MIC Failure - Counter measure
1 posts by 1 authors in: Forums > CWSP - Enterprise Wi-Fi Security
Last Post: June 1, 2007:
Last Post: June 1, 2007:
-
vinay_techie4u Escribi?3:
I have a doubt regarding the MIC failure .On detection of MIC failure all traffic and associations will break with the AP for the next 60 secs.
but if you have AP working on both A and B radio and MIC failure is detected on radio A then should a client move to Radio B and continue transmission ?
or
AP should not allow the client to associate on other radio too.
I think the answer is that it's implementation dependent. The IEEE 802.11i amendment section 8.3.2.4 indicates:
The rate of MIC failures must be kept below two per minute. This implies that STAs and APs detecting
two MIC failure events within 60 s must disable all receptions using TKIP for a period of 60 s.
The slowdown makes it difficult for an attacker to make a large number of forgery attempts in a
short time.
Being pedantic, an AP is defined as:
3.2 access point (AP):
Any entity that has station functionality and provides access to the distribution services,
via the wireless medium (WM) for associated stations.
In no place does the 802.11i specification associate an AP with a BSS, so how a vendor should implement countermeasures is really up to the engineer doing the implementation. Some vendors may consider a single BSS as an AP, while others may think any number of physical or virtual interfaces on the same box represents an AP.[/quote]
Page 1 of 1
- 1