DDOS attack on Wireless Network
Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: DDOS attack on Wireless Network

  1. #1
    Junior Member
    Join Date
    Jul 2006
    Posts
    6

    DDOS attack on Wireless Network

    Is there a way to stop deauth DDOS attack on wireless network? How to identify attacker?
    any links and tips will help.

    #aireplay-ng --deauth 1000 -a (BSSID) mon0


    thank you

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Quote Originally Posted by anban.r View Post
    Is there a way to stop deauth DDOS attack on wireless network?
    As far as I know, no.

    How to identify attacker?
    Triangulation.

    http://www.airdefense.net
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Junior Member
    Join Date
    Jul 2006
    Posts
    6
    WIPS helps in detecting but does not prevent the attack.
    Thank you.

  4. #4
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    You can't prevent it because, simply put, it's not something that targets an OS, or Software that you can lock down, but your IP address.

    Basically, a DDoS attack, is where someone has a bunch of slave computers, and, those Computers have Bandwidth, which in turn, they control, and start sending nonsensical packets at you from them, and, other than changing your IP Address, you can't really stop it, because even if you were stupid enough to try and actually block all those packets (Stupid because the software that blocked them would end up either crashing or giving you a load average of like 200 lol) it's still sitting there pissing all over your Network.

    You can't stop a DDoS attack unless you change your IP so that whoever is doing it doesn't know the IP anymore. Think of it like this; If you turn a Fireman's Hose on Full Blast, and aim it at a forest, it doesn't really do much, which is like normal network traffic with hosts and what not.

    Turn that hose on a Fly, and it obliterates it. Flooding is something you aren't gonna stop without changing your IP. Think about Hurricane Katrina; All that flooding isn't going to be stopped unless you change location.

    That's sort of how this is; You simply can't stop all those packets from hitting your Computer, or Network, without unplugging the Connection, going offline, or changing your IP Address, because all it is, when it comes down to it, is a **** load of Network Traffic aimed right at you.

    So, no, you can't stop it, but you CAN read the link shared already and learn more.

    I was trying to think of another way to put this so it would make sense as to why you can't stop them, but it's not that easy; I mean really, it's just a LOT of Traffic aimed at your IP address, which, of course, makes your machine lag, and your network lag, and in general, will eventually either knock you offline, or just make your machine freeze up.

    It's an annoying pain in the ass. I once had someone turn an OC-12 on at me. I was pretty annoyed to say the least. The guy was on a Chat that I was on, and he got my IP address, and started flooding the **** out of me.

    After my Cable Modem reset, I went back online. I'm pretty sure he was really happy that I turned his Machine into a public access FTP Server, but hey, he earned it. Lol.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  5. #5
    Junior Member
    Join Date
    Dec 2011
    Posts
    2
    Newbie here, but I have a bunch of countermeasures in place for all mission-critical sites I run. A straight-on DDoS is still pretty effective, but only if the host is retarded. Defending against it is as simple as employing the same tactics they use (keyword: Distribution). Great paper about the basics: http://lasr.cs.ucla.edu/ddos/ucla_te...ort_020018.pdf

    Don't agree with gore's assessment at all - it is not correct.

  6. #6
    Senior Member
    Join Date
    Mar 2008
    Posts
    262
    Quote Originally Posted by fowjubohfo View Post

    Don't agree with gore's assessment at all - it is not correct.
    IMO a DDOS attack against a specific IP address cannot be thwarted.
    The only solution is to use a different IP. That is gore's assessment. I agree.

    What in your opinion is not correct? Make your case. Be specific.

  7. #7
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    I too am interested to hear how I'm wrong.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  8. #8
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    gore:
    You are wrong because you did not answer the question

    But in all fairness I do not think the original poster knew the question:
    a deauth ( deauthentication attack ) is a DOS, not a DDOS.

    And I think SirDice failed to take into consideration a properly targeted baseball bat.

    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  9. #9
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Very funny lol. I know exactly how to use a Baseball bat as a LART. But, either way, the fact is; Outside of changing an IP address, there really is no way you can stop a DDoS Attack.

    If someone wants to bring you down, and they have the pipes to do it, and you can't change IPs; It's gonna happen. I mean think about it; Microsoft has a fairly close to unlimited budget, and when that Worm was going around years ago that targeted them and SCO, Microsoft paid extra to deal with the Bandwidth issue, and, moved the NAME of one of their Servers, so that it wouldn't bring it down.

    From what I remember, whoever coded the Worm, had basically put the wrong Windows Update Server in their target, and so they simply moved it or something like that. They also hired Akai to help with the Bandwidth.

    SCO just went down, because they refused AKAI, as they use Linux lol.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  10. #10
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Quote Originally Posted by IKnowNot View Post
    And I think SirDice failed to take into consideration a properly targeted baseball bat.
    I only mentioned how to find the attacker, not what to do when you do
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Similar Threads

  1. Networking Guide
    By U_caNt_KiD_M3 in forum General Computer Discussions
    Replies: 2
    Last Post: January 18th, 2005, 04:04 AM
  2. Classic Social Engineering Attacks
    By Striek in forum The Security Tutorials Forum
    Replies: 10
    Last Post: December 16th, 2003, 09:30 PM
  3. Wireless 101
    By mmelby in forum The Security Tutorials Forum
    Replies: 1
    Last Post: October 23rd, 2002, 03:31 PM
  4. Network Vulnerabilities and Countermeasures
    By Joey_Batch_File in forum The Security Tutorials Forum
    Replies: 10
    Last Post: September 20th, 2002, 10:03 PM
  5. Denial of Service
    By E5C4P3 in forum AntiOnline's General Chit Chat
    Replies: 9
    Last Post: March 1st, 2002, 10:22 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •