Quote Originally Posted by ternarybit View Post
thanks for the input. I did mention disabling WPS is the obvious solution in my OP, I was just curious if there was anything else available to a defender, assuming their router cannot disable WPS (which is the case with a surprising number, sadly).
IDK if kismet supports running a command when it detects a WPS bruteforce attack, but if it does, it should be easy to make it run airdrop-ng against the attacker's MAC address, or even running a script that connects through telnet/ssh to the AP and adds the attacker's MAC address to the disallowed MAC addresses list.