Re: [WIRELESS-LAN] Aruba ARM 2.0
We have been using the 3.3.2.x code line for a while now. We have not enabled any of the advanced ARM 2.0 features yet. We are also experiencing some weird issues with Macs on the N APs. Every once in a while our MacBook Pros will throw up an alert that says Your Wireless LAN has been compromised and will be disabled for one minute. Is this the same thing you are seeing? Kade On 4 Dec 2008, at 8:45 AM, Brett Safford wrote: We're on 3.3.2.7. 3.3.2.8 apparently came out 3 days ago. We have yet to turn on the arm 2.0 features. We will likely have the features that are available ready for when the students come back after the break. We're in the middle of the apple 802.1x client issue fight and the 802.11n deployment fight. From what I know of the features: band steering: from what I have heard, this is boolean based. It does not do any sort of intelligent band steering to detect if a band is being over used on an access point and move clients appropriately. Spectral load balancing: Aruba support told me this feature is not currently included in the code base. -Brett Brett Safford Associate VoIP Network Engineer Brandeis University Work: 781-736-4607 / Cell: 617-417-6072 [EMAIL PROTECTED] On Dec 4, 2008, at 8:23 AM, Brian J David wrote: We where just wondering what other Aruba schools have upgraded to 3.3.2.X code and are using ARM 2.0? Have you tired the new features and if so how are they working for you? Bandwidth steering Spectrum load balancing Coordinated access Co-Channel Interference Mitigation Airtime fairness Performance protection Is there anything you would/not recommend doing? Brian J David Network Systems Engineer Boston College ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . Kade P. Cole - [EMAIL PROTECTED] - (618) 650-3377 Southern Illinois University Edwardsville Telecommunications - Network Engineer III ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Aruba ARM 2.0
What model Macbook Pro are you seeing this on? I am using an early 2008 model, Currently connected to an AP 125, on the N channel. I have not seen that sort of error message before. -Brett Brett Safford Associate VoIP Network Engineer Brandeis University Work: 781-736-4607 / Cell: 617-417-6072 [EMAIL PROTECTED] On Dec 4, 2008, at 10:43 AM, Kade Cole wrote: We have been using the 3.3.2.x code line for a while now. We have not enabled any of the advanced ARM 2.0 features yet. We are also experiencing some weird issues with Macs on the N APs. Every once in a while our MacBook Pros will throw up an alert that says Your Wireless LAN has been compromised and will be disabled for one minute. Is this the same thing you are seeing? Kade On 4 Dec 2008, at 8:45 AM, Brett Safford wrote: We're on 3.3.2.7. 3.3.2.8 apparently came out 3 days ago. We have yet to turn on the arm 2.0 features. We will likely have the features that are available ready for when the students come back after the break. We're in the middle of the apple 802.1x client issue fight and the 802.11n deployment fight. From what I know of the features: band steering: from what I have heard, this is boolean based. It does not do any sort of intelligent band steering to detect if a band is being over used on an access point and move clients appropriately. Spectral load balancing: Aruba support told me this feature is not currently included in the code base. -Brett Brett Safford Associate VoIP Network Engineer Brandeis University Work: 781-736-4607 / Cell: 617-417-6072 [EMAIL PROTECTED] On Dec 4, 2008, at 8:23 AM, Brian J David wrote: We where just wondering what other Aruba schools have upgraded to 3.3.2.X code and are using ARM 2.0? Have you tired the new features and if so how are they working for you? Bandwidth steering Spectrum load balancing Coordinated access Co-Channel Interference Mitigation Airtime fairness Performance protection Is there anything you would/not recommend doing? Brian J David Network Systems Engineer Boston College ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . Kade P. Cole - [EMAIL PROTECTED] - (618) 650-3377 Southern Illinois University Edwardsville Telecommunications - Network Engineer III ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Aruba ARM 2.0
