Aleksander Trofimowicz wrote: > On 08/03/07, Larry Finger <[EMAIL PROTECTED]> wrote: >> >> Can you run kismet with the ar5212 and send me the .dump file with the >> faulty buffer length? Please >> send it to me alone, as the entire mailing list doesn't need to >> receive the entire file. >> > Today I inspected packets in greater detail and found what's really > going on. dhclient fails to do its work right just after it tries to > request an ip address from a previous lease and a dhcp server refuse > to do so. In such circumstances dhclient-script restarts a network > device, which in case of my wifi card results in losing association > with bss (look at the last three DHCPDISCOVER packets), and then tries > to follow the standard four-phase dhcp procedure. > > In the meantime, both iwconfig and the kernel ring buffer still > suggest that the card is associated with ap. > > I think this vulnerability can be tested on your equipment too. > > A dump file contains three scenerios: > 1. DHCPDISCOVER->DHCPOFFER->DHCPREQUEST->DHCPACK (works, dhclient > without the list of old leases) > 2. DHCPREQUEST->DHCPACK (works, dhclient with the list of old leases > and no one has its ip addr on local net) > 3.DHCPREQUEST->DHCPNACK -> 1. (doesn't work, dhclient with the list of > old leases, but some one has its ip addr on local net already) > > Is this a well known issue?
The reason you are having trouble is that your AP has a NULL SSID. I'm not sure the bcm43xx-softmac combination will work. I know it does not if the ESSID is hidden. Please set the SSID to something that is non-NULL and I'll take another look at your data if it still doesn't work. Larry _______________________________________________ Bcm43xx-dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/bcm43xx-dev
