Get your Wi-Fi network ready for... Windows 8

Discussion in 'Tomato Firmware' started by mpegmaster, Oct 24, 2012.

  1. mpegmaster

    mpegmaster Addicted to LI Member

    Microsoft will launch Windows 8 in late October. Along with a slew of other features, it will be among the first to support the 802.11w standard to protect Management Frames for client devices on Wi-Fi networks.

    So does or will Tomato support 802.11w ?:cool:

    What is 802.11w ?:)

    802.11w is an IEEE standard based on Cisco’s Management Frame Protection(MFP), a feature that was first supported on autonomous access points in release 12.3(8)JA in 2006 and in the unified release in 2008. 802.11w isn’t a new standard. IEEE ratified the 802.11w standard in 2009, however the adoption has been slow to date, but that is expected to change with Windows 8.

    Why do I care about 802.11w ?;)

    One of the coolest features in that release was a Cisco innovation around protecting management frames. As many of you may know, 802.11 frames such as Authenticate, De-authenticate, Associate, Dis-associate are sent in the clear (a.k.a. in an unsecured manner). This could allow a potential attacker to spoof management frames from a valid device and run Denial of Service (DOS) attack by sending de-authenticate/disassociate frames.

    When MFP is enabled, the sending device adds a cryptographic hash to create a message integrity check (MIC) and embeds that within the Information Element (IE) of every management frame. Thus when another device in the network receives the frame, it is able to verify that the authenticity of the source. In case a single invalid frame is received on the network, it will be dropped, as well as, an Intrusion Detection System alert will be received - this means zero day protection!


    This is head's up notice...

    For further details visit the Cisco website...

  2. Monk E. Boy

    Monk E. Boy Network Guru Member

    I think whoever wrote that quote is using the term zero day protection incorrectly. Zero day typically refers to an unpatched vulnerability. This appears to be a rather elaborate anti-spoofing measure.

    While it should protect against zero day vulnerabilities by preventing access to the network, it won't protect against, for example, zero day vulnerabilities in individual 802.11w implementations.

    Still an interesting feature.
  3. Mangix

    Mangix Networkin' Nut Member

    might be possible. here's sample output from the wl command...
    	Config PMF capability
    	usage: wl mfp 0/disable, 1/capable, 2/requred
    	Config SHA256 capability
    	usage: wl sha256 0/disable, 1/enable
    	Send a sa query req/resp to a peer
    	usage: wl mfp_sa_query flag action id
    	send bogus disassoc
    Usage: wl mfp_disassoc
    	send bogus deauth
    	Usage: wl mfp_dedauth
    	send assoc
    Usage: wl mfp_assoc
    	send auth
    	Usage: wl mfp_auth
    	send reassoc
    Usage: wl mfp_reassoc
    edit: spoke too soon. on this belkin unit i got here, it says unsupported for the first two commands. meaning this might work on chipsets newer than the BCM4716 i got here.

    in any case, what device would actually support this?
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice