TL;DR
Yes, brute force and dictionary attacks on WiFi can be detected, but it requires monitoring your network for unusual activity like repeated failed login attempts, disconnections, and changes in connected clients. Tools like Wireshark, intrusion detection systems (IDS), and your router’s logs are key.
Detecting WiFi Brute Force Attacks
- Understand the Attacks:
- Brute Force Attack: Tries every possible password combination. Slow, but effective against weak passwords.
- Dictionary Attack: Uses a list of common passwords (a ‘dictionary’). Faster than brute force.
- Most routers keep logs of connection attempts, including failed ones.
- Look for patterns of repeated failures from the same IP address or MAC address.
- Accessing these logs varies by router manufacturer (check your router’s manual). Often found under ‘Security’, ‘Administration’, or ‘Logs’.
- Download and install Wireshark.
- Start capturing traffic on your WiFi network interface.
- Filter for 802.11 authentication packets (e.g., using the filter
wlan.auth). - Look for a high volume of deauthentication or association/reassociation attempts, which can indicate an attack.
wlan.auth
- Popular options include Snort and Suricata. They require some technical setup.
- They can be configured to alert you when they detect suspicious patterns, like a large number of failed authentication attempts within a short period.
- Frequent disconnections from your WiFi network can be a sign that someone is trying to crack the password.
- This is especially true if it happens to multiple devices at once.
- Regularly check the list of connected clients on your router.
- Look for unfamiliar MAC addresses or IP addresses.
arp -a(This command shows a list of devices currently connected to your network, but doesn’t always show all WiFi clients.)