[c-nsp] WiSM "WPA MIC error" shuts the *entire* AP down?
Phil Mayers
p.mayers at imperial.ac.uk
Thu Sep 2 10:05:12 EDT 2010
On 02/09/10 14:16, Nick Hilliard wrote:
> On 02/09/2010 13:59, Phil Mayers wrote:
>> I've since done a bit more reading, and apparently this behaviour
>> (shutting down the radio) is mandated by WPA1 and the solution is to
>> move to WPA2. It seems bizarre - shut down the entire radio - but there
>> we go.
>
> It's hobson's choice, isn't it:
>
> a. keep the service up, pretty much guaranteeing that your network will be
> compromised
If invalid MICs are only generated by malicious clients then it might be
an appropriate response, but they're not - as some time spent on google
will show, there are buggy clients/hardware that leak a trickle of
invalid MICs, but are not malicious.
In magic pixie land "fix the clients" is probably the solution, but out
here in the real world... ;o)
>
> b. take the service down, but ensure that the network is not compromised
If, as is claimed, WPA1 is the problem, I don't understand why there isn't:
c. disable all WPA1 clients for 60 seconds
...which would at least attempt to maintain some level of service.
Shutting down the entire radio interface for 60 seconds seems like a
sledgehammer to crack a nut - and a very, very easy DoS to boot.
Bah. Wireless sucks...
More information about the cisco-nsp
mailing list