<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;">Thank your reply, but I checked and found following(version 0.4.8):<br> if (now > hapd->michael_mic_failure + 60) {<br> hapd->michael_mic_failures = 1;<br> } else {<br> hapd->michael_mic_failures++;<br> if (hapd->michael_mic_failures > 1)<br> ieee80211_tkip_countermeasures_start(hapd);<br> }<br><br>It will wait until the second MIC error and then go to countermeasure.<br><br>Even hostapd will go to countermeasure mode for every single MIC error, is it too expensive to kick out all clients? How about we just rekey or deauth the client who cause it.<br><br>Thank you!<br><br>--- On <b>Tue, 11/11/08, Jouni Malinen
<i><j@w1.fi></i></b> wrote:<br><blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;">From: Jouni Malinen <j@w1.fi><br>Subject: Re: TKIP attack<br>To: hostap@lists.shmoo.com<br>Date: Tuesday, November 11, 2008, 1:41 PM<br><br><pre>On Tue, Nov 11, 2008 at 12:54:55PM -0800, Miles wrote:<br><br>> Have we implemented any code to prevent TKIP attack in hostapd? <br>> <br>> http://radajo.blogspot.com/2008/11/wpatkip-chopchop-attack.html<br><br>hostapd forces rekeying of PTK on the first Michael MIC failure report<br>(i.e., it does not wait for TKIP countermeasures to be started on the<br>second failure). This limits this particular chopchop attack to only a<br>single octet and as such, the attack cannot be used to determine the<br>Michael MIC key or full ARC4 stream for pairwise packets. As far as<br>group packets are concerned, the attack might be feasible, but that can<br>be mitigated by
setting the GTK rekeying to happen relatively frequently<br>(e.g., wpa_group_rekey=600 which is the default value in hostapd or even<br>a smaller value to make the attack more default at the cost of more<br>frequent key updates).<br><br>-- <br>Jouni Malinen PGP id EFC895FA<br>_______________________________________________<br>HostAP mailing list<br>HostAP@lists.shmoo.com<br>http://lists.shmoo.com/mailman/listinfo/hostap<br></pre></blockquote></td></tr></table><br>