DDOS attack on Wireless Network

Is there a way to stop deauth DDOS attack on wireless network? How to identify attacker?
any links and tips will help.

#aireplay-ng --deauth 1000 -a (BSSID) mon0


thank you

Quote:

---

Originally Posted by anban.r

Is there a way to stop deauth DDOS attack on wireless network?

---

As far as I know, no.

Quote:

---

How to identify attacker?

---

Triangulation.

http://www.airdefense.net

WIPS helps in detecting but does not prevent the attack.
Thank you.

You can't prevent it because, simply put, it's not something that targets an OS, or Software that you can lock down, but your IP address.

Basically, a DDoS attack, is where someone has a bunch of slave computers, and, those Computers have Bandwidth, which in turn, they control, and start sending nonsensical packets at you from them, and, other than changing your IP Address, you can't really stop it, because even if you were stupid enough to try and actually block all those packets (Stupid because the software that blocked them would end up either crashing or giving you a load average of like 200 lol) it's still sitting there pissing all over your Network.

You can't stop a DDoS attack unless you change your IP so that whoever is doing it doesn't know the IP anymore. Think of it like this; If you turn a Fireman's Hose on Full Blast, and aim it at a forest, it doesn't really do much, which is like normal network traffic with hosts and what not.

Turn that hose on a Fly, and it obliterates it. Flooding is something you aren't gonna stop without changing your IP. Think about Hurricane Katrina; All that flooding isn't going to be stopped unless you change location.

That's sort of how this is; You simply can't stop all those packets from hitting your Computer, or Network, without unplugging the Connection, going offline, or changing your IP Address, because all it is, when it comes down to it, is a **** load of Network Traffic aimed right at you.

So, no, you can't stop it, but you CAN read the link shared already and learn more.

I was trying to think of another way to put this so it would make sense as to why you can't stop them, but it's not that easy; I mean really, it's just a LOT of Traffic aimed at your IP address, which, of course, makes your machine lag, and your network lag, and in general, will eventually either knock you offline, or just make your machine freeze up.

It's an annoying pain in the ass. I once had someone turn an OC-12 on at me. I was pretty annoyed to say the least. The guy was on a Chat that I was on, and he got my IP address, and started flooding the **** out of me.

After my Cable Modem reset, I went back online. I'm pretty sure he was really happy that I turned his Machine into a public access FTP Server, but hey, he earned it. Lol.

Newbie here, but I have a bunch of countermeasures in place for all mission-critical sites I run. A straight-on DDoS is still pretty effective, but only if the host is retarded. Defending against it is as simple as employing the same tactics they use (keyword: Distribution). Great paper about the basics: http://lasr.cs.ucla.edu/ddos/ucla_te...ort_020018.pdf

Don't agree with gore's assessment at all - it is not correct.

Quote:

---

Originally Posted by fowjubohfo

Don't agree with gore's assessment at all - it is not correct.

---

IMO a DDOS attack against a specific IP address cannot be thwarted.
The only solution is to use a different IP. That is gore's assessment. I agree.

What in your opinion is not correct? Make your case. Be specific.

I too am interested to hear how I'm wrong.

gore:
You are wrong because you did not answer the question

But in all fairness I do not think the original poster knew the question:
a deauth ( deauthentication attack ) is a DOS, not a DDOS.

And I think SirDice failed to take into consideration a properly targeted baseball bat.

:drink:

Very funny lol. I know exactly how to use a Baseball bat as a LART. But, either way, the fact is; Outside of changing an IP address, there really is no way you can stop a DDoS Attack.

If someone wants to bring you down, and they have the pipes to do it, and you can't change IPs; It's gonna happen. I mean think about it; Microsoft has a fairly close to unlimited budget, and when that Worm was going around years ago that targeted them and SCO, Microsoft paid extra to deal with the Bandwidth issue, and, moved the NAME of one of their Servers, so that it wouldn't bring it down.

