Caught Deauth attempt on wireless network last night. Suggestions on what to do from this point?

Question

Last night around 3-4 am I had noticed my network acting funky.. I flipped my wireless card into monitor mode and boom there was a rogue AP. I then acknowledged that I had seen them and mimic'd the movements they were making, and when I switched my mac for the last time I noticed a lot of the fake APs that were up went down.. Around 3-4. And stayed down.

Obviously after parsing through logs on my box I had been deauth'd at one point and had attached to them.. I saw requests from an IP that was out of my routers IP range. I keep my range very small for this reason.. My box is fine. What should I do from here to keep this at bay? I am afraid this may have enticed their curiousity.. Suggestions? Oh and yes my password is changed and strong.

You can try to configure WPA2 EAP instead of WPA2 PSK if your router supports it. — Aria, Nov 11 '16 at 22:41
Use 802.11w, see https://security.stackexchange.com/questions/20219/preventing-deauthentication-attacks/64440#64440 — Artyom, Sep 08 '17 at 20:03

TrickyDupes · Answer 1 · 2017-09-08T11:31:25.663

2

They have a good chance of being close by. Monitor Wifi signal strength of the rouge AP and try track him/her down.

Changing your PW to something strong was the right move. Voids any handshakes captured so far and makes life much more difficult next time.

edited Sep 08 '17 at 11:31

answered Sep 08 '17 at 10:04

TrickyDupes

2,809
1
13
27

Welcome to Information Security Stack Exchange! I'm not sure this answers the question, what the user should do to keep the attack at bay. Since tracking the rogue AP down in itself does not stop it. – S.L. Barth Sep 08 '17 at 11:08
I'm sure the implication is that you will stop the device if possible – I'm Root James Aug 19 '21 at 17:36

score 1 · Answer 2 · answered Nov 12 '16 at 00:13

If your password is strong and changed, I don't think you need worry. Most likely its just someone trying to crack password for fun. If its a strong password, they probably won't crack it, and if you've changed it, the cracked password will be useless even if they do crack it.

score 1 · Answer 3 · answered Nov 12 '16 at 21:18

The fact the attacker was so clumsy suggests they don't really know what they're doing. Probably just script-kiddie following a YouTube tutorial. So long as your AP users WPA2, good password and a unique AP name you should be fine. Might be worth letting you neighbours know there's an idiot about.

Artyom · Answer 4 · 2017-09-08T20:15:43.860

0

Use 802.11w, it is designed to be used at your case. See Preventing deauthentication attacks

edited Sep 08 '17 at 20:15

answered Sep 08 '17 at 20:05

Artyom

101
3

Caught Deauth attempt on wireless network last night. Suggestions on what to do from this point?

4 Answers4