MY80211
INTEL WIRELESS
CCIE Wireless V3
Cisco Wireless
Wired Stuff
CCIE Wireless v2
WiFi Tablet Corner
My80211 Projects
WiFi Tools
CWNP or BUST Blogs!
My80211 White Papers (Coming Soon!)

Cisco Wireless Compatibility Matrix (Nov. 2011)

Podcasts / Videos

My80211 Videos

Cisco: 802 11 frames with Cisco VIP George Stefanick

Fluke Networks: Minimize Wi Fi Network Downtime

Aruba: Packets never lie: An in-depth overview of 802.11 frames

ATM15 Ten Talk “Wifi drivers and devices”

Houston Methodist Innovates with Wireless Technology

Bruce Frederick Antennas (1/2)

 

Bruce Frederick dB,dBi,dBd (2/2)

Cisco AP Group Nugget

Info
Social Links
Revolution WiFi Capacity Planner

Blogroll Call
Cerification Guides and Books
IEEE 802.11 STANDARDS
Anchor / Office Extends Ports

 

Peek Inside Cisco's Gear

See inside Cisco's latest wireless gear!

2.4 GHz Channel Overlap

EXAMPLE 1  

EXAMPLE 2

EXAMPLE 3  

CWSP RELEASE DATE 2/08/2010
  • CWSP Certified Wireless Security Professional Official Study Guide: Exam PW0-204
    CWSP Certified Wireless Security Professional Official Study Guide: Exam PW0-204
    by David D. Coleman, David A. Westcott, Bryan E. Harkins, Shawn M. Jackman

    Shawn Jackman (Jack) CWNE#54 is a personal friend and has been a mentor to me for many years.  I've had the pleasure and opportunity to work with Jack for 4 years. Jack is a great teacher who takes complex 802.11 standards and breaks them down so almost anyone can understand the concept at hand. I'm excited for you brother. Great job and job well done! Put another notch in the belt!

IEEE 802.11a/g/n Reference Sheet

 

LWAPP QoS Packet Tagging

 

 

Interference Types

BLUETOOTH
 

Microwave Oven
 

Cordless Phone

JAMMER!
 

« Free 2nd shot voucher on all CWNP Exams from May 1 – August 31, 2010 | Main | Review: CCIE Cisco Certified Internetwork Expert Wireless Certification Exam Preparation Course in a Book for Passing the CCIE Exam »
Saturday
May152010

TKIP Countermeasure caught in the wild!

DateSaturday, May 15, 2010 at 9:29AM

  

I want to share an event you may not see very often in the wild, TKIP countermeasure. 

What is a TKIP countermeasure and why is it important?
 
By deafult, Cisco WLCs and autonomous access points will suspend all TKIP traffic on a radio / ssid if a client sends 2 bad MICs in a 60 second period for a duration of  60 second. This is a measure that prevents the spoofing of frames by hackers.
 
Fully authorized wireless clients can occasionally send a bad MIC(s). In fact, a colleague of mine once had a bad wireless NIC that was notorious for throwing bad MICs. His machine was a walking "DoS" attack of sorts. LOL
 

The TKIP countermeasure is a configurable variable by SSID and can be disabled. I blogged about this in December of last year. The commands for both the WLC and Autonomous are below:


WLC - http://www.my80211.com/cisco-wlc-cli-commands/2009/12/29/configure-tkip-countermeasure-holdoff-timer-on-wlc.html
Autonomous - http://www.my80211.com/cisco-auton-cli-commands/2009/12/29/configure-tkip-countermeasure-holdoff-timer-on-autonomous.html

So what happen?

I was simply reviewing logs in WCS when an alert popped up. Once I seen 'MIC' in the header I thought right away, is this a TKIP countermeasure event and sure enough. I've since monitored the device to insure it wasnt a problem child.
NOTE: Cisco recommends to disabled TKIP Countermeasure on all Voice SSIDs.
 
AuthorGeorge | Comment2 Comments |

PrintView Printer Friendly Version

EmailEmail Article to Friend

Reader Comments (2)

Convenient Cisco recommendation to cover their lack of a practical WPA2/EAP-TLS implementation.

May 15, 2010 | Unregistered CommenterSkip TKIP

Legacy devices cant support AES. I agree, although I think TLS is held back more from the user not Cisco. TLS is a bear !

May 15, 2010 | Unregistered CommenterGeorge

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Notify me of follow-up comments via email.