From what I remember, whoever coded the Worm, had basically put the wrong Windows Update Server in their target, and so they simply moved it or something like that. They also hired Akai to help with the Bandwidth.

SCO just went down, because they refused AKAI, as they use Linux lol.

Quote:

---

Originally Posted by IKnowNot

And I think SirDice failed to take into consideration a properly targeted baseball bat.

---

I only mentioned how to find the attacker, not what to do when you do ;)

He's got ya there pinky.

Quote:

---

Originally Posted by gore

They also hired Akai to help with the Bandwidth.

---

It's Akamai

Quick 'n simple way to thurt a DDos attack, disconnect your modem. Open front door and enjoy the fresh air and sunshine and outdoors in general.

:)

You didn't happen to post lolcats in /b/ did you? :eek: them LOIC wielding anon folks don't take kindly to lolcats interupting there kiddie pr0n viewing. :frosty:

Awe shucks. And I thought when he answered

Quote:

---

As far as I know, no.

---

he was answering the question anban.r meant to ask, how to stop a deauth DOS attack.

( anban.r not only stated he was looking to stop a deauth attack, but gave the command of the attack he was looking to stop. )

Well, better luck next time I guess. I need more booze.

;)

Quote:

---

Originally Posted by Opus00

It's Akamai

---

Yea, that one. It's been a long day. And now my Cousin's friend is being a ***** on FB, so yea, I'm not thinking clearly right now.

Well you must have had a long day when you replied to a question about a DOS with rambling about DDOS, then further rambling attempting to justify your position. Concede, you, and others, missed the discrepancy in the question.

My guess, this was someone’s homework: some demoniac teacher probably expected students to spew forth answers such as gore expectorated, or clamor for cites and applications of 802.11w.

Either that, or the original poster was just plain clueless!

Either way an open WLAN is vulnerable to what was purposed.

I do not post here that much anymore because I believe that posts should be meaningful and responsive to the questions posed. SirDice did that in his first post, but it was technically although not practically, incomplete. That, and when the inconsistencies of the question were examined, along with the obvious hijacking of the thread, I felt the need to post.

For someone that wants to learn, I would suggest starting at something like
802.11 Denial of Service Attacks and Mitigation
and
IEEE Standards Publications, Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications Amendment 4: Protected Management Frames

Enough being serious. Back to the booze!

Damn dude.. Kind of a shot in the ass wasn't it?

Did you see the Topic? "DDOS attack on Wireless Network" Doesn't that sort of mean "This thread will be about DDoS stuff in some way" ? That's what I replied to. Doesn't really matter if the OP is clueless; They made a topic about DDoSs, and, I responded about them.

I don't think that really justifies saying everyone is wrong because we, like most people, read the topic, clicked on the post, and replied to what we saw. In fact I think that's what they call a "Forum" ;) (Yes, I'm being a smart ass. I felt I should point out that I'm being one instead of a jerk, because that particular emoticon, can mean either, and I'm not one to attack normally respectable members such as you. And no that isn't Sarcasm, I actually like you when you aren't as serious) .

Quote:

---

Originally Posted by gore

Damn dude.. Kind of a shot in the ass wasn't it?

---

Sorry dude, I have always like you too, but it is what it is.

In response to the topic question: I have learned I must try to figure out what people are attempting to say despite what they are actually saying. That is why I picked out the discrepancy. ( I think you of all people can understand that. )

I try to train all the people that work for me the same thing. If they fail, it should be a learning experience, something positive, not negative.

Everyone makes mistakes, just not the same one twice!

.

Quote:

---

Originally Posted by IKnowNot

Sorry dude, I have always like you too, but it is what it is.

In response to the topic question: I have learned I must try to figure out what people are attempting to say despite what they are actually saying. That is why I picked out the discrepancy. ( I think you of all people can understand that. )

---

I do. I can't tell you the number of times I've heard "So I go into Microsoft...." And then tried to figure out WTF they were doing, what app, and really, what VERSION of whatever it is, without them knowing any of that.

