Michael MIC Failure Report with CCMP?

Helmut Schaa helmut.schaa
Sun Aug 28 23:51:46 PDT 2011


On Fri, Aug 26, 2011 at 5:45 PM, Jouni Malinen <j at w1.fi> wrote:
> On Fri, Aug 26, 2011 at 05:27:21PM +0200, Helmut Schaa wrote:
>> I've got a client connected to hostapd that is sending a Michael MIC
>> Failure Report to
>> a RSN-only AP after the group key handshake:
>
> What do you mean with "RSN-only"?

Urgs, sorry, I meant CCMP-only of course :)

>> hostapd: wlan0: IEEE 802.11 TKIP countermeasures initiated
>>
>> I don't have access to this client but is it really necessary to start
>> TKIP countermeasures
>> when running in RSN-only mode (which will deauth all associated clients)?

s/RSN/CCMP

> If the station was using TKIP, then any station that is using TKIP
> (e.g., as group cipher) needs to be deauthenticated and forced to rekey.
> If the BSS does not enable any use of TKIP, it would sound reasonable to
> ignore the error reporting part and only rekey the single station that
> was incorrectly sending the Request+Error EAPOL-Key frame.

That's what I meant indeed, I'll queue up a patch for that.

Thanks,
Helmut



More information about the Hostap mailing list