Zigbee is an IEEE 802.15.4-based specification for low-power wireless mesh networks. Being a protocol with several known vulnerabilities, it continues to attract extensive research interest due to its potential applications in the Internet-of-Things (IoT). One of Zigbee's weak points lies in the network coordinator's initial handshake with a joining device, which is unencrypted. Our paper proposes a denial-of-service attack which exploits this fact to convince an end device to send its data to a rogue device on a different channel rather than the actual coordinator. Because the resource limitations of Zigbee devices generally preclude permanent storage, this is likely to result in loss of the transmitted data. We successfully demonstrate our attack and propose a solution that uses challenge-response based authentication to mitigate the attack.