Yes, a state of the art router is protected against stupid de-authentication attacks.
https://arubanetworking.hpe.com/techdocs...tures/pmf/
Old school tools that do not take care about this will fail, because their transmitted stupid de-authentication frames are ignored by router and client.
But attacking such state of the art targets (MFP activated, WPA2/WPA3 transition mode) is possible.
For my adapter tests I use state of the art routers (MFP activated, WPA2/WPA3 transition mode activated). It only takes a few seconds to retrieve the data hashcat can work on:
https://github.com/ZerBea/hcxdumptool/discussions/361
If a downgrade attack was successful, you will get a WPA2 EAPOL M2 (AP-LESS) from the client and hashcat can work on it:
https://wpa-sec.stanev.org/?search=00234ae8ef8e
A successful attack is highly dependent on:
- the Linux kernel and the supplied drivers with full monitor mode and full packet injection support (https://www.kernel.org/)
- the WiFi adapter (not all of them are working as expected)
- the tools to perform such an attack
In other words:
If you run an outdated Linux kernel (with outdated drivers) which is not longer part of this list https://www.kernel.org/ and a WiFi adapter which is known to have problems with full monitor mode and full packet injection (e.g. Intel chipset) and an attack tool that stupid injects de-authentication frames you will fail epically.
Unfortunately you didn't mention this:
- the version of your Linux kernel
- the type of your WiFi adapter
- the tool and the exact command line you have used
https://arubanetworking.hpe.com/techdocs...tures/pmf/
Old school tools that do not take care about this will fail, because their transmitted stupid de-authentication frames are ignored by router and client.
But attacking such state of the art targets (MFP activated, WPA2/WPA3 transition mode) is possible.
For my adapter tests I use state of the art routers (MFP activated, WPA2/WPA3 transition mode activated). It only takes a few seconds to retrieve the data hashcat can work on:
https://github.com/ZerBea/hcxdumptool/discussions/361
If a downgrade attack was successful, you will get a WPA2 EAPOL M2 (AP-LESS) from the client and hashcat can work on it:
https://wpa-sec.stanev.org/?search=00234ae8ef8e
A successful attack is highly dependent on:
- the Linux kernel and the supplied drivers with full monitor mode and full packet injection support (https://www.kernel.org/)
- the WiFi adapter (not all of them are working as expected)
- the tools to perform such an attack
In other words:
If you run an outdated Linux kernel (with outdated drivers) which is not longer part of this list https://www.kernel.org/ and a WiFi adapter which is known to have problems with full monitor mode and full packet injection (e.g. Intel chipset) and an attack tool that stupid injects de-authentication frames you will fail epically.
Unfortunately you didn't mention this:
- the version of your Linux kernel
- the type of your WiFi adapter
- the tool and the exact command line you have used