Abstract - Previous research work has already documented vulnerabilities of LoRaWAN 1.0.x, in the form of Replay Attacks which may cause disconnection situations. To face (also) these concerns, modern network servers implement careful techniques to handle sequence numbers (frame counters) in the presence of unexpected/out-of-sequence messages. In this paper we show that, despite such patches, the problem of dis- connection attacks is still widely open. We document a number of new replay-type attacks which target ABP (Activation By Personalization) devices, namely devices which are deployed with an hard-coded set of session keys, and which may cause a range of disconnection situations, including extremely long term ones - the worst case being in the order of 232 message transmissions (hundreds/thousands years considering ordinary IoT rates). We demonstrate the feasibility of the proposed attacks by analyzing its impact on three different LoRaWAN network server implementations (two well known open-source network servers, and a proprietary network server co-developed by us), and by experimentally demonstrate their practicality on two of said network servers (ours and ChirpStack). Finally, we discuss trade-offs and mitigation actions, though we remark that these attacks appear intrinsic in the LoRaWAN 1.0.x specification, and can be ultimately fixed only by migrating to LoRaWAN 1.1.