linksys WRT54GX2 replay counter bug?
Jouni Malinen
jkmaline at cc.hut.fi
Thu Sep 7 00:57:57 EDT 2006
On Tue, Sep 05, 2006 at 09:39:37AM -0700, Chuck T. wrote:
> Have you had a chance to look at my log and do you agree it's a Linksys bug?
> I'm suprised something this glaring has been around for so long
> particularly when their other APs don't have the problem. Perhaps they
> farmed out the firmware for this AP to a different company than they used
> for their other APs. Who knows...
I already replied to your message with an additional capture log
privately, but here's the same text to the mailing list in case someone
else is following this thread:
But this looks correct except that 2/4 should be 3/4 (i.e., it is the
message 3 from AP that is being retransmitted). However, that AP is just
plain broken. Replay counter must be incremented for each EAPOL-Key
frame within the association, including retransmissions at this level
(IEEE 802.11 MPDU re-transmissions are not modified, but those would be
dropped at lower layer). Based on the the frame timestamps, these
EAPOL-Key frames (msg 3/4) were retransmitted once a second, i.e., most
likely at the authenticator state machine. However, the replay counter
was not incremented.
wpa_supplicant drops, as required by IEEE Std 802.11i-2004, these frames
as replay attacks. The same replay counter must not be re-used within
the same association. In addition, the standard actually specifies that
this replay counter is initialized to zero on association while the AP
is clearly not doing this, but using a random (I would assume) value.
This itself should not really cause issues, but it just looks like
whoever implemented that authenticator did not really follow the
standard very closely.
--
Jouni Malinen PGP id EFC895FA
More information about the HostAP
mailing list