I do know that it is standard (but concerning) practice to take the MIC timer from 60 seconds down to zero to overcome clients that trigger the countermeasure and thus cause what amounts to a DDOS- is sort of a damned if you do, damned if you don't situation. -Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Joshua Wright Sent: Thursday, December 04, 2008 11:33 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Aruba ARM 2.0 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kade Cole wrote: We have been using the 3.3.2.x code line for a while now. We have not enabled any of the advanced ARM 2.0 features yet. We are also experiencing some weird issues with Macs on the N APs. Every once in a while our MacBook Pros will throw up an alert that says Your Wireless LAN has been compromised and will be disabled for one minute. Is this the same thing you are seeing? I've seen this error a few times on TKIP networks, caused by a MIC failure calculation on received frames. I suspect this is a bug in the driver's MIC code, but I haven't been able to narrow it down further. When a client observes a MIC failure, it will send a MIC Failure Notification message to the AP (a critical component of the new TKIP attack, more at http://www.willhackforsushi.com/presentations/TKIP_Attack_Webcast_2008-1 1-17.pdf). The AP keeps track of these notices, and will shut down the network for 60 seconds if more than two are received within 60 seconds. On ArubaOS, check the system logs for entries like the following: Received TKIP Micheal MIC Failure Report from the Station [mac addr] [bssid] [apnames] This logging entry indicates the AP is indeed seeing MIC failures from clients, supporting this theory. If you aren't running TKIP, or have additional details you can share, I'd love to hear them. Thanks! - -Josh -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAkk4Bj0ACgkQapC4Te3oxYyn8gCfXOXWejQvF6ELjEg6WZvUnGem f6UAnjnekbjAaH35HDZq4AZpWdWJ7wkm =1WNt -END PGP SIGNATURE- ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Aruba ARM 2.0
Sounds like TKIP countermeasures kicking in. A man-in-the-middle attack was detected. Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | [EMAIL PROTECTED] -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Brett Safford Sent: Thu 12/4/2008 11:07 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Aruba ARM 2.0 What model Macbook Pro are you seeing this on? I am using an early 2008 model, Currently connected to an AP 125, on the N channel. I have not seen that sort of error message before. -Brett Brett Safford Associate VoIP Network Engineer Brandeis University Work: 781-736-4607 / Cell: 617-417-6072 [EMAIL PROTECTED] On Dec 4, 2008, at 10:43 AM, Kade Cole wrote: We have been using the 3.3.2.x code line for a while now. We have not enabled any of the advanced ARM 2.0 features yet. We are also experiencing some weird issues with Macs on the N APs. Every once in a while our MacBook Pros will throw up an alert that says Your Wireless LAN has been compromised and will be disabled for one minute. Is this the same thing you are seeing? Kade On 4 Dec 2008, at 8:45 AM, Brett Safford wrote: We're on 3.3.2.7. 3.3.2.8 apparently came out 3 days ago. We have yet to turn on the arm 2.0 features. We will likely have the features that are available ready for when the students come back after the break. We're in the middle of the apple 802.1x client issue fight and the 802.11n deployment fight. From what I know of the features: band steering: from what I have heard, this is boolean based. It does not do any sort of intelligent band steering to detect if a band is being over used on an access point and move clients appropriately. Spectral load balancing: Aruba support told me this feature is not currently included in the code base. -Brett Brett Safford Associate VoIP Network Engineer Brandeis University Work: 781-736-4607 / Cell: 617-417-6072 [EMAIL PROTECTED] On Dec 4, 2008, at 8:23 AM, Brian J David wrote: We where just wondering what other Aruba schools have upgraded to 3.3.2.X code and are using ARM 2.0? Have you tired the new features and if so how are they working for you? Bandwidth steering Spectrum load balancing Coordinated access Co-Channel Interference Mitigation Airtime fairness Performance protection Is there anything you would/not recommend doing? Brian J David Network Systems Engineer Boston College ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . Kade P. Cole - [EMAIL PROTECTED] - (618) 650-3377 Southern Illinois University Edwardsville Telecommunications - Network Engineer III ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Aruba ARM 2.0