It's not that it's the most annoying thing ever, not everyone knows this stuff, but, at least knowing what the name of the Application you're using is, is sort of helpful for the rest of us trying to teach it to you, or, fix it when you mess up.

Quote:

---

I try to train all the people that work for me the same thing. If they fail, it should be a learning experience, something positive, not negative.

---

See, I have to be careful there; I have a REALLY short temper. I mean, I do have ways I control it, like humor, sarcasm, and, if all else fails; Condescension, but it's hard for me sometimes. I don't really know why I have such a temper, but I do.

I actually use humor the most, since I'm Gifted with an ability to see humor in places a lot don't, and, basically come up with things on the fly, and it helps me keep from losing my temper.

Before I was able to use humor though, I'd snap at people and in the case of a cousin of mine, I basically punched him for being stupid a few times. Not that I think that's terrible; I can't stand stupid people who refuse to try not to be stupid, and a punch is a pretty clear indication to stop doing something, but not the right one.

Anyway though, I'm actually pretty good at teaching people stuff. I have Tourette's syndrome, and though it can make my life hell at times, one of the common side effects of it, is creativity.

I can generally explain things to people with analogies that I pull out of thin air, and they work.

The main reason I know this, is that when I was in college, my Teachers would be pretty busy, and in one Class, there were just to many of us for one person to handle, and though he had an aide, he wasn't always there. In the times when it was just my Teacher, I actually helped out a lot.

I got a LOT of extra credit for doing so, and at the end of the semester, my grade was almost 190% out of 100%. (I almost had TWO As for a grade) and in general, whenever the Teacher went into something more advanced, and there were a lot of questions, I was able to help out and answer them a lot, and, after he saw me doing it, he'd let me do just about whatever I wanted in class.

I was literally allowed to sit in the back of the class with my Laptop playing DooM while he was teaching, and he had NO problem with that. He said as long as I was quiet or used Headphones, I could.

So I'd play DooM, play on AO, play with Shells, and whatever else. And I'd help more in the Security aspects of classes.

He used me as an example multiple times a week sometimes, and I helped him design class work we would do because I had actual experience in how to do some of it.

so yea I was actually able to keep my Temper under control simply by using humor. I do admit though; There were a few times I'd walk away and talk to a friend in class, because in one of them, two guys in there who sat next to each other, were dumb as a box of ****.

Quote:

---

Everyone makes mistakes, just not the same one twice!.

---

I try to do that very thing; If I make a mistake, or I screw up, that's OK; If I do it again, it's probably my own fault. (I'm only saying "Probably" because there could be a theoretical situation where only knowing something once might not work heh).

Hmmmm,

There seems to be some semantics involved here?

I am no expert in this area, but my understanding is that a deauthentication attack only requires one successful connection and so would be a DoS.

However, the most obvious solution that many people would try is to move the access point(s) and client(s). They may not even know that they are being attacked, but this would work if it took them out of range/visibility.

In these circumstances a determined attacker might use several attacking devices surrounding the target. I guess that would possibly be regarded as a DDoS, but you could argue the toss given that only one of the attackers was actually causing the deauthentication?

I liked HYBR|D's solution :D but on a similar note I have a friend who simply disabled the wireless crap and reverted to good old Cat5/RJ45 connections. That worked for him, but I am not sure if he was being attacked or just getting interference.

My next suggestion would be some sort of Faraday cage. If no signals can get in or out of the WiFi zone, then no attacker will see you or be able to connect.

Another possibility is to use directional or line of sight connections. That seems to work for the military, but there again they have guns and will shoot anybody in the wrong colour uniform :eek::D

Seriously though, that approach would greatly restrict the opportunity offered to a potential attacker when compared to omnidirectional connections.

Obviously, if you thwart such attacks you won't see the attacker unless you set up some sort of honeypot or surveillance equipment.

Just a few thoughts :)