Deauthing the Neighbors, or Ring Theory

by Snocore (shirewark80@gmail.com

Do you ever get sick of neighbors blasting Wi-Fi on every channel?  Mine have range extenders and boosters on their patios, and their signal in my house was stronger than what I got from my own router.  I decided to do something about the congestion, with a zoned defense strategy using Distributed Antenna System (DAS) rings.

I realized most of the free space path loss from my Wi-Fi router is because of the concrete and metal between the walls in my house.  Since extenders don't work due to those obstructions, I put a four-way coaxial splitter/combiner between my router's antenna port and the coaxial cables going to each room, then put antennas on the cable outlets themselves.  The signal loss during impedance conversion from 50 to 75 ohms seems negligible, since my upstairs bedroom RSSI went from an unusable -80 dBm on 5.8 GHz to about -35 dBm, which is more than enough for streaming HD shows to my Roku.  Now I could dial down the output power on my own router by about half, and keep the coverage range from leaking outside, like a good neighbor.  So far, so good.

Then I remembered the neighbors were each sending one watt or more of radiated power my way, and got creative.  The trees in my yard are close to the property lines and thick enough to conceal four high-gain Yagi Wi-Fi antennas with 80 degree beam widths that fully covered each neighbor's house.  For three of them, I ran LMR-600 cable from each tree to my basement, and for the other, I borrowed the RG-11 drop from the cableco's tap into my basement to avoid digging around power lines.  Putting another Wi-Fi splitter/combiner between these cable runs and an Alfa USB adapter, I fired up Scapy and Wifijammer on my laptop and ran the command:
# python wifijammer.py -d
And with that, my outer DAS ring began channel-hopping to send death frames to every Wi-Fi client within hundreds of feet of my house.  Between my own router's hidden SSID and the Yagis' directional beamwidths, my inner DAS ring is immune to the deauths, and without the WLAN channel contention from the neighbors, my home Wi-Fi doesn't suffer from Clear Channel Assessment (CCA) transmit delays or high packet retries anymore.  When feeling generous, I can dial down the Tx-Power settings of the Alfa card in Kali so that only the worst offenders get deauthed.  Plus, I can use Wifijammer's -S switch with a specific MAC address to allow users to join my honeypot SSID for ARP poisoning with LANs.py on Kali.

Links

github.com/DanMcInerney/LANs.py  Automatically find the most active WLAN users then spy on one of them and/or inject arbitrary HTML/JS into pages they visit.

github.com/DanMcInerney/wifijammer  Continuously jam all Wi-Fi clients and access points within range.

Scapy  Packet crafting for Python2 and Python3.

Return to $2600 Index