2

This is an old 802.11w issue that has been documented and it's a very big issue as clients can be selectively attacked and enter a deadlock, where only disabling and re-enabling wifi solves the issue (in fact I'm currently experiencing these attacks from an unknown source).

So my question is if there's a way to solve this problem or if there's a new standard that already fixed it.

I currently have an ASUS RT-AC68U (stock firmware) with PMF set as required.

Motheus
  • 121
  • 1
  • Does this answer your question? [Preventing deauthentication attacks](https://security.stackexchange.com/questions/20219/preventing-deauthentication-attacks) – Esa Jokinen Jul 22 '20 at 06:43
  • That's related to deauthentication attacks and how/why 802.11w helps. My question is about a 802.11w deadlock problem, where enabling PMF leaves you vulnerable to an even worse issue, as when attacked, the client needs to be manually re-set to restore connection. – Motheus Jul 22 '20 at 06:47
  • 1
    I have done research in the past on 802.11w. How do you know specifically that it is a deadlock attack against 802.11w, and perhaps not just a bug in the access point? May be time to sniff some wireless frames. IIRC, wpa-supplicant and maybe hostapd may implement the optional deadlock recovery protocol, but I don't know what client you are using. – multithr3at3d Jul 22 '20 at 13:23
  • Every time this happens the router logs a "deauthentication from non associated station" at least 50 times, then another strange event, then the device can't access internet. I will be logging the packets as soon as I can to post them here – Motheus Jul 22 '20 at 16:56
  • I forgot to clarify that the device can't access the internet but don't get disassociated from the AP. – Motheus Jul 22 '20 at 17:04

0 Answers0