Anyone Has Experience With Protection Against DeAuth Attacks on Linksys WRT32X

I though DeAuth attacks was a non-issue almost a decade passing since Protected Management Frames of 802.11w.

Not so.

I deauthed some devices on my networks. Just 10 packets with aireplay-ng.

Samsung Galaxy S8: Gave "Authentication Error", would not connect to WIFI no matter what I did. Had to reboot.

Xiaomi Air Purifier 2S: Device locked, had to be restarted.

Sonoff S20: Would not connect to WIFI, had to be restarted.

Alienware 17 R4: No network until I disabled and re0enabled Killer NIC.

These are some grave outcomes. So I set out to get this working with WRT32X.

Removed wpad-mini, installed wpad-full. Added option on /etc/config/wireless and dropdown box was available on wireless security.

But no matter what I did, I could not get any positive outcome.

On REQUIRED option, only Samsung Galaxy S8 and Xiaomi Air Purifier connected. But a deauth attack took them off as before.

On OPTIONAL, it did not make much difference, some devices connected, some did not.

I am only trying to protect the laptop (netsh shows PMF supported)?

Does anyone have any experience with this? What do you do?

try 3.18 or even 3.10 kernel builds. a lot of code has been updated since and broken probably by the way. 3y ago i was able to setup MFP link between atheros devices that couldn't been compromised with aireplay-ng

2 Likes

Support for the WRT32x/ venom was added in May 2018, for kernel 4.14 - there is no (semi-reasonable) chance to downgrade it to kernel 3.18 or 3.10; even the WRT3200ACM wasn't supported before october 2016 and kernel 4.4.

IEEE 802.11w/ pmf is generally working fine on OpenWrt (full wpad), but there are still plenty of clients (and even kernel drivers) which aren't that clear cut and either don't support it at all or expose subtile issues with pmf enabled; the push for WPA3 (where pmf is mandatory) finally provides an incentive for vendors to test and fix 802.11w support.

--
(Disclaimer: I have only tested 802.11w with ath5k, ath9k and ath10k wlan cards on OpenWrt (AP) and general purpose linux (client))

1 Like

I need some solution not in future, but now. This 802.11w has been around almost a decade. Deauth attacks have nasty outcomes. I don't understand why no client is working properly -- not laptop, not phone. These are current items, including the router, not old models.

My cousin sufferred from this for a month. I had to wire a LAN cable to solve her problem. She loses mobilitiy and people are not willing to give that up.