wpa_supplicant TKIP countermeasures

Jouni Malinen j at w1.fi
Sat Nov 24 10:11:19 EST 2012


On Wed, Nov 21, 2012 at 09:45:15AM -0500, Jonathan Bagg wrote:
> supplicant output -> http://upgrade.nadelectronics.com/wifi/wpa_log_2.txt
> packet sniff -> http://upgrade.nadelectronics.com/wifi/all-2.pkt
> 
> cw1200 (Sony-Ericson chipset)  The driver hasn't made it to the
> kernel yet.  To my knowledge, we are not configuring the ap_scan
> parameter.  It appears that the device is trying to reconnect right
> after the countermeasures disconnect but fails, and after 60
> seconds, it doesn't not attempt to connect.

The log file (wpa_log2.txt) seemed to be truncated, so I could not check
what was the exact behavior at the end of the countermeasures period. It
looks like the is rejecting various connection attempts at this point
and that may result in a state where the connection attempts get stopped
("wlan0: Already associated with the selected AP"). I think this area
has received some fixes in the current 2.0-devel branch, so it might be
interesting to run a test with that to check whether this has already
been resolved.

As far as the initial connection attempt is concerned, that shouldn't
really be there. This commit can be used to remove it in some cases
(this was added after v1.0):
http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=8945cc451fde346dea6b39a3e5b69642935a93b3

> Unfortunately I don't
> know how to simulate MIC failures, so we are relaying on the test
> lab.

This is pretty easy thing to do with this included in the Linux kernel
tree:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=681d119047761cc59a15c0bb86891f3a878997cf

Any driver that uses mac80211 and supports AP mode (e.g., ath9k) can now
be used to run these tests.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list