Community discussions

 
R1CH
Forum Veteran
Forum Veteran
Topic Author
Posts: 896
Joined: Sun Oct 01, 2006 11:44 pm

"Management frame protection" - 802.11w compatibility

Mon May 30, 2016 6:33 pm

While browsing for techniques to protect against media level attacks, I found the 802.11w specification which protects management frames like deauth. This prevents an attacker from being able to kick clients off the network either to capture the WPA2 4-way handshake for password cracking or as a denial of service attack. https://en.wikipedia.org/wiki/IEEE_802.11w-2009

I saw that Mikrotik implements "Management frame protection" in the wireless settings, but according to the wiki "RouterOS implements proprietary management frame protection algorithm". I am assuming that proprietary means that this is only compatible with other MT devices? Is there a chance to see the standardized 802.11w specification implemented as well? This would be a superior solution as standard wireless clients that support 802.11w such as laptops and phones would be able to benefit from the management frame protection and be resistant to deauth attacks and other nefarious behavior.
 
TonyJr
Member Candidate
Member Candidate
Posts: 201
Joined: Sat Nov 12, 2011 1:30 am
Location: UK
Contact:

Re: "Management frame protection" - 802.11w compatibility

Mon May 30, 2016 7:01 pm

Good post - i'd like to find out more about the implementation of management frame protection too.

TonyJr
 
R1CH
Forum Veteran
Forum Veteran
Topic Author
Posts: 896
Joined: Sun Oct 01, 2006 11:44 pm

Re: "Management frame protection" - 802.11w compatibility

Tue Jan 10, 2017 8:05 pm

Bump - was wondering if there was any update or comment about this. With tools like WifiJammer[1] and scripts like [2] becoming more accessible, it's becoming very easy for anyone with a laptop to cause havoc on networks that lack 802.11w. It wouldn't surprise me if someone comes out with a USB Killer[3] style tool at some point to automate the process to a button press.

[1] https://github.com/DanMcInerney/wifijammer
[2] https://github.com/veerendra2/wifi-deauth-attack
[3] https://www.usbkill.com/
 
R1CH
Forum Veteran
Forum Veteran
Topic Author
Posts: 896
Joined: Sun Oct 01, 2006 11:44 pm

Re: "Management frame protection" - 802.11w compatibility

Wed Jul 26, 2017 3:53 pm

It's getting far too easy to perform deauth attacks these days. Maybe someone should scatter some devices like this around Mikrotik HQ and then we will see a solution? :)

https://github.com/spacehuhn/esp8266_deauther

https://www.aliexpress.com/store/produc ... 0.0.G3Ymlk)

BTW: The wireless chips in MT devices should already have full support for this, just need to add it in software. "It is an optional feature in 802.11 and is required for 802.11 implementations that support TKIP or CCMP." "The 802.11w standard is implemented in Linux and BSD's as part of the 80211mac driver code base, which is used by several wireless driver interfaces; i.e., ath9k. The feature is easily enabled in most recent kernels and Linux OS's using these combinations."
 
Njumaen
newbie
Posts: 36
Joined: Wed Feb 24, 2016 8:41 pm

Re: "Management frame protection" - 802.11w compatibility

Fri Sep 01, 2017 8:40 am

I only can support this request, especially when using capsman!

Took me 3 bucks for a WeMos D1 and 5 minutes for flashing to start sending deauth packets.

„most recent kernels“ might be the problem ;)
 
User avatar
pcunite
Forum Veteran
Forum Veteran
Posts: 945
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: "Management frame protection" - 802.11w compatibility

Fri Sep 22, 2017 3:47 am

This sounds like a needed feature.
 
td32
Frequent Visitor
Frequent Visitor
Posts: 88
Joined: Fri Nov 18, 2016 5:55 am

Re: "Management frame protection" - 802.11w compatibility

Fri Mar 02, 2018 1:12 am

bump for this feature, i hope it gets on the todo list
 
User avatar
lapsio
Member
Member
Posts: 472
Joined: Wed Feb 24, 2016 5:19 pm

Re: "Management frame protection" - 802.11w compatibility

Wed Apr 11, 2018 9:42 am

Is it there yet?
MTCNA, MTCRE, MTCINE
 
brunoemmels
just joined
Posts: 7
Joined: Tue Jan 30, 2018 8:36 pm

Re: "Management frame protection" - 802.11w compatibility

Sat Apr 21, 2018 12:13 am

Anyone has any news about this issue?

I'm surprised how neglected this feature was for this whole time, and now just became one of the top priority features that Mikrotik MUST go for.

Specially these days, where any newbie can buy an extremely inexpensive WiFi Deauther anywhere...

Any way to push Mikrotik for this?
 
R1CH
Forum Veteran
Forum Veteran
Topic Author
Posts: 896
Joined: Sun Oct 01, 2006 11:44 pm

Re: "Management frame protection" - 802.11w compatibility

Sun Apr 22, 2018 11:52 pm

Anyone has any news about this issue?

I'm surprised how neglected this feature was for this whole time, and now just became one of the top priority features that Mikrotik MUST go for.

Specially these days, where any newbie can buy an extremely inexpensive WiFi Deauther anywhere...

Any way to push Mikrotik for this?
Show up to a MUM with a deauther, might get some attention :D
 
User avatar
lapsio
Member
Member
Posts: 472
Joined: Wed Feb 24, 2016 5:19 pm

Re: "Management frame protection" - 802.11w compatibility

Mon Apr 23, 2018 12:01 am

No, really. It seriously stinks that it's not supported yet. I'm going to keep deauth myself for next 2 months and complain that my RB2011 wifi doesn't work as manifest.
MTCNA, MTCRE, MTCINE

Who is online

Users browsing this forum: No registered users and 22 guests