Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1329
Views
10
Helpful
3
Replies

Man in the middle attack to WLC virtual ip adddress

Go to solution
vijay kumar
Level 2
Level 2

‎07-20-2013 09:59 PM - edited ‎07-04-2021 12:28 AM

Hi all,

we are having auto anchor setup for the guest wlan.Is there a way to do MIM attach to WLC virtual ip address? 

I hope from AP it will be capwap tunnel to foreighn WLC. From foreighn WLC it will be EOIP tunnel. So there is no way to do or not?

Kindly clarify me..

Thanks,

Regards,

Vijay

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎07-21-2013 11:01 AM

If your doing auto anchor, then if your client associates to the AP located on the foreign WLC, it is then tunneled to the guest anchor WLC. I don't know how you can achieve a MIM attack using the VIP.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎07-21-2013 11:01 AM

If your doing auto anchor, then if your client associates to the AP located on the foreign WLC, it is then tunneled to the guest anchor WLC. I don't know how you can achieve a MIM attack using the VIP.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
George Stefanick
VIP Alumni
VIP Alumni
In response to Scott Fella

‎07-21-2013 07:23 PM

Not sure how you would do that either .. But it is possible to sniff the traffic on the wired ..

Sent from Cisco Technical Support iPhone App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Go to solution
mmangat
Level 1
Level 1

‎07-21-2013 08:05 PM

Hello,

Message Integrity Check (MIC) incorporated in Wi-Fi Protected Access       (WPA) includes a frame counter which prevents a man-in-the-middle attack. This       error means someone in the network is trying to replay the message that was       sent by the original client, or it might mean that the client is faulty.

If a client repeatedly fails the MIC check, the controller disables the       WLAN on the AP interface where the errors are detected for 60 seconds. The       first MIC failure is logged, and a timer is initiated in order to enable       enforcement of the countermeasures. If a subsequent MIC failure occurs within       60 seconds of the most recent previous failure, then a STA whose IEEE 802.1X       entity has acted as a Supplicant shall deauthenticate itself or deauthenticate       all the STAs with a security association if its IEEE 802.1X entity acted as an       Authenticator.

Furthermore, the device does not receive or transmit any TKIP-encrypted       data frames, and does not receive or transmit any unencrypted data frames other       than IEEE 802.1X messages, to or from any peer for a period of at least 60       seconds after it detects the second failure. If the device is an AP, it       disallows new associations with TKIP during this 60 seconds period; at the end       of the 60 seconds period, the AP resumes normal operations and allows STAs to       (re)associate.

This prevents a possible attack on the encryption scheme. These MIC       errors cannot be turned off in WLC versions prior to 4.1. With Wireless LAN       Controller version 4.1 and later, there is a command to change the scan time       for MIC errors. The command is config wlan security tkip hold-down       <0-60 seconds> . Use the value 0 in order to       disable MIC failure detection for countermeasures.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card