wpa_supplicant TKIP countermeasures

Jouni Malinen j
Sun Nov 18 03:16:40 PST 2012

On Fri, Nov 16, 2012 at 12:11:53PM -0500, Jonathan Bagg wrote:
> Question about TKIP countermeasures in wpa_supplicant....After three 
> "Event MICHAEL_MIC_FAILURE (2) received" I see wpa_supplicant say "TKIP 
> countermeasures started", and then disconnects, but never reconnects 
> after 60 seconds (5.2.17 step #8 in Wi-Fi CERTIFIED n System 
> Interoperability Test Plan) Running wpa_supplicant v1.0

This works fine in my tests.. When wpa_supplicant initiated TKIP
countermeasures, it disconnected, added the BSSID of the AP into
blacklist, and started scanning. After 60 seconds, TKIP countermeasures
were stopped and the next scan was allowed to clear the blacklist. At
this point, connection went through with the same AP.

> Is wpa_supplicant supposed to handle the reconnect or is it up to the 
> user / higher level software?

Yes, wpa_supplicant is supposed to find another AP (if available and
enabled in configuration) or connect back to the same AP after 60

Which driver are you using? How do you configure ap_scan parameter in
wpa_supplicant? Could you please send wpa_supplicant debug log with
timestamps (-dt on command line) from a case where there was no

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list