Has anyone seen or know of how this client-based TKIP notification manifests on Cisco controllers?
Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | [EMAIL PROTECTED] -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Joshua Wright Sent: Thu 12/4/2008 11:33 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Aruba ARM 2.0 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kade Cole wrote: > We have been using the 3.3.2.x code line for a while now. We have not > enabled any of the advanced ARM 2.0 features yet. We are also > experiencing some weird issues with Macs on the N APs. Every once in a > while our MacBook Pros will throw up an alert that says "Your Wireless > LAN has been compromised and will be disabled for one minute." Is this > the same thing you are seeing? I've seen this error a few times on TKIP networks, caused by a MIC failure calculation on received frames. I suspect this is a bug in the driver's MIC code, but I haven't been able to narrow it down further. When a client observes a MIC failure, it will send a MIC Failure Notification message to the AP (a critical component of the new TKIP attack, more at http://www.willhackforsushi.com/presentations/TKIP_Attack_Webcast_2008-11-17.pdf ). The AP keeps track of these notices, and will shut down the network for 60 seconds if more than two are received within 60 seconds. On ArubaOS, check the system logs for entries like the following: Received TKIP Micheal MIC Failure Report from the Station [mac addr] [bssid] [apnames] This logging entry indicates the AP is indeed seeing MIC failures from clients, supporting this theory. If you aren't running TKIP, or have additional details you can share, I'd love to hear them. Thanks! - -Josh -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAkk4Bj0ACgkQapC4Te3oxYyn8gCfXOXWejQvF6ELjEg6WZvUnGem f6UAnjnekbjAaH35HDZq4AZpWdWJ7wkm =1WNt -----END PGP SIGNATURE----- ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
