5/13/2014 2:37 PM | |
Posts: 3 Rating: (0) |
We have
Behind the client there is a small switch where PLC, drives and the Client itself are connected. Switch has IGMP enabled for filtering multicast ENIP. AP log: 17 2014/05/07 11:37:23 Client MAC 00-1B-1B-0E-FB-C7 on WLAN 1 VAP 0 associated 17 2014/05/07 11:12:33 Client MAC 00-1B-1B-0E-FB-C7 on WLAN 1 VAP 0 disassociated, reason <class 3 frame received from non-assoc> 17 2014/04/23 16:33:52 Client MAC 00-1B-1B-0E-FB-C7 on WLAN 1 VAP 0 associated 17 2014/04/23 16:27:13 Client MAC 00-1B-1B-0E-FB-C7 on WLAN 1 VAP 0 disassociated, reason <class 3 frame received from non-assoc> 17 2014/04/23 15:53:29 Client MAC 00-1B-1B-0E-FB-C7 on WLAN 1 VAP 0 associated CLI log: 65 2014/05/07 11:37:27 Link up 65 2014/05/07 11:37:23 Power Ethernet is off 64 2014/05/07 11:37:21 Cold start performed 64 2014/04/23 16:33:55 Link up 64 2014/04/23 16:33:52 Power Ethernet is off 63 2014/04/23 16:33:50 Cold start performed Any ideas about what could be the reason for this "class 3 frame received from non-assoc". My suspicion is on malicious activity where someone is spoofing deauthentication packets to the WLAN as described in the documents of my previous post (defcon-16-ahmad.pdf). There is no defence for this kind of built-in vulnerability in the WLAN protocol! Someone has tried to fix this: "In the current IEEE802.11 standards, whenever a wireless station wants toleave the network, it sends a deauthentication or disassociationframe to the access point. These two frames, however, are sent unencrypted and are not authenticated by theaccess point. Therefore, an attacker can launch a DoS attackby spoofing these messages and thus disabling the communicationbetween these wireless devices and their accesspoint. We propose an efficient solution based on a one wayhard function to verify that a deauthentication frame is froma legitimate station." http://www.utdallas.edu/~neerajm/publications/conferences/attacks.pdfPlease, give me another option than this attack scenario, otherwise implement a fix for the WLAN firmwares for this legitimate frame inspection. Attachment: Logs, debugs and configs for AP and Client Attachment98000-wlan-log-config-debug.zip (192 Downloads) |
Last edited by: Blue Moderator at: 13.05.2014 23:19New subject after splitting from /tf/WW/en/Posts/23866#top |
|
5/20/2014 10:25 AM | |
Posts: 3 Rating: (0) |
Is it normal for the disassociated client to never associate back to the AP without a cold boot (power reset) of the client? Normally if the signal gets weak and disassociation occurs, the client will assoaciate automatically back to the AP when the signal is good again. In this case the signal is 90..100% all the time.
Why would it disassociate in the first place as there is no other AP with this SSID to roam to? The packet loss statistics and signal levels are looking rather good (check attachments)? Attachment98000-wlan-errors-and-signal.zip (199 Downloads) |
Follow us on