Nov 10, 2011

[Tutorial] Wireless Havoc With MDK3!! (IV)

This is the fourth post of "wireless havoc with MDK3" series. If you havent already read the first three posts then please go here(i), here(ii) and here(iii).

This probably is going to be the last post in the MDK3 series... or maybe I will post about other options too, maybe the "g" (WPA downgrade test), which is also equally useful and fun to try.

This post will describe about "a", Authentication DoS mode.

First, what is DoS? It stand for Denial of Service. If DoS attack is performed on certain target or whole network, all the network traffics of the client/clients will be stopped..that means it Denies The Service.
Maybe you have heard of DoS or DDoS attacks on servers,websites etc. A good DoS/DDoS attack will crash or freeze the server in no time.

**DDoS= Distributed Denial of Service, which is carried out in team of large numbers in many computers at once targetting either one or more servers at a single time.

Back To The Topic:

This "a", Authentication DoS mode is based on the principle that too many clients authentication will either freeze,crash or reset the AP. Even if it doesnt crash,reset or freeze the AP, it surely DoSes It.... No Data In Or Out.

Simple Principle With Disastrous Result.

Lets check the options available for "a" attack.

Ok, not much is there, and only -a option is enough for us. no need of -m, -c, -i or -s.

The Command is just:

mdk3 mon0 -a F4:EC:38:F1:65:72

Just see what this little shit does... :D

see?? it has already connected 3000 clients to the target AP.... It surely crashes or at least freezes the AP if left for about 5-10 minutes.. but it depends upon APs too.. some come back to function immediately.... if it comes back to function.. mdk3 will again start to attack it. At least it will be DoS'd.

Note: The MAC address of the connected clients are automatically generated by mdk3 itself, only the MAC of AP is to be provided.

So, what do you say of the mdk3 and mdk3 series in this blog? please comment, your comments are always welcomed, positive as well as negative. But if its too much negative then it will be moderated. :)


  1. that little shit is freaking dangerous i must say

  2. Yeah.. it really is.. and guess what is the size of the program itself? the download file is no more than 208 kb!!

  3. One quick question for new users. Where to save whitelist? In which folder?



  4. Save it anywhere you want.... just point to that folder while giving -w or -b option,

    eg: if the file is located in the root folder then
    ..... -w /root/file.txt... or ....-b /root/file.txt....

  5. How do I know, whether it really is getting hit? I entered unexisting mac adresses. I didnt get any sort of confermation.

    1. To check whether it is really getting a hit or not, start airodump-ng in another tab, you will see tons of clients connected to your target ap.

      About entering an unexisting mac address, i dont know what to reply as it keeps on connecting to that non-existent AP too. But believe me, even if it cannot crash the AP, it "DoS"es it for sure.

  6. Hello Deathknight
    Can the signal of the MDK3 attack be traced?

    1. If you are using beacon flood mode, then yes it can be traced by people. as it is same like our wifi-routers, singal strenght decreases as distance increases.... so people can follow the path where the signal is strong and trace up to you

  7. This means, this "mdk3 mon0 a -a F4:EC:38:F1:65:72" cannot be traced? Can "mdk3 mon0 d" this be traced? (Sorry, I am a super
    If a particular AP (with all its clients) is to be kept "out of order", what are the pro and cons of: mdk3 mon0 d vs mdk3 mon0 a (with its parameters of whitelist/-a xx:xx.....:xx)

    Another thing, when using this attack (mdk3 mon0 a -a F4:EC:38:F1:65:72), my alfa card keeps hanging itself up, after a particular period (usually between 1 hour and 6 hours)of time.
    The only thing I can do is, unplug my alfa and plug back.
    Without unplugging it wont work (this wont work: airmon-ng start wlan0 -> mdk3....).

    1. Yes, AFAIK 'a' and 'd' both cannot be traced easily. Most of the people will think it is some kind of their own internal problems.

      Wow, seems like you really are liking this software.
      "mdk3 a" will DoS the AP. Even if the clients are connected they cant browser or anything, including ourselves (as I have experienced)...
      "mdk3 d" will select the clients to deauthenticate from the list which is its pros as we can stay connected and browse without any tensions (except user shutting/rebooting/reconfiguring his AP.. :D)

      I also experience my alfa card hanging time to time when I use mdk3 with high packet transmission rate. try '-s 'option with less packet (300-500), or try experimenting. In default its unlimited.

  8. Im new to this and I have to say your blog is great. will try to play around with my bestfriend's AP.. dont worry as we prank each other a lot. I would just like to confuse him for a day or 2 :) LOL