.
• How: Enable both bands on your router and assign different SSIDs to the 2.4 GHz and 5 GHz bands. Connect less critical devices to one band and critical devices to the other.

10. Use a VPN (Virtual Private Network)

• Why: A VPN adds an extra layer of encryption, so even if a deauth attack disrupts the connection, the attacker’s ability to intercept data is limited.
• How:
• Set up a VPN service on your devices, or configure your router to route all traffic through a VPN.

11. Change Your Wi-Fi Password Regularly

• Why: Changing your Wi-Fi password regularly helps prevent unauthorized access, especially if someone already has the credentials.
• How: Access your router settings and change both the Wi-Fi password and the admin password periodically.

12. Use a Captive Portal (For Public Networks)

• Why: Captive portals add an extra authentication layer when users connect to your Wi-Fi network, making it harder for unauthorized users to connect.
• How: Set up a captive portal on your router, especially for public or guest networks.

13. Segment Your Network with VLANs

• Why: Virtual LANs (VLANs) isolate devices, so even if an attacker disrupts one segment, the others remain protected.
• How: If your router supports VLANs, create separate network segments for different types of devices (e.g., smart home devices, computers, guests).

14. Use Professional-Grade Access Points

• Why: Higher-end wireless access points from companies like Ubiquiti or Cisco often come with built-in protection against deauth attacks and other network threats.
• How: Invest in more advanced networking equipment if your current setup doesn’t provide adequate security.

---

By combining multiple strategies like upgrading encryption, monitoring your network, and reducing the exposure of your wireless signal, you can significantly reduce the risk and impact of Wi-Fi deauthentication attacks.