And we have seen that dated NIC drivers and other conditions can also trigger MIC errors on occasion- adding unreliability and confusion to the process.
Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Joshua Wright Sent: Thursday, December 04, 2008 1:10 PM To: [email protected] Subject: Re: [WIRELESS-LAN] Aruba ARM 2.0 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 After triggering countermeasures, WLC's will generate the following log entry: The AP '00:0b:85:67:6b:b0' received a WPA MIC error on protocol '1' from Station '00:13:02:8d:f6:41'. Counter measures have been activated and traffic has been suspended for 60 seconds. However, this is not terribly useful for detecting the TKIP attack, since the goal of the attack is to NOT trigger countermeasures. Other vendor logging notices and more details on Michael and other interesting TKIP stuff at the presentation URL below. - -Josh > When a client observes a MIC failure, it will send a MIC Failure > Notification message to the AP (a critical component of the new TKIP > attack, more at > http://www.willhackforsushi.com/presentations/TKIP_Attack_Webcast_2008-1 1-17.pdf > ). > The AP keeps track of these notices, and will shut down the network for > 60 seconds if more than two are received within 60 seconds. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAkk4HQsACgkQapC4Te3oxYx+QwCePTss11LsUq+M3zAGU2cRqcPe 690An02dhiI9W1SOfscfndq42unbyJ3I =V/gp -----END PGP SIGNATURE----- ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
