cancel
Showing results for 
Search instead for 
Did you mean: 

Clients can't accociate - TKIP chop-chop attack?

Clients can't accociate - TKIP chop-chop attack?

Christoph
Contributor
Hello,

one of our customers has a v2110 controller with AP36xx. Since the beginning of this year they have several APs where clients are not able to (re) connect to. Only a reboot of the AP helps. Than clients are able to connect again.
This behaviour happens every few weeks and under higher load sometimes several times a day.

Many APs on different locations are affected.

The traces we took from the APs prior to reboot have the following log messages in common:
Info 05/28/14 07:15:35: Can't deflect TKIP chop-chop attack--no sta!

The software version is 8.11.06.0006-1

Are there any security procedures implemente which cause this issue or is it a bug?

6 REPLIES 6

Volker_Kull
Contributor
Doug,

we use WPA2+AES in all WLAN services and see a lot of "chop-chop" Errors in the logs.
Is the shutdown caused by this event visible in a logfile ?
Can we disable the 30s radio shutdown function after this Event ?

br
Volker

Christoph
Contributor
Thank you Doug, the shutdown of the radio explains some effects.

Kind regards
Christoph

Doug
Extreme Employee
In the past I have actually seen electrical interference cause the issue too because the wpa tkip keys were received out of order. It was an ap mounted to close to a florescent light ballast. If It's a hacker running chop chop or a bad client our AP's will defend against it by shutting off its radio for 30 seconds to deter the device from learning the key, this also prevents good users from working as well.

-Doug
Doug Hyde
Director, Technical Support / Extreme Networks

Christoph
Contributor
Many thanks for your answers.

We know the security limitations of TKIP. But Actually disabling TKIP is not an option. In future we are going to switch over to WPA2 with AES.

Today we did the update to 8.32.

Yet, I'm interest in how the APs behave in case of an TKIP chop-chop attack. Do you have any information on that?

Kind regards
Christoph

GTM-P2G8KFN