Clients can't accociate - TKIP chop-chop attack?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-04-2014 05:08 AM
Hello,
one of our customers has a v2110 controller with AP36xx. Since the beginning of this year they have several APs where clients are not able to (re) connect to. Only a reboot of the AP helps. Than clients are able to connect again.
This behaviour happens every few weeks and under higher load sometimes several times a day.
Many APs on different locations are affected.
The traces we took from the APs prior to reboot have the following log messages in common:
Info 05/28/14 07:15:35: Can't deflect TKIP chop-chop attack--no sta!
The software version is 8.11.06.0006-1
Are there any security procedures implemente which cause this issue or is it a bug?
one of our customers has a v2110 controller with AP36xx. Since the beginning of this year they have several APs where clients are not able to (re) connect to. Only a reboot of the AP helps. Than clients are able to connect again.
This behaviour happens every few weeks and under higher load sometimes several times a day.
Many APs on different locations are affected.
The traces we took from the APs prior to reboot have the following log messages in common:
Info 05/28/14 07:15:35: Can't deflect TKIP chop-chop attack--no sta!
The software version is 8.11.06.0006-1
Are there any security procedures implemente which cause this issue or is it a bug?
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-27-2015 02:05 PM
Doug,
we use WPA2+AES in all WLAN services and see a lot of "chop-chop" Errors in the logs.
Is the shutdown caused by this event visible in a logfile ?
Can we disable the 30s radio shutdown function after this Event ?
br
Volker
we use WPA2+AES in all WLAN services and see a lot of "chop-chop" Errors in the logs.
Is the shutdown caused by this event visible in a logfile ?
Can we disable the 30s radio shutdown function after this Event ?
br
Volker
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-05-2014 06:22 AM
Thank you Doug, the shutdown of the radio explains some effects.
Kind regards
Christoph
Kind regards
Christoph
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-04-2014 11:28 PM
In the past I have actually seen electrical interference cause the issue too because the wpa tkip keys were received out of order. It was an ap mounted to close to a florescent light ballast. If It's a hacker running chop chop or a bad client our AP's will defend against it by shutting off its radio for 30 seconds to deter the device from learning the key, this also prevents good users from working as well.
-Doug
-Doug
Doug Hyde
Director, Technical Support / Extreme Networks
Director, Technical Support / Extreme Networks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-04-2014 12:58 PM
Many thanks for your answers.
We know the security limitations of TKIP. But Actually disabling TKIP is not an option. In future we are going to switch over to WPA2 with AES.
Today we did the update to 8.32.
Yet, I'm interest in how the APs behave in case of an TKIP chop-chop attack. Do you have any information on that?
Kind regards
Christoph
We know the security limitations of TKIP. But Actually disabling TKIP is not an option. In future we are going to switch over to WPA2 with AES.
Today we did the update to 8.32.
Yet, I'm interest in how the APs behave in case of an TKIP chop-chop attack. Do you have any information on that?
Kind regards
Christoph
