What does this indication mean?
Queisser, Andrew (VfB Stuttgart '07!!)
andrew.queisser at hp.com
Fri Jun 1 14:00:11 EDT 2007
> From: hostap-bounces+andrew.queisser=hp.com at shmoo.com
> [mailto:hostap-bounces+andrew.queisser=hp.com at shmoo.com] On
> Behalf Of Jouni Malinen
> Sent: Thursday, May 31, 2007 7:22 PM
> To: hostap at shmoo.com
> Subject: Re: What does this indication mean?
> On Thu, May 31, 2007 at 07:23:02PM -0000, Queisser, Andrew
> (VfB Stuttgart '07!!) wrote:
> > In my Michael tests I'm coming across the following message from
> > hostapd running in WPA-PSK mode:
> > Wireless event: cmd=0x8c02 len=81
> > Custom wireless event: 'MLME-MICHAELMICFAILURE.indication
> > (keyid=9 unicast addr=00:0f:20:94:54:b9)'
> > MLME-MICHAELMICFAILURE.indication for not
> > associated STA (00:0f:20:94:54:b9) ignored
> > I also sometimes get MLME-REPLAYFAILURE from the same MAC addr.
> > Can someone explain why a non-associated station would tell hostapd
> > that there's been a MIC failure?
> This message is not from a remote host; it is from the local
> driver. In other words, the driver is reporting that it
> received a frame with invalid Michael MIC (or replay). This
> particular Michael MIC failure report looks invalid, though,
> not only because of the address being from a non-associate
> STA, but also because of the key index 9 being claimed for a
> unicast frame while unicast is only using key index 0. In
> other words, this looks more like a driver bug of some sort.
> Jouni Malinen PGP
> id EFC895FA
thanks for the info. I found out that the MAC address of the "not
is actually the MAC addr of the (madwifi) interface hostapd is running
I think I'm doing something wrong with the setup. After hostapd is up
I bring up ath0 with a static IP and then I run a DHCP server on that
the idea being that wireless clients get their IP addresses from the
The fact I'm getting MIC failure indications is a good sign since I am
trying to produce them so my failure injection setup is working. Now I
get hostapd to fire the countermeasures instead of ignoring the
More information about the HostAP