Unencrypted Beacons on Initialisation

Jonny Milliken thinkingmansopium
Thu Mar 22 07:52:20 PDT 2012


Hey,

Cheers for the suggestion. The reason we are using 0.6.6 is because it is
the most recent version compiled for OpenWRT. There is a more recent
version number (0.6.9) but it was not the most recently updated. Also it
exhibits the same problem.

We couldnt get the very latest hostapd (v0.7.3) to compile for mips. The
patch mentioned does appear to address the problem we are seeing but the
diff'd files are not the same. We have manually cludged the seemingly
appropriate functions in beacon.c, hostapd.h and wps_hostapd.c in 0.6.6 but
the changes didnt seem to stop the leaked beacons.

Any other suggestions or have we just hit an impasse?

J

On 20 March 2012 20:41, Jouni Malinen <j at w1.fi> wrote:

> On Tue, Mar 20, 2012 at 02:40:39PM +0000, Jonny Milliken wrote:
> > Having a problem with hostapd-mini (v 0.6.6) in OpenWRT Kamikaze 0.8.2.
> We
> > have set up a few APs with WPA encryption and have an IDS (Kismet)
> > monitoring for attacks. Kismet is reporting CRYPTODROP false positives
> > because when wifi restarts (via "wifi" terminal command) a few beacons
> are
> > transmitted advertising the AP as unencrypted before hostapd fully
> engages
> > and changes the beacons to advertise it as WPA encrypted. We have
> confirmed
> > this is the case with Wireshark. We have managed to root cause the false
> > positive to being caused by the line:
>
> > Does anyone know of any way to ensure that hostapd does not leak these
> few
> > unencrypted beacons when it is initialised?
>
> Upgrading to a newer hostapd version could help:
>
>
> http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=bc45d4279f01e3c224f78d93b6fd781dab928dde
>
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20120322/2ab28577/attachment.htm 



More information about the Hostap mailing list