madwifi talking to intel 2011b - fixed, badly?

Brad Langhorst brad at langhorst.com
Fri Aug 18 09:06:10 EDT 2006


Stefan Rompf wrote:
> Am Donnerstag, 17. August 2006 06:23 schrieb Brad Langhorst:
> 
>>                              /*&& bss->wpa_ie_len == 0 &&
>> bss->rsn_ie_len == 0 *$                            &&
>>
>> Why does wpa_ie_len have to be 0 if we just tried WPA mode and it didn't
>> work and key_mgmt=NONE ?
> 
> Strange. I'm aware of APs that send a wpa/rsn_ie but accept both WPA and WEP 
> associations for one SSID. This is some kind of migration mode to allow 
> moving a network with a huge number of clients from WEP to WPA. However, if 
> privacy is disabled this looks like a bug in the AP. Can you capture some 
> beacons in monitor mode?
> 

I won't be able to acquire that info until next time I'm there...
at least until the end of August.

If it turns out that this AP is sending out crap (wep is not even enable 
there - I don't know why it would be advertising a transition mode)
Is my workaround reasonable?  Is there some attack that we're vulnerable 
to if we try to associate to a wpa network in non encrypted mode?  Or 
might the user think they have encrypted traffic when they don't?

I don't think so because you'd have to explicitly specify key_mgmt=NONE 
for association to take place.

Thanks for your response!

Brad



More information about the HostAP mailing list