How is possible for Wifi Kill to block someone from using Wi-Fi, even if you don't have access to the router settings and you even don't use MITM (I think)?
1 Answers
By using disassocate packets.
Those packets has the source MAC of an AP and force the client to disconnect and reconnect to the AP.
By keeping sending those packets, you can keep any client away and unable to connect to this specific access point.
Edit: A summery for people can't access links.
From a tool named Aircrack-ng
Deauthentication
Description
This attack sends disassocate packets to one or more clients which are currently associated with a particular access point. Disassociating clients can be done for a number of reasons:
- Recovering a hidden ESSID. This is an ESSID which is not being broadcast. Another term for this is “cloaked”.
- Capturing WPA/WPA2 handshakes by forcing clients to reauthenticate.
- Generate ARP requests (Windows clients sometimes flush their ARP cache when disconnected)
Of course, this attack is totally useless if there are no associated wireless client or on fake authentications.
Note: Some clients ignore broadcast deauthentications. If this is the case, you will need to send a deauthentication directed at the particular client.
Source: http://www.aircrack-ng.org/doku.php?id=deauthentication
- 2,485
- 3
- 19
- 32