1.TKIP MIC failures
Ive got a few AP1200's that Ive just deployed. Most only have 1 or 2
associations right now as Im ramping it up for production.
Ive got 1 client an IBM laptop with an Intel 2200BG card that keeps
causing these errors on the AP.
%DOT11-4-TKIP_MIC_FAILURE_REPORT: Received TKIP Michael MIC failure
report from the station 000e.3568.a238 on the packet (TSC=0x0)
encrypted and protected by pairwise key.
I see these 1 every few minutes, sometimes it will happen more often
and then the radio interface is put on hold and all my WPA clients are
disassociated. All WPA clients diassociated is bad.
%DOT11-3-TKIP_MIC_FAILURE_REPEATED: Two TKIP Michael MIC failures were
detected within 0 seconds on Dot11Radio0 interface. The interface will
be put on MIC failure hold state for next 60 seconds.
So I read some about these messages and they point to someone attackign
my AP but these are being generated by MAC Addrs that are friendly.
Heres the rundown on my setup, Cisco AP1200's IOS 12.3(2)JA configed
for WPA \TKIP with a MS IAS RADIUS server backend.
Anyone ever see these errors before ? Thanks
2.WPA/TKIP with AP1200
I'm trying to configure an Windows XP SP1 supplicant with Patch Q815485
with my laptop HP Nx7010. Initially I work with EAP-TLS + WPA TKIP &
AP1200, it seems to work fine but after a few seconds the connection is
broken and supplicant doesn't reconnect with the AP.
HAve you found this issue ?
Can you help me?
3.Cisco ACS 3.3 and Windows 2003 IAS using EAP-TLS and TKIP
I was wondering has anyone every setup using Cisco ACS 3.3 (Radius)
with Windows 2003 IAS to authenicate with PKI cards for wireless and if
so what sets should I follow. TIA
4.TKIP vs Broadcast Key Rotation
In some of the Cisco documentation, they state that broadcast key rotation
(BKR) "is an excellent alternative to TKIP if your wireless LAN supports
wireless client devices that are not Cisco devices or that cannot be
upgraded to the latest firmware for Cisco client devices."
I don't really understand how this is true. If BKR is only rotating the keys
for broadcast frames, then the user's session (unicast) key isn't touched
by this mechanism, right? So, the classic WEP cracking vulnerabilities
still apply, right?
Must be something I'm missing here... who can enlighten me?
5.Security of Cisco TKIP implementation on older products
I am still using Cisco AIR-352 with 12.3(8) IOS as access point, to provide
connectivity on my wlan ad 802.11b speeds, with WPA-PSK TKIP security.
I have on a site, two AIR-BR352 point to point links at about 4km.
The bridges BR350 uses Wep128 security, and I know that it is unsecure.
On the config pages, I have enable MIC and TKIP settings.
So in the end I have these options enabled:
This is the extract from cisco's documentations about the two options.
# Message Integrity Check (MIC) -- MIC is an additional WEP security feature
that prevents attacks on encrypted packets called bit-flip attacks. The MIC,
implemented on both the access point and all associated client devices, adds
a few bytes to each packet to make the packets tamperproof.
# Temporal Key Integrity Protocol (TKIP) -- TKIP, also known as WEP key
hashing, is an additional WEP security feature that defends against an
attack on WEP in which the intruder uses an unencrypted segment called the
initialization vector (IV) in encrypted packets to calculate the WEP key.
In the end, these bridges are in WEP128, but are they vulnerable to the
common wep flaws (IV vector, and vulnerable to airsnort's scans) ?
To be secure, I use a GRE+IPSEC (at the moment using DES encryption, later I
will use AES128) tunnel between the two sites connected via the wifi
bridge, to be more secure.
6. Cisco WLC - WPA MIC Errors.....all AP's same syptoms
7. IP phone i2004 audio mic level is low
8. 2 line headset with common mic?