Protection from deauthentication attack

I always compile my routers 3700v4 lede firmware from source once in 1 or 2 months. I incluede many packages including everything needed for 802.11w. It does work i asume because in /etc/config/wireless i have it enabled. This is my wireless config

config wifi-device 'radio0'
	option type 'mac80211'
	option hwmode '11g'
	option path 'platform/ar934x_wmac'
	option frag '2346'
	option rts '2347'
	list supported_rates '12000 18000 24000 36000 48000 54000 300000'
	list basic_rate '12000 24000 54000'
	list ht_capab 'SHORT-GI-40'
	list ht_capab 'TX-STBC'
	list ht_capab 'RX-STBC1'
	list ht_capab 'DSSS_CCK-40'
	option mcast_rate '6000'
	option noscan '1'
	option beacon_int '1000'
	option bursting '1'
	option ff '1'
	option compression '1'
	option max_inactivity '100000'
	option htmode 'HT40'
	option distance '1350'
	option txpower '30'
	option channel '11'
	option country 'BO'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option mode 'ap'
	option ssid 'my_ssid'
	option key 'my_password'
	option wpa_disable_eapol_key_retries '1'
	option ieee80211w '1'
	option ieee80211w_max_timeout '500'
	option ieee80211w_retry_timeout '200'
	option disassoc_low_ack '0'
	option dtim_period '255'
	option encryption 'psk2+ccmp'
	option network 'lan'

It does not protect me from deauthentication attack. I have ESP8266 amazing device. I use it to test my network and it succesfully deauthenticates each and every client using my wifi. How can i protect against this kind of attack?

I believe not only the router but also the client must support this. Or am I wrong?

1 Like

But i read that 802.11w is supported by linux kernel. I use arch linux i have kernel which was released exactly 3 days ago

Check what happens when you enable "option ieee80211w '2'", to actually enforce it - you will probably see that either your client doesn't enable 802.11w or doesn't support it on the driver level.

You were write. When i set 802.11w to requered my laptop and phone could not connect to wifi.
I had tested this some time ago and client which i tested with did not deauthenticate and i thought i was protected. But now i tested againg hoping it would not work but it worked :smiley: