-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 After triggering countermeasures, WLC's will generate the following log entry:
The AP '00:0b:85:67:6b:b0' received a WPA MIC error on protocol '1' from Station '00:13:02:8d:f6:41'. Counter measures have been activated and traffic has been suspended for 60 seconds. However, this is not terribly useful for detecting the TKIP attack, since the goal of the attack is to NOT trigger countermeasures. Other vendor logging notices and more details on Michael and other interesting TKIP stuff at the presentation URL below. - -Josh > When a client observes a MIC failure, it will send a MIC Failure > Notification message to the AP (a critical component of the new TKIP > attack, more at > http://www.willhackforsushi.com/presentations/TKIP_Attack_Webcast_2008-11-17.pdf > ). > The AP keeps track of these notices, and will shut down the network for > 60 seconds if more than two are received within 60 seconds. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAkk4HQsACgkQapC4Te3oxYx+QwCePTss11LsUq+M3zAGU2cRqcPe 690An02dhiI9W1SOfscfndq42unbyJ3I =V/gp -----END PGP SIGNATURE----- ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
