What does this indication mean?

Queisser, Andrew (VfB Stuttgart '07!!) andrew.queisser at hp.com
Fri Jun 1 14:00:11 EDT 2007


> From: hostap-bounces+andrew.queisser=hp.com at shmoo.com 
> [mailto:hostap-bounces+andrew.queisser=hp.com at shmoo.com] On 
> Behalf Of Jouni Malinen
> Sent: Thursday, May 31, 2007 7:22 PM
> To: hostap at shmoo.com
> Subject: Re: What does this indication mean?
> 
> On Thu, May 31, 2007 at 07:23:02PM -0000, Queisser, Andrew 
> (VfB Stuttgart '07!!) wrote:
> 
> > In my Michael tests I'm coming across the following message from 
> > hostapd running in WPA-PSK mode:
> > 
> >   Wireless event: cmd=0x8c02 len=81
> >   Custom wireless event: 'MLME-MICHAELMICFAILURE.indication
> >      (keyid=9 unicast addr=00:0f:20:94:54:b9)'
> >   MLME-MICHAELMICFAILURE.indication for not 
> >       associated STA (00:0f:20:94:54:b9) ignored
> > 
> > I also sometimes get MLME-REPLAYFAILURE from the same MAC addr.
> > 
> > Can someone explain why a non-associated station would tell hostapd 
> > that there's been a MIC failure?
> 
> This message is not from a remote host; it is from the local 
> driver. In other words, the driver is reporting that it 
> received a frame with invalid Michael MIC (or replay). This 
> particular Michael MIC failure report looks invalid, though, 
> not only because of the address being from a non-associate 
> STA, but also because of the key index 9 being claimed for a 
> unicast frame while unicast is only using key index 0. In 
> other words, this looks more like a driver bug of some sort.
> 
> -- 
> Jouni Malinen                                            PGP 
> id EFC895FA
> _______________________________________________

Jouni, 

thanks for the info. I found out that the MAC address of the "not
associated STA"
is actually the MAC addr of the (madwifi) interface hostapd is running
on.

I think I'm doing something wrong with the setup. After hostapd is up
and running
I bring up ath0 with a static IP and then I run a DHCP server on that
interface,
the idea being that wireless clients get their IP addresses from the
machine
running hostapd.

The fact I'm getting MIC failure indications is a good sign since I am
actively
trying to produce them so my failure injection setup is working. Now I
have to
get hostapd to fire the countermeasures instead of ignoring the
indications.

Andrew



More information about the HostAP mailing list