Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term Deauthentication Attack

Training Camp • Cybersecurity Glossary

What is Deauthentication Attack?

A Wi-Fi attack that spoofs 802.11 deauth frames to forcibly disconnect clients, enabling DoS, evil-twin, and WPA handshake capture.

Glossary > Threats, Malware & Attacks > Deauthentication Attack

Deauthentication Attack — A Wi-Fi attack that spoofs 802.11 deauth frames to forcibly disconnect clients

Understanding Deauthentication Attack

A deauthentication attack is a wireless denial-of-service technique in which an attacker sends spoofed 802.11 deauthentication frames to force clients off a Wi-Fi network. Because these management frames are unauthenticated in legacy 802.11, a device can forge them using the access point's or client's MAC address, repeatedly knocking targets offline without ever joining the network.

The attack exploits the design of 802.11 management frames, which historically carried no integrity protection. Using tools such as aircrack-ng's aireplay-ng or mdk4, an attacker captures the BSSID of the target AP and the client MAC, then transmits a stream of deauth frames. The client, believing the AP requested disconnection, drops its association and must re-authenticate, only to be deauthenticated again. The attacker needs no credentials and only a wireless adapter in monitor mode.

This matters because deauthentication is both a disruption and a stepping stone. As a DoS, it severs connectivity to access points, cameras, or industrial wireless. More dangerously, it is the setup for credential and traffic theft: forcing a client to reconnect lets an attacker capture the WPA/WPA2 four-way handshake for offline password cracking, or drive victims onto an evil-twin rogue AP for man-in-the-middle interception. Without protection, any open or WPA2-PSK network is exposed.

The defense is Management Frame Protection (802.11w/PMF), which cryptographically protects deauth and disassociation frames and is mandatory in WPA3. For example, in a coffee-shop attack, an adversary deauthenticates a victim from the legitimate AP, the victim's device automatically reconnects to the attacker's identically named evil-twin AP, and the attacker intercepts the session. A network enforcing WPA3 with PMF would reject the forged deauth frames, neutralizing the attack.

Learn More About Deauthentication Attack:

Ready to Get Certified?

Deauthentication Attack is one of the topics you'll master in the Security+ Boot Camp.

Security+ Boot Camp →