Detecting a Pixie Dust attack? How much of a trace does it leave behind?

Question

I've recently been delving more into Wifi security and am starting with Pixie Dust, I've learned about it, mostly how it works (with the pins, being able to crack two halves of the pins and whatnot, not much in-depth, but enough to understand it and know what's going on).

I read on a Quora thread that it's loud (obviously since it's a variation of a brute force in essence to my knowledge except it's using previously gained knowledge to assist in the cracking), but I can't find any information on how to actually detect them or what it looks like when you do.

Does it leave it in the normal logs? Do you need a passive or active scanner running to detect it? Does it leave just a MAC address or more or less?

I'm pretty much oblivious to the Blue Team side of things and all searches about it seem to just pull up guides on how to do it rather than how it works more in-depth or how it's detected, what it looks like, or what trace(s) it leaves.

Thought some people here may be able to help me out, all help is appreciated!

Answer 1

I reached out to SoxRox (an assistant developer of PixieWPS) and this is what he told me:

"It’s different for every case, but for the average case, most routers don’t have enough storage to keep massive logs, and they’re generally disabled by default.

The only way they could know is if they see WPS is locked in the GUI or if they were passively listening as you did it

They could get your MAC address, likely an RSSI, but that’s about it

And it’s not likely that people passively monitor 24/7

If they’re next to their router, they may also see the wps light flashing "

Thanks so much to everyone and especially https://www.reddit.com/u/realHoffman for letting me know who to reach out to :D

P.S we talked for some more after that, PIN association and any WPS attack follows the same logic as he stated above as it is all the WPS framework.