Just keep in mind that an attacker still needs to be strategically positioned (physically) to pull this off, and there are no known cases yet of it happening. Not to say it won’t/can’t but it’s easy to get sucked in to the panic if just going off of headlines.
Lee Badman | Network Architect Certified Wireless Network Expert (#200) Information Technology Services 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 f 315.443.4325 e [email protected]<mailto:[email protected]> w its.syr.edu SYRACUSE UNIVERSITY syr.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Norton, Thomas (Network Operations) Sent: Monday, October 16, 2017 8:41 AM To: [email protected] Subject: Re: [WIRELESS-LAN] Big flaw in WPA2 So basically those are work around as in the interim, so don’t use 802.11r, mesh, or clarify engine. Fun stuff! Lee said it Best, let the panic begin lol T.J. Norton Wireless Network Architect Network Operations (434) 592-6552<tel:(434)%20592-6552> [http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg] Liberty University | Training Champions for Christ since 1971 On Oct 16, 2017, at 8:30 AM, McClintic, Thomas <[email protected]<mailto:[email protected]>> wrote: This seems contradicting… Workarounds =========== All vulnerabilities described in this advisory may be mitigated by disabling certain features: - For ArubaOS, ensure that 802.11r is disabled by verifying that any configured SSID profile does not contain a "dot11r-profile". From the command line, "show wlan dot11r-profile" will list any 802.11r profiles that have been configured. If the reference count is 0, 802.11r is not enabled. - For InstantOS, ensure that 802.11r is not enabled in any configured WLAN. - Disabling 802.11r on the AP infrastructure will effectively mitigate client-side 802.11r vulnerabilities. It will not, however, mitigate client-side 4-way handshake vulnerabilities. - Clarity Engine is a beta feature enabled only in special builds of software. Customers who are participating in this beta should not use Clarity Engine until a software update has been completed. - Mesh mode for both ArubaOS and InstantOS is vulnerable. Until this vulnerability is patched, mesh networks should be disabled. - Wi-Fi uplink mode for InstantOS is vulnerable. Until this vulnerability is patched, the Wi-Fi uplink feature should not be used. TJ McClintic From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Lee H Badman Sent: Monday, October 16, 2017 7:10 AM To: [email protected]<mailto:[email protected]> Subject: Re: [WIRELESS-LAN] Big flaw in WPA2 Let the panic begin. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Turner, Ryan H Sent: Monday, October 16, 2017 7:51 AM To: [email protected]<mailto:[email protected]> Subject: [WIRELESS-LAN] Big flaw in WPA2 https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__arstechnica.com_information-2Dtechnology_2017_10_severe-2Dflaw-2Din-2Dwpa2-2Dprotocol-2Dleaves-2Dwi-2Dfi-2Dtraffic-2Dopen-2Dto-2Deavesdropping_%26d%3DDwMGaQ%26c%3D6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ%26r%3DrYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4%26m%3D8MuvlPZjzllurTQKouFgNet-ZD2O7K-olxOq3qK0xUg%26s%3D3RHUpF3R323_-8qPyPNO8nzN6DTJnsWpjrrc2drGdik%26e%3D&data=02%7C01%7Ctnorton7%40liberty.edu%7C869a9c0856a44d85dba708d51491af20%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C636437538292695507&sdata=vFmnvcmEgoYO99NInPZ%2Bm01TJAk7lrNIbtXsiuwn4s8%3D&reserved=0> Ryan Turner Manager of Network Operations, ITS The University of North Carolina at Chapel Hill +1 919 274 7926 Mobile +1 919 445 0113 Office ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-3A__www.educause.edu_discuss%26d%3DDwMGaQ%26c%3D6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ%26r%3DrYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4%26m%3D8MuvlPZjzllurTQKouFgNet-ZD2O7K-olxOq3qK0xUg%26s%3Du7tywOb4fRH-R2MnZdavSd_MS_SZjDcOQ8aapflnJac%26e%3D&data=02%7C01%7Ctnorton7%40liberty.edu%7C869a9c0856a44d85dba708d51491af20%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C636437538292695507&sdata=9WCAN59ro8L8KbfpfVooH9TtWtGImEKOadEMRqgRMAA%3D&reserved=0>. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-3A__www.educause.edu_discuss%26d%3DDwMGaQ%26c%3D6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ%26r%3DrYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4%26m%3D8MuvlPZjzllurTQKouFgNet-ZD2O7K-olxOq3qK0xUg%26s%3Du7tywOb4fRH-R2MnZdavSd_MS_SZjDcOQ8aapflnJac%26e%3D&data=02%7C01%7Ctnorton7%40liberty.edu%7C869a9c0856a44d85dba708d51491af20%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C636437538292695507&sdata=9WCAN59ro8L8KbfpfVooH9TtWtGImEKOadEMRqgRMAA%3D&reserved=0>. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2Fdiscuss&data=02%7C01%7Ctnorton7%40liberty.edu%7C869a9c0856a44d85dba708d51491af20%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C636437538292695507&sdata=rwdZdKp%2FT6z8fluhOoedMibG9oJNYUw0B%2BYSreRVig4%3D&reserved=0>. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
