-
-
Notifications
You must be signed in to change notification settings - Fork 1k
Association Sleep Attack
In an association sleep attack, an attacker forges an Association Request frame that has the power-management “sleep” bit set and uses the victim’s MAC address. Because the frame is unauthenticated, a 802.11w-protected AP should reject it, yet, thinking the client is asleep, it buffers the follow-up SA-Query “are-you-alive?” messages instead of sending them. When the SA-Query timer expires the AP assumes the client is gone and tears down the protected session, silently kicking the real user off the network. In this way a single spoofed, plaintext frame bypasses Management Frame Protection and performs a denial-of-service against the victim. More information on how the attack functions can be found here.
If you chose the full coverage attack, all stations associated with APs marked as selected will be attacked. If you choose "targeted", only stations marked as selected will be attacked, regardless of which APs are marked as selected.
attack -t sleep [-c]
| Argument | Required/Optional | Description |
|---|---|---|
-c |
Optional | Only attack stations marked as selected |
- Home
- About
- FAQ
- Marauder Versions
- Troubleshooting
-
Getting Started
- Arduino IDE Setup
- DIY Platforms
- Installing Firmware
- Update Firmware
- Hardware
- Status Bar
-
Commandline
- Headless Mode
-
Commands
- attack
- btspamall
- btwardrive
- channel
- clearlist
- evilportal
- gpsdata
- help
- info
- join
- karma
- led
- list
- load
- packetcount
- pingscan
- reboot
- save
- scanap
- scansta
- select
- settings
- sigmon
- sniffbt
- sniffraw
- sniffbeacon
- sniffdeauth
- sniffesp
- sniffpmkid
- sniffpwn
- sourapple
- spoofat
- ssid
- stopscan
- samsungblespam
- swiftpair
- update
- wardrive
- Workflow Examples
- Marauder Settings
- Applications
- Thanks
- Countdown Page
- How to make biscuits and sausage gravy