Make a wireless network unresponsive
- Tested on Kali Nethunter
- Works for both IPv6 and IPv4
In IPv6, the ARP mechanism was ditched due to several reasons, one of them being lack of security.
Instead there is Neighbor/Router Discovery Protocol
, which will be exploited in this attack.
For more info about how IPV6 router discovery mechanism works
Dead router attack - this attack periodically sends a spoofed RA (router discovery) packet with the gateway's lladdr to the multicast address on the local link, which signals that the router is dead. This would prevent the hosts from forwarding traffic to the gateway. Furthermore, a scapy method is running on a separate thread in the background, sniffing traffic. It immediately invalidates all incoming RA packets from routers by sending spoofed ones that indicate the router is not operational (routerlifetime=0
).
ARP attack - continuously sends spoofed ARP packets (using scapy) to every host on the network, poisoning its ARP table.
The gateway is mapped to an incorrect MAC address and therefore the traffic never reaches its true destination, making the network unresponsive.
Furthermore, the gateway also receives an ARP packet from each host that contains a spoofed MAC address.
There's another way to make a perform a DoS attack on wireless networks, WITHOUT HAVING CREDENTIALS, and that is by sending de-auth packets.
I have a separate project for that here and it requires a network adapter that supports packet injection.
If no credentials are present and you insist on using Deadnet, it's possible to run a dictionary-attack using a wordlist in combination with another tool that cracks Wifi handshakes to gain credentials first.
An Android APP designed to run Deadnet directly on rooted devices using a simple GUI with a couple of buttons.
See the APK section for more.
Works on every OS.
The only difference would be in the output, which in LINUX OS would refresh the same line to log updates rather than printing new lines in other operating systems.
3rd party libraries can be installed by running the following command: pip3 install -r requirements.txt
as they are listed inside the requirements file:
scapy~=2.4.5
The network interface is a mandatory param and should always be passed, for example (eth0
is the most commonly used in kali):
./deadnet.py -i eth0
-
Setting cidr length The default cidr length is
24
since it is the one most commonly used, but can be set by defining the-m, --set-cidrlen
argument. -
Setting custom gateway In case something goes wrong and the gateway ip cannot be automatically set, a custom one can be set by defining the
-g, --set-gateway
argument.
As mentioned before, it is possible to spoof RA packets in case the network supports IPv6.
This attack is enabled automatically, and can be disabled by passing -6, --disable-ipv6
, for example:
./deadnet.py -i eth0 --disable-ipv6
- Setting preflen
The default (and most commonly used) IPv6 preflen is
64
, in order to set a different one passing-pl, --set-preflen
should do the trick.
- No buffer space available exception
If the following exception occurs:Errno 105 No Buffer Space Available
simply increase the buffer size by running this command ->sudo ifconfig <net_interface> txqueuelen 100000
wherenet_interface
is the network interface name.
This tool is only for testing and can only be used where strict consent has been given. Do not use it for illegal purposes! It is the end user’s responsibility to obey all applicable local, state and federal laws. I assume no liability and am not responsible for any misuse or damage caused by this tool and software.
Distributed under the GNU License.