Has anyone seen or know of how this client-based TKIP notification manifests on Cisco controllers? Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | [EMAIL PROTECTED] -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Joshua Wright Sent: Thu 12/4/2008 11:33 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Aruba ARM 2.0 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kade Cole wrote: We have been using the 3.3.2.x code line for a while now. We have not enabled any of the advanced ARM 2.0 features yet. We are also experiencing some weird issues with Macs on the N APs. Every once in a while our MacBook Pros will throw up an alert that says Your Wireless LAN has been compromised and will be disabled for one minute. Is this the same thing you are seeing? I've seen this error a few times on TKIP networks, caused by a MIC failure calculation on received frames. I suspect this is a bug in the driver's MIC code, but I haven't been able to narrow it down further. When a client observes a MIC failure, it will send a MIC Failure Notification message to the AP (a critical component of the new TKIP attack, more at http://www.willhackforsushi.com/presentations/TKIP_Attack_Webcast_2008-11-17.pdf ). The AP keeps track of these notices, and will shut down the network for 60 seconds if more than two are received within 60 seconds. On ArubaOS, check the system logs for entries like the following: Received TKIP Micheal MIC Failure Report from the Station [mac addr] [bssid] [apnames] This logging entry indicates the AP is indeed seeing MIC failures from clients, supporting this theory. If you aren't running TKIP, or have additional details you can share, I'd love to hear them. Thanks! - -Josh -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAkk4Bj0ACgkQapC4Te3oxYyn8gCfXOXWejQvF6ELjEg6WZvUnGem f6UAnjnekbjAaH35HDZq4AZpWdWJ7wkm =1WNt -END PGP SIGNATURE- ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Aruba ARM 2.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 After triggering countermeasures, WLC's will generate the following log entry: The AP '00:0b:85:67:6b:b0' received a WPA MIC error on protocol '1' from Station '00:13:02:8d:f6:41'. Counter measures have been activated and traffic has been suspended for 60 seconds. However, this is not terribly useful for detecting the TKIP attack, since the goal of the attack is to NOT trigger countermeasures. Other vendor logging notices and more details on Michael and other interesting TKIP stuff at the presentation URL below. - -Josh When a client observes a MIC failure, it will send a MIC Failure Notification message to the AP (a critical component of the new TKIP attack, more at http://www.willhackforsushi.com/presentations/TKIP_Attack_Webcast_2008-11-17.pdf ). The AP keeps track of these notices, and will shut down the network for 60 seconds if more than two are received within 60 seconds. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAkk4HQsACgkQapC4Te3oxYx+QwCePTss11LsUq+M3zAGU2cRqcPe 690An02dhiI9W1SOfscfndq42unbyJ3I =V/gp -END PGP SIGNATURE- ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Aruba ARM 2.0
And we have seen that dated NIC drivers and other conditions can also trigger MIC errors on occasion- adding unreliability and confusion to the process. Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Joshua Wright Sent: Thursday, December 04, 2008 1:10 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Aruba ARM 2.0 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 After triggering countermeasures, WLC's will generate the following log entry: The AP '00:0b:85:67:6b:b0' received a WPA MIC error on protocol '1' from Station '00:13:02:8d:f6:41'. Counter measures have been activated and traffic has been suspended for 60 seconds. However, this is not terribly useful for detecting the TKIP attack, since the goal of the attack is to NOT trigger countermeasures. Other vendor logging notices and more details on Michael and other interesting TKIP stuff at the presentation URL below. - -Josh When a client observes a MIC failure, it will send a MIC Failure Notification message to the AP (a critical component of the new TKIP attack, more at http://www.willhackforsushi.com/presentations/TKIP_Attack_Webcast_2008-1 1-17.pdf ). The AP keeps track of these notices, and will shut down the network for 60 seconds if more than two are received within 60 seconds. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAkk4HQsACgkQapC4Te3oxYx+QwCePTss11LsUq+M3zAGU2cRqcPe 690An02dhiI9W1SOfscfndq42unbyJ3I =V/gp -END PGP SIGNATURE- ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
