nathanaPremium
join:2004-05-27
Moscow, ID | 802.11 Association Hijacking bug Howdy fellow WISPers,
I just posted a thread to the Wireless Networking forum here, but am now wondering whether it wouldn't have been more apropos for me to post it to this forum instead.
»802.11 Association Hijacking
In order to avoid having two separate threads about the same subject, it would probably be best if anyone who wants to discuss this particular issue posted to the above thread instead of replying to this one.
Here follows the contents of the above post of mine:
I work for a WISP located in Northern Idaho, and we have (relatively) recently run into what we consider to be a very disturbing bug in a number of 802.11b products, and this bug has been giving us headaches for the last few months. Certain consumer-grade routers/APs appear to "hijack" any association attempts that certain wireless clients make *regardless* of SSID settings, and certain cards seem vulnerable to these "hijackings" while others are not affected. Has anyone else seen this?
In an effort to collect more information on this problem and get it fixed (which seems to affect a larger number of makes and models of gear than I initially suspected), I have set up a web site detailing what we are seeing:
»users.moscow.com/nathana/hijack/
I would appreciate comments from my fellow BroadBandReports Forum members!
Take care,
-- Nathan Anderson, nathana@fsr.com |
|
|
|
 IntraLinkPremium,MVM
join:2002-08-14
Utah Valley | Are you talking about the bugs in the CB3 radios etc. that roam around even though SSID is set?
I thought that was fixed with newer firmware...
All of our radios use BSSID just to make sure this doesn't happen. |
|
nathanaPremium
join:2004-05-27
Moscow, ID | The CB3 has a PCMCIA radio inside of it that uses the Prism 2.5 chipset (it's an Engenius/Senao NL-2511CD Plus EXT2...Prism2.5 w/ 200mW output and external antenna connectors), so yes, if your CB3 has a card with older firmware on it, upgrading the firmware of the card in the unit will fix the problem. Some individuals on the ISP-Wireless mailing list @ »www.isp-wireless.com/ actually had this problem with the CB3s:
»isp-lists.isp-planet.com/isp-wir···284.html
My site that I linked to in my initial post details this information about the Prism-based cards.
Now, perhaps if Senao/Engenius writes the firmware that runs the actual bridge such that it does a RAM-download of new firmware to the Prism card every time it boots up, then you may not need to flash the card...all you'd need to do is to upgrade the CB3's firmware, and the card would "automatically" be running new firmware w/o the need to flash it. I'm not super-familiar with the CB3 firmware, though.
-- Nathan |
|
| reply to nathana
I have the same problem with the orinoco/ydi (agere) usb clients. I have customers who go out and buy a linksys or netgear wireless router and then they loose their connection with us. I tell them to log into their wireless router, update it with the latest firmware, and if that doesn't work, see if there is a 'hide ssid' option in the wireless router.
We don't install usb clients anymore, so it is just a problem that pops up every now and then with older customers.
I've tried to deal with agere and proxim regarding other bugs in their software, and agere has always said 'talk to proxim' and proxim has always said 'talk to agere.'... or they give me the 'we couldn't recreate the problem' line.
Tom W |
|
| reply to nathana
Excellent post and good job on the test report you made. I too have seen this and it's been an issue for awhile with CB3+. I wonder if these other manufacturers are planning to patch this? Thanks for sharing the info. |
|
| Yeah if you crack open the CB3+ models, you can upgrade the firmware on the pcmcia card inside to 1.1.1/1.7.4 primary/secondary firmwares. That takes care of the hijack problem.
Tom W |
|
| Right, but is there any hope for Linksys and Netgear? As far as consumer APs and clients go, there are probably far more of these out there than anything else. I wonder if D-Link and SMC APs are affected by this? |
|
nathanaPremium
join:2004-05-27
Moscow, ID | reply to nathana
All,
I just posted the following text to the isp-wireless mailing list:
As I have indicated on my web site that I put up about this issue, I have been exchanging e-mails with an engineer over at Agere about the problem with Hermes-based cards being vulnerable to offending APs.
Unfortunately, although I was initially hopeful that we would be seeing a fix from them, they are unwilling to commit to releasing one in "flashable" form, which basically means that anybody using these cards on a platform other than Windows, Linux, or MacOS is screwed. This includes anybody using an ORiNOCO card inside of "ethernet client bridge" devices as well as YDI EtherAnts.
My Agere contact confessed to me that my tests show that "something is indeed going wrong," and they even released a limited fix for this issue a while back (it looks like this limited-release fix was made even before YDI brought the issue to their attention). As far as I am concerned, this means that Agere has acknowledged that there is a problem (which is just *slightly* different than the response YDI got from them denying the problem in the first place) and yet refuses to take it seriously.
I have posted a statement about this news to the web site.
If there is anybody here who has any kind of clout with Agere, Proxim, the IEEE 802.11 committee, or the Wi-Fi Alliance who is concerned about this, I would urge you to express your disappointment about Agere's decision to the appropriate parties.
»users.moscow.com/nathana/hijack/
-- Nathan |
|
