Deauth clients on afk or sleeping

i need to know how to do

to deauth or disconnect all clients conected to wifi

while low wifi use or afk

to prevent some security risks

I'm not sure that deauthing devices will improve security if they've already been successfully auth'd to the network. Can you describe what security threat you are trying to avoid?

I don't know of anything you could just enable.

If writing your a script is an option for you: ubus call hostapd.wlan1-2 get_clients returns every associated client to "wlan1-2". Just walk over every AP you have, compare airtime with rate, decide and call something like ubus call hostapd.wlan1-2 del_client. Use google to check on how to actually use that del_client command, you will need to pass the MAC address along you want to deauth.

But before doing anything:

  • Are you sure sending deauth does what you want it to do?
    • What about clients that reconnect instantly? I bet there are quite a view that do.
    • What about clients that don't reconnect at all? Are you going to force users to reconnect manually? Are your users aware of what's happening?
    • Have you considered scenarios where not much traffic is going on but dropping an existing connection might ruin hours of work? I quite regularly send some SQL queries via IDE before going to lunch, let them think and expect to have the calculation result when coming back. I would be somewhat annoyed to find out you killed my TCP connection by dropping my wifi.
      What I want to say: Not having much network traffic is no indication of a wifi connection being used or unused.
  • I'm with psherman here, you might want to reconsider or at least explain to us your threat scenario. I, too, don't think that will give you a huge benefit.

im trying to cut an attack vector

which is while eveyone sleeps, leaves their phones connected to wifi leaving an open door to hackers, bots, to party in your phone while sleeping, and also save data so


is there any possible way to do it?

sounds awesome, but it happened to me i was hacked while i was sleeping, the only user is me, but sometimes i get too tired i forget to disable wifi in my phone...

what i see is that hackers take advantage of online time, and where i live is high censorship and surveillance and hackers also

so that is it

If we use the example of phones, they typically do updates and backups when on wifi at night (when not otherwise being used). This would mean that low wifi utilizatoin may not be a useful metric because the phones are doing things even when the users are not. Now, if you actually interrupt the wifi connection, you'll end up with devices that don't have the latest updates applied, which means you put your devies and network at greater risk.

Also worth noting... if your devices are compromised, the hackers are not waiting for you to go to sleep... the events and activities that are of interest here may be happening throughout the day, but you may only have noticed a particular situation when you woke up. More than likely, the securiry vulnerabilities that would be exploited would be the result of your daytime activities and/or not keeping up with the latest security updates.


yes that is an attack vector, i have seen it and is common , everything is automated now

i always try to keep up updates is the only thing keep us safe

If this is the case, there are two really easy solutions:

  1. Turn off wifi on your devices.
  2. Turn off the wifi SSID. You can actually schedule this so it's automatic every day.

oh but i tought it was other solution like disconnect clients on low ack

i had other openwrt router and i do not know how but everytime o got to sleep , the next day i woke up always disconected

This can be done in general (although I don't know the details for how to implement it), but it can cause other problems and is not a desirable solution in most cases.

Was this something that was happening intentionally or accidentally/problematically?

accidentally, see in wireless advanced feature there is a checkbox saying " disconnect clients on low ack" i tought that was doing what i needed, now with this router i see it is not for that, i guesd

low ack is generally when the device is at the limit of the physical range of your wifi coverage or when a client device has put the radio into a very low power mode and is rarely sending acks... it does not directly indicate anything about the amount of wifi activity -- a device can send acks even when the wifi activity is low (except if the radio is in low power mode).


thank god this answer i googled it and found nothing i will uncheck those boxes to see what happens, thank you

1 Like

You realize that your plan basically rewards the attacker for continuing the attack (~= keep the ether busy, talking to command&control), while you penalize all genuine mobile devices that just want to save battery and keep the wlan on standby, but sleeping (forcing them to use more battery to reassoc, at higher latencies, maybe even switching to LTE/ 5g at higher cost)?


This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.