Comments on: 802.11w Tutorial

By: K N Gopinath

K N Gopinath — Tue, 16 Feb 2010 16:21:27 +0000

SA query procedures have been introduced to prevent certain DoS attacks that were possible on certain earlier drafts of 802.11w. Specifically, an attacker could transmit a fake assoc request (which is not a protected MF) and cause an AP to disonnect a client. An AP needs to do this to accomodate stations that may want to genuinely reconnect (e.g., due to reboot).

Such attacks can be prevented by using SA query procedures. According to the standard, on receiving such a fake packet, an AP will not disonnect a client immediately. Instead, it engages in a dialogue to see if the actual client can confirm that it has actually lost the association credentials. The AP actually waits for a timeout before which it resets its previous state, after which, the standard 802.11 auth/assoc procedures are allowed.

By: Shailesh Gupta

Shailesh Gupta — Tue, 02 Feb 2010 04:38:47 +0000

802.11w Standrad also talks about SA Query Action Frames.
Does your product supports that feature also.
Can you elaborate it a bit how it works..

By: KNG

KNG — Tue, 17 Nov 2009 14:00:09 +0000

WIPS systems need to rely on a combination of wired and wireless side defenses to protect against rogue APs. Deauthentication is just one example of wireless side defense – other techniques based on packets not protected by .11w can help preventing such rogues.

By: Hiro Protagonist

Hiro Protagonist — Fri, 13 Nov 2009 18:44:59 +0000

So how would your solution wirelessly block a rogue AP that was using 802.11w?

It appears that by introducing a new patch to a hole in the 802.11 protocol the IEEE has created a new hole.