Michael Countermeasures tracing
ars at itconnection.ru
Fri Nov 18 08:56:46 EST 2005
> I see a few different possibilities where you would be experiencing
> Michael errors:
> 1. An adversary is maliciously injecting malformed frames to DoS your
> network by triggering Michael countermeasures. This isn't likely, as
> the attacker has to overcome the rules of sequence enforcement and
> maintaining the integrity of the ICV in order to make this happen.
Furthermore, there is noone in RF but domestic MSes, checked this many
times already, logged kismet... Noone!
> 2. Faulty AP implementation - if your AP isn't following the correct
> order of steps to decrypt and verify the contents of an MSDU (e.g. they
> are checking the Michael hash before they check the ICV), then a corrupt
> frame could cause this condition.
The same revision/firmware APs are working great at another site - so I
don't think this is up to D-Link. Seems more like it's a client.
> 3. Faulty client implementation - If your client has a software flaw, it
> is possible that they aren't recording the Michael hash properly, or are
> not calculating the Michael hash over the correct fields. I'd imagine
> this is the most likely case here - what client software and card are
> you using for your station?
5 x Intel PRO Wireless 2200BG
1 x Ambit Microsystems 11b/g Wireless Network Adapter
As to the Intel, what I just found out is that they released a shiny new
software in beginning of Novemer - so I'd rather re-install ALL drivers,
ALL WLAN tools to the very-very-very latest ones and check the site again.
issue 1658027 Intel® PROSet/Wireless software fails to correctly
authenticate in a 802.1x environment after many roams
issue 1619573 WPA2-TKIP, WEP and WPA-AES,WEP encryption failure
w/WPA2-AES+TKIP+WEP access point
This is something not very specific to my case, but they seem to have
problems with WPA, anyway.
> Thanks for sharing these details.
Thank you for taking time to clear my TKIP understanding.
I'll send a report about this issue, because this countermeasures thing
were somewhat outstanding for me. I hope that was simply buggy Intel.
e-mail: ars at itconnection.ru
phone: +7 812 320-9850
More information about the HostAP