An attacker could flood wireless clients with which frames?

RTS/CTS frames are used to reserve the wireless medium and avoid collisions. When a sender uses RTS, or when a CTS reply is sent, the duration field in these frames tells nearby devices how long they must defer transmissions by setting their NAV (Network Allocation Vector). An attacker who spoofs RTS frames can trigger many devices to go quiet for extended periods, while spoofing CTS frames (or flooding the air with CTS replies) can also make devices perceive the channel as busy. Because both frame types carry this duration information that blocks legitimate traffic, flooding with either RTS or CTS frames can degrade or disrupt wireless communications. Using both kinds of frames maximizes the chance of forcing devices to defer, leading to a more effective denial-of-service.