MIC failure question

Bartosz.Markowski at tieto.com Bartosz.Markowski
Fri Apr 22 02:52:21 PDT 2011


Thanks for quick answer. One more question. I do not understand how blocking all connections should be done.
In wpa_supplicant_pick_network(), if there's no valid AP in the list, it still tries to clear blacklisted APs and try to associate anyway.

wpa_supplicant: wlan0: No APs found - clear blacklist and try again
wpa_supplicant: Removed BSSID 00:1e:be:8e:3d:40 from blacklist (clear)

Other thing is that when I hit the MIC failure twice within 60s and TKIP countermeasures starts + wpa_supplicant_deauthenticate called

I get 'wpa_supplicant: Added BSSID 00:00:00:00:00:00 into blacklist'
Is this correct behaviour or MAC is being overwritten (errased) to quickly?


-----Original Message-----
From: hostap-bounces at lists.shmoo.com [mailto:hostap-bounces at lists.shmoo.com] On Behalf Of Jouni Malinen
Sent: 22 kwietnia 2011 10:57
To: hostap at lists.shmoo.com
Subject: Re: MIC failure question

On Fri, Apr 22, 2011 at 10:54:40AM +0300, Bartosz.Markowski at tieto.com wrote:
> In current implementaiton of wpa_supplicant_event_michael_mic_failure() function there's TODO comment.
> /* TODO: mark the AP rejected for 60 second. STA is
>  * allowed to associate with another AP.. */
> Is there a reason that this not been implemented - some blocking issues?

No one seems to have been interested enough in optimizing this to allow other APs to be used and blocking all connections is simpler. It is not like TKIP countermeasures are supposed to be showing up frequently, so it does not look like there is much benefit from using time on making this any more complex. And if this were to be triggered more frequently, time would likely be better spent on trying to fix whatever is causing the Michael MIC failures anyway.

Jouni Malinen                                            PGP id EFC895FA
HostAP mailing list
HostAP at lists.shmoo.com

More information about the Hostap mailing list