Wi-Fi deauthentication attack

[1] An attacker can send a deauthentication frame at any time to a wireless access point, with a spoofed address for the victim.

The protocol does not require any encryption for this frame, even when the session was established with Wired Equivalent Privacy (WEP), WPA or WPA2 for data privacy, and the attacker only needs to know the victim's MAC address, which is available in the clear through wireless network sniffing.

[2][3] One of the main purposes of deauthentication used in the hacking community is to force clients to connect to an evil twin access point which then can be used to capture network packets transferred between the client and the access point.

[4] The Federal Communications Commission has fined hotels and other companies for launching deauthentication attacks on their own guests; the purpose being to drive them off their own personal hotspots and force them to pay for on-site Wi-Fi services.

[5][6][7][8][9] There are a number of software toolsets that can mount a Wi‑Fi deauthentication attack, including: Aircrack-ng suite, MDK3, Void11, Scapy, and Zulu.