Secure from wifi deathentication packets

Installing and Using OpenWrt
1

Hi all. I recompiled latest version of OpenWRT (so glad to calll this system this name :slight_smile: ) and i have configured my wifi to be secure from wifi deauth attack.

here is my /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option hwmode '11g'
	option path 'platform/ar934x_wmac'
	option frag '2346'
	option rts '2347'
	list supported_rates '12000 18000 24000 36000 48000 54000 300000'
	list basic_rate '12000 24000 54000'
	list ht_capab 'SHORT-GI-40'
	list ht_capab 'TX-STBC'
	list ht_capab 'RX-STBC1'
	list ht_capab 'DSSS_CCK-40'
	option mcast_rate '6000'
	option noscan '1'
	option beacon_int '1000'
	option bursting '1'
	option ff '1'
	option compression '1'
	option max_inactivity '100000'
	option htmode 'HT40'
	option distance '1350'
	option txpower '30'
	option channel '11'
	option country 'BO'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option mode 'ap'
	option ssid 'wifi_name'
	option key ''
	option wpa_disable_eapol_key_retries '1'
	option ieee80211w '1'
	option ieee80211w_max_timeout '500'
	option ieee80211w_retry_timeout '200'
	option disassoc_low_ack '0'
	option dtim_period '255'
	option encryption 'psk2+ccmp'
	option network 'lan'

config wifi-device 'radio1'
	option type 'mac80211'
	option hwmode '11a'
	option path 'pci0000:00/0000:00:00.0'
	option country 'US'
	option txpower '22'
	option channel '52'
	option htmode 'HT40'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option mode 'ap'
	option ssid 'wifi_name'
	option key ''
	option wpa_disable_eapol_key_retries '1'
	option encryption 'psk-mixed+ccmp'
	option ieee80211w '1'
	option ieee80211w_max_timeout '500'
	option ieee80211w_retry_timeout '200'
	option disabled '1'
	option network 'lan'

I have got nodemcu v2

so i tried to attack my own wifi with wifi_deauth and it worked! I thought 802.11w was to keep me safe from this kind of attack but my laptop got disconected as soon as i started an attack.

2

from https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf

# ieee80211w: Whether management frame protection (MFP) is enabled
# 0 = disabled (default)
# 1 = optional
# 2 = required
#ieee80211w=0

client has to support/use it actively