I am wondering about detecting an in-progress de-auth attack (these now seem to be BAU) and being able to alert / escalate about it, on a network where I can't achieve full 802.11w.
One idea I have is a honey-pot wifi client that looks just like a Ring camera and gets upset when it gets de-authed.
But presumably the router would see the same de-auth packets and we could have some cyber alerting from there ?
unfortunately that is just some weak kind of defence. there is no way to defence wpa2/wpa3, agains radio attack, and in our device the big hole is the BSSID.
i'm thinking this from long time now. i think the only way to fix this is dynamic BSSID.
yes I am wondering if just detecting the presence of a bad actor is a good starting place
I haven't read or experimented much with 802.11w yet but thought I might acquire one of these off the shelf attack devices so I can assess it (or seems I can just download some code from github)
agree and it will take a long time to solve in the standards - wondering if we should have some kind of panic from the router that can then be connected e.g. to homeassistant APIs at which point at least we can be aware of it and reduce false positives
I think I can get close to this with e.g. with scripted ping but its not very elegant and might generate some false positives