The invention relates to a novel method for proofing 802.11
wireless deauthentication frame flood DoS, and provides a queuing model based on a 802.11
wireless client. The queuing model includes a TCP / IP upper-layer module, an MMS-MDS module, an STA_Air_TX module, and an STA_Air_RX module. The TCP / IP upper-layer module of the
wireless client sends TCP data frames to an MDS
queue to successively wait for the
processing of the MMS-MDS module; when the wireless
client prepares to send the data frames for communication, the MMS-MDS module processes the TCP data frames and then forwards the TCP data frames to a TX
queue, the STA_Air_TX module sends the TCP data frames to an access point AP; a
Rogue Access Point (RAP) sends a deauthentication frame to the wireless client at a speed rate of
lambda2, the STA_Air_TX module receives, verifies the deauthentication frame, and determines whether the deauthentication frame should be forwarded to an MMS
queue or be directly and immediately abandoned; the STA_Air_TX module receives TCP-ACK and forwards the TCP-ACK to an MDS queue; and the MMS-MDS module completes the
verification of the deauthentication frame within the time of S2. The method can prevent a
Wireless Local Area Network (WLAN) from deauthentication DoS under low-
attack and high-
attack speed rates.