Someone is constantly sending deauth packets to me.... =(
-
The only real defense is to use Ethernet, turn off the WiFi. Or Use WPA2 encryption, and make sure that you are using a strong network key.– MoabCommented Nov 29, 2010 at 23:09
-
Nope, WPA2-PSK, like WPA-PSK, is still susceptible to deauth attacks.– ephemientCommented Nov 30, 2010 at 0:06
-
lol, using ethernet isn't a solution to a wireless problem =p– NullVoxPopuliCommented Nov 30, 2010 at 2:31
-
Is there a way to maybe ignore de-auth packets? I know sometimes they are legit... BUt I'm not clear on when.... maybe if there was a way to detect when they were from the router... or something... not ... that... that also couldn't be forged... bah... =(– NullVoxPopuliCommented Nov 30, 2010 at 2:32
2 Answers
If you use WPA(2)-EAP (extensible authentication protocol, sometimes called "enterprise") instead of WPA(2)-PSK (pre-shared key, sometimes called "personal"), you can make sure that your wireless is not snooped and that deauth packets will not open avenues of attack. EAP-TLS allows the client to authenticate the AP and vice versa, and each client can have its own secret key.
It's called Management Frame Protection, or MFP. Defined in ieee 802.11w, 2009. Not everything supports it yet, and Cisco has their own version.
-
1Would it be possible to hyperlink to an explanation of the Cisco version?– EverettCommented Dec 6, 2012 at 6:05