Thanks everyone for the responses. Chris Wandell Binghamton University
On Sat, Oct 23, 2010 at 3:11 PM, Lee H Badman <[email protected]> wrote: > Agreeing with John- set the timer to zero and don't look back. The headache > of the countermeasures are not worth trying to keep them in play. > > Lee Badman > ________________________________________ > From: The EDUCAUSE Wireless Issues Constituent Group Listserv [ > [email protected]] On Behalf Of Jonn Martell [ > [email protected]] > Sent: Friday, October 22, 2010 5:16 PM > To: [email protected] > Subject: Re: [WIRELESS-LAN] WCS Error > > Hi Chris, > > MIC (message integrity check) was really a "patch" for TKIP to prevent > replay attacks. I happened to be in the IEEE TGI working group when > this feature was heavily discussed. Many felt that the > countermeasures were more harmful than beneficial. I still remember > the notion passing after the argument was made that "TKIP will be > short lived and this will be a non-issue". This is another reason to > move from TKIP (WPA) to AES (WPA2). > > My understanding is that the countermeasures impact any new connection > for 60 seconds. So effectively one trigger creates a DOS for all new > users! > > I would consider reducing or turning off the countermeasure. On WLC > (4.1 or greater) > > config wlan security tkip hold-down <X> <wlan id>. > > Where X is the number of seconds to deny access to your WLAN on a MIC > trigger. Use 0 to disable MIC. > > Jonn Martell, Director of Technical Operations, FDU Vancouver > > On Fri, Oct 22, 2010 at 1:26 PM, Chris Wandell <[email protected]> > wrote: > > Hello All, > > > > We have been seeing a lot of MIC errors on WCS this semester, "The AP > > 'xxxxxx' received a WPA MIC error on protocol '0' from Station > > 'xx.xx.xx.xx.xx.xx'. Counter measures have been activated and traffic has > > been suspended for 60 seconds". > > What I have read is that this may be a problem with the mac addresses for > > the IPAD, as well as out of date device drivers for other wireless card > > vendors. I have also found you can turn the reporting of these errors > off, > > but am a little wary of that. > > Has anyone run into this and what would be the downside to disabling > this? > > The upside I would think would be that the ap wouldn't be suspending > traffic > > for 60 seconds at a clip when this error occurs. > > > > Thanks for any input > > > > Chris Wandell > > Binghamton University > > > > > > ********** Participation and subscription information for this EDUCAUSE > > Constituent Group discussion list can be found at > > http://www.educause.edu/groups/. > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > > ________________________________ > > No virus found in this message. > Checked by AVG - www.avg.com<http://www.avg.com> > Version: 10.0.1144 / Virus Database: 422/3212 - Release Date: 10/22/10 > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
