Community discussions

MikroTik App
 
User avatar
Tubeorange667
just joined
Topic Author
Posts: 15
Joined: Sat Jul 11, 2020 3:47 pm
Location: Kochi, Kerala

My hAP ac 2.4 Ghz wifi network is getting Deauth Attacks.

Sun Jul 17, 2022 7:34 am

Recently my devices connected to 2.4 GHZ network of my hAP ac ( on version 6.49.6) device is getting constantly disconnected and am seeing many clone networks of my 2.4 ghz channel. I suspect its a Deauth Attack from somewhere around my neighborhood. My friend who is living near to my apartment is also getting the same issues. we both have no issues with our 5Ghz network. we have now switched off our 2,4 ghz network for the time being but a lot of our iot devices can't connect to 5Ghz band so they are useless for now. How can I prevent Deauth Attack on my network? How can I find the attacker?
Thanks in advance.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2984
Joined: Mon Apr 08, 2019 1:16 am

Re: My hAP ac 2.4 Ghz wifi network is getting Deauth Attacks.

Sun Jul 17, 2022 11:25 am

device is getting constantly disconnected and am seeing many clone networks of my 2.4 ghz channel. I suspect its a Deauth Attack from somewhere around my neighborhood.
Looks like someone is trying to get into your network.

Deauth attack is to force clients to reconnect (and collecting connection information while this happens)
Clone networks ... trying to get you as client to connect to their network by using the same name. Again collecting authentication information.
If they would succeed to guess the PSK, they would use your internet connection as uplink, connect you as client and do a lot of man-in-the-middle attacks on your traffic.


My suggestion: use at least PWA2/AES-CCM security. Disable PWA and disable TKIP.
Set management protection "required" and set Management Protection Key
Change the 2.4 SSID , and set it hidden. Being hidden does not prevent you from connecting, if you know (type in) the SSID.

Use the MT scan function, to find the other APs.
Use some "wifi analyzer" e.g. on Android smartphone to collect information on the other APs.
"Network Cell Info Lite" is another analyzer on Android.
Use "inSIDDer" on Windows PC to collect beacons from all AP around, and analyse with Wireshark.
Use MT built in "Wireless Sniffer" to collect all beacons, and analyse with Wireshark

Some brands do have an option to attack a Rogue AP on your network. (e.g. Fortinet). You could be the target of such action.

Counter attack ? Well your MT lets you create 200+ SSID on one radio that lead nowhere. You have 200+ words to send to your neighbor. :-). That would consume all airtime for that channel.
But just one visible SSID (e.g. with the current name) could already trick the attacker in aiming at this fake SSID.
The fake SSID have different security from your real hidden SSID, for sure. Maybe simple password, lower security like WEP, "none" security, whatever .. to keep them busy or happy.
 
User avatar
Tubeorange667
just joined
Topic Author
Posts: 15
Joined: Sat Jul 11, 2020 3:47 pm
Location: Kochi, Kerala

Re: My hAP ac 2.4 Ghz wifi network is getting Deauth Attacks.

Sun Jul 17, 2022 11:54 am

device is getting constantly disconnected and am seeing many clone networks of my 2.4 ghz channel. I suspect its a Deauth Attack from somewhere around my neighborhood.

Set management protection "required" and set Management Protection Key
With this option enabled none of the devices are able to connect to the network.
( I have enabled access list with mac id of all my devices.)
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2984
Joined: Mon Apr 08, 2019 1:16 am

Re: My hAP ac 2.4 Ghz wifi network is getting Deauth Attacks.

Sun Jul 17, 2022 12:16 pm

Hidden SSID is a (very) weak protection. They will connect through the BSSID (MAC).
So the "honeypot" should be very seductive.

Scan in some neighborhood ... extensively using "hidden SSID" as protection.
Klembord-2.jpg
You do not have the required permissions to view the files attached to this post.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2984
Joined: Mon Apr 08, 2019 1:16 am

Re: My hAP ac 2.4 Ghz wifi network is getting Deauth Attacks.

Sun Jul 17, 2022 12:21 pm

With this option enabled none of the devices are able to connect to the network.
Expected this somehow. Device must be able to set management password.
 
User avatar
Tubeorange667
just joined
Topic Author
Posts: 15
Joined: Sat Jul 11, 2020 3:47 pm
Location: Kochi, Kerala

Re: My hAP ac 2.4 Ghz wifi network is getting Deauth Attacks.

Sun Jul 17, 2022 3:12 pm

Some brands do have an option to attack a Rogue AP on your network. (e.g. Fortinet). You could be the target of such action.
The deauth attack doesn't affect all the devices connected to 2.4 GHz at the same time. It's more like a targeted one, so I guess it's a cheap device which doesn't have the cpu power to initiate the attack on all devices. If it was Fortinet type of device it have enough cpu power to attack all the devices at the same time. This is some kid playing with much cheaper device.

Who is online

Users browsing this forum: akakua, morphema and 25 guests