Deauth Flood
The network is still right there — but something keeps knocking you off it.
What it is
A deauthentication attack — a “deauth flood” — is an attacker repeatedly kicking your device off the WiFi it’s connected to. WiFi management frames like deauth were never authenticated, so a nearby attacker can forge them and tell your device, over and over, “you’ve been disconnected.”
The network is still right there — but something keeps knocking you off it.
How attackers do it
The attacker sends a stream of forged deauth or disassociation frames spoofed to look like they came from your access point. Your device believes them and drops the connection, then tries to reconnect — and gets knocked off again.
Denial of service is rarely the real goal. A deauth flood is usually the setup for something worse: knock you off your real network so your device reconnects to an evil twin broadcasting the same name, or so it falls back to a network the attacker controls.
How we detect it
Windows can’t put a consumer WiFi card into monitor mode, so we can’t read the deauth frames off the air directly. Instead WifiThreatWatch detects the symptom: it watches your connection and counts connected → disconnected transitions.
Several disconnects in a short window — while your real access point is still beaconing at strong signal — is not how normal roaming or a weak signal behaves. That pattern is raised as a suspected deauth attack. Disconnects the app causes itself (its own network-reset identity cycles) are suppressed so it never blames itself.
How we stop it
No software on a normal WiFi card can stop the radio frames of a jammer — so we’re honest about that. What we can do is tell you what’s happening instead of leaving you to wonder why your WiFi “keeps dropping,” and warn you the moment it looks deliberate.
Because a deauth flood is so often the opening move for an evil twin, the alert is your cue to be suspicious of any network offering to reconnect you — and, on a subscription, to bring your traffic up inside the encrypted tunnel before you trust the connection again.
ARP Spoofing
An attacker on your network impersonates your router to silently intercept everything you send.
Read more →Evil Twin
A fake access point broadcasts your network’s name to lure your device onto attacker-controlled hardware.
Read more →Rogue Device
A device you never authorized quietly joins your network and gains a foothold on your LAN.
Read more →