cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1331
Views
10
Helpful
3
Replies

Man in the middle attack to WLC virtual ip adddress

vijay kumar
Level 2
Level 2

Hi all,

we are having auto anchor setup for the guest wlan.Is there a way to do MIM attach to WLC virtual ip address? 

I hope from AP it will be capwap tunnel to foreighn WLC. From foreighn WLC it will be EOIP tunnel. So there is no way to do or not?

Kindly clarify me..

Thanks,

Regards,

Vijay

1 Accepted Solution

Accepted Solutions

Scott Fella
Hall of Fame
Hall of Fame

If your doing auto anchor, then if your client associates to the AP located on the foreign WLC, it is then tunneled to the guest anchor WLC. I don't know how you can achieve a MIM attack using the VIP.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

3 Replies 3

Scott Fella
Hall of Fame
Hall of Fame

If your doing auto anchor, then if your client associates to the AP located on the foreign WLC, it is then tunneled to the guest anchor WLC. I don't know how you can achieve a MIM attack using the VIP.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Not sure how you would do that either .. But it is possible to sniff the traffic on the wired ..

Sent from Cisco Technical Support iPhone App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

mmangat
Level 1
Level 1

Hello,

Message Integrity Check (MIC) incorporated in Wi-Fi Protected Access       (WPA) includes a frame counter which prevents a man-in-the-middle attack. This       error means someone in the network is trying to replay the message that was       sent by the original client, or it might mean that the client is faulty.

If a client repeatedly fails the MIC check, the controller disables the       WLAN on the AP interface where the errors are detected for 60 seconds. The       first MIC failure is logged, and a timer is initiated in order to enable       enforcement of the countermeasures. If a subsequent MIC failure occurs within       60 seconds of the most recent previous failure, then a STA whose IEEE 802.1X       entity has acted as a Supplicant shall deauthenticate itself or deauthenticate       all the STAs with a security association if its IEEE 802.1X entity acted as an       Authenticator.

Furthermore, the device does not receive or transmit any TKIP-encrypted       data frames, and does not receive or transmit any unencrypted data frames other       than IEEE 802.1X messages, to or from any peer for a period of at least 60       seconds after it detects the second failure. If the device is an AP, it       disallows new associations with TKIP during this 60 seconds period; at the end       of the 60 seconds period, the AP resumes normal operations and allows STAs to       (re)associate.

This prevents a possible attack on the encryption scheme. These MIC       errors cannot be turned off in WLC versions prior to 4.1. With Wireless LAN       Controller version 4.1 and later, there is a command to change the scan time       for MIC errors. The command is config wlan security tkip hold-down       <0-60 seconds> . Use the value 0 in order to       disable MIC failure detection for countermeasures.

Review Cisco Networking for a $25 gift card