This can be protected from with the IEEE 802.11w, also called Management Frame Protection (MFP), which provides authentication for Wi-Fi management frames, including those related to deauthentication and disassociation. When protected management frames are supported and enabled by both sides, the attack will not work because it will fail to authenticate as legitimate and will be ignored.
According to the above-linked Wikipedia page, the frames that are protected by 802.11w are:
- Disassociation and deauthentication
- Radio measurement action for infrastructure BSS (802.11k frames)
- QoS action frame (802.11e frames)
- Future 11v management frames (802.11v frames)
The frames which are not protected due to infeasibility are:
- Beacon and probe request/response
- Announcement traffic indication message (ATIM)
- Authentication
- Association request/response
- Spectrum management action
Unfortunately, lots of hardware does not support 802.11w, and lots of software does not take advantage of it even when it is supported, so its utility may be limited and you will not often encounter it as an obstacle to deauth attacks. Note that this does not and cannot protect against a radio jamming denial of service attack where the entire spectrum is saturated with noise. However, such arbitrary jamming is far less stealthy and cannot be used for targeted attacks, rendering it a much less likely source of DoS.
As mentioned in the comments, IEEE 802.11w is not perfect, and other denial of service techniques exist. A paper called A Formal Analysis of IEEE 802.11w Deadlock Vulnerabilities shows how deadlocks can be exploited to selectively deny service to any associated clients. The paper concludes by demonstrating the inadequacy of current methods for validating specs like 802.11w and recommends formal methods.
