Re: [93attendees] "ietf - The wireless network appears to have been compromised and will be disabled for about a minute."
Chris Elliott <chelliot@pobox.com> Mon, 20 July 2015 12:21 UTC
Return-Path: <chelliot@gmail.com>
X-Original-To: 93attendees@ietfa.amsl.com
Delivered-To: 93attendees@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 361F11A21BD for <93attendees@ietfa.amsl.com>; Mon, 20 Jul 2015 05:21:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GR2Av_Xlf5gW for <93attendees@ietfa.amsl.com>; Mon, 20 Jul 2015 05:21:11 -0700 (PDT)
Received: from mail-yk0-x230.google.com (mail-yk0-x230.google.com [IPv6:2607:f8b0:4002:c07::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40DCE1A21AE for <93attendees@ietf.org>; Mon, 20 Jul 2015 05:21:11 -0700 (PDT)
Received: by ykdu72 with SMTP id u72so136925807ykd.2 for <93attendees@ietf.org>; Mon, 20 Jul 2015 05:21:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:sender:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=cMaSmq7xWhDZagXubwPMOhVljLh/ZuG0U5uevCqkiS4=; b=drUM1UFqAIirda1cGJyyzfxJe4LmY4l6PLoHx83JeYRIe3NPrnelZbWd3HWKKAjd1A S7/k24BRr+RpLZTTMRuG95JGkyhOtgLPCFSPWG3HdP1Bz+uu5PNalhpdo6xvF07yq5bL DoEGF8a9OyaVzUxExuu2fyFjApf/65Re6MKmtXHovLI6MLd6XbfWtgXemh4BKNVjasoh TxXyCQUEs4paYLln8/5WeY7V/Qa+Yhk4dBBEu4EOaFPQNp0cNnc+PABLwVo6VED+drkx wcEoJo1/grTQLCGOhM+JlU3ZCrkzQU1x19q0LweqGI2c5mMhAKGuUGEecuruHJz0S7fg bTPQ==
X-Received: by 10.129.103.84 with SMTP id b81mr28032687ywc.55.1437394870676; Mon, 20 Jul 2015 05:21:10 -0700 (PDT)
MIME-Version: 1.0
Sender: chelliot@gmail.com
Received: by 10.13.225.144 with HTTP; Mon, 20 Jul 2015 05:20:51 -0700 (PDT)
In-Reply-To: <854C271A-EB9B-453B-99F4-38EF5F820790@gmail.com>
References: <1E0A8B96-3E39-4C47-8F14-FC97EAF93D21@live555.com> <CAD62q9VVFYUhyd-8US_hnvhErTS1jx902Z-QJEX-Kmr2o+LqJw@mail.gmail.com> <55ACE093.9030707@jive.com> <854C271A-EB9B-453B-99F4-38EF5F820790@gmail.com>
From: Chris Elliott <chelliot@pobox.com>
Date: Mon, 20 Jul 2015 14:20:51 +0200
X-Google-Sender-Auth: K8bMl6WPBKUYRIH6BHeF8RuHv3Q
Message-ID: <CAO_RpcJtPDsxSL_z6OG3dFH1THAFC8kDX1sONoYfKNtNprbfxA@mail.gmail.com>
To: Yoav Nir <ynir.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="001a11490eb8ab31e5051b4d9257"
Archived-At: <http://mailarchive.ietf.org/arch/msg/93attendees/JV27YvN0ixR9rl_dUE1LrIGOKDc>
Cc: Aaron Falk <aaron.falk@gmail.com>, Simon Perreault <sperreault@jive.com>, Ross Finlayson <finlayson@live555.com>, 93attendees@ietf.org
Subject: Re: [93attendees] "ietf - The wireless network appears to have been compromised and will be disabled for about a minute."
X-BeenThere: 93attendees@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: chelliot@pobox.com
List-Id: "Mailing list of IETF 93 attendees that have opted in on this list. " <93attendees.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/93attendees>, <mailto:93attendees-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/93attendees/>
List-Post: <mailto:93attendees@ietf.org>
List-Help: <mailto:93attendees-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/93attendees>, <mailto:93attendees-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jul 2015 12:21:13 -0000
All, We've modified the wireless config so that this issue should not reoccur. Please let us know if you see it again. We continue to monitor our logs, as we saw the issue first there at 10:50am today. I finished configuring the APs at 1:44pm and haven't seen it since. We don't believe that this problem can happen again, despite possible misbehaving clients. A few details, summarized from my memory. Feel free to correct if you feel inclined! Wifi can use several different encryption methods--WEP, TKIP, and AES. We stopped using WEP many years ago. However, the first version of WPA modified WEP to add a temporal key and a MIC to check if the packet had been modified in flight. This protocol included draconian measures if the access point detected an incorrect MIC, as the thought was that TKIP was weak and there needed to be strong measures to prevent repeated attacks that might reveal the key. It turned out that the standards organization underestimated the strength of TKIP, so these draconian measures weren't really necessary. We have had a feature enabled on our APs that should avoid any packet corruption from triggering said draconian measures. However, for the first time in several years, we're once again seeing the APs reacting badly. While we don't know for sure why the APs are doing this, we did determine the few to none of our attendees are using TKIP. Therefore we have now disabled TKIP throughout the IETF network and all encrypted networks are WPA2/AES only. This seems to have mitigated the issue. We continue to monitor the network to determine if there are any other effects of whatever caused this problem. As usual, feel free to open a ticket with the NOC if you have any issues on the IETF network. Enjoy! Chris. On Mon, Jul 20, 2015 at 1:59 PM, Yoav Nir <ynir.ietf@gmail.com> wrote: > > > On Jul 20, 2015, at 1:50 PM, Simon Perreault <sperreault@jive.com> > wrote: > > > > Le 2015-07-20 13:41, Aaron Falk a écrit : > >> Already a ticket on this. See > https://tickets.meeting.ietf.org/ticket/951. > > > > https://tickets.meeting.ietf.org/ticket/950 > > > > Do I win? ;) > > Not quite: > https://tickets.meeting.ietf.org/ticket/949 > https://tickets.meeting.ietf.org/ticket/948 > https://tickets.meeting.ietf.org/ticket/947 > https://tickets.meeting.ietf.org/ticket/946 > https://tickets.meeting.ietf.org/ticket/945 (probably, Does Brian use a > Mac?) > https://tickets.meeting.ietf.org/ticket/944 > https://tickets.meeting.ietf.org/ticket/943 (probably) > > _______________________________________________ > 93attendees mailing list > 93attendees@ietf.org > https://www.ietf.org/mailman/listinfo/93attendees > -- Chris Elliott chelliot@pobox.com
- [93attendees] "ietf - The wireless network appear… Ross Finlayson
- Re: [93attendees] "ietf - The wireless network ap… Rosen, Brian
- Re: [93attendees] "ietf - The wireless network ap… Peter van Dijk
- Re: [93attendees] "ietf - The wireless network ap… Aaron Falk
- Re: [93attendees] "ietf - The wireless network ap… Jim Martin
- Re: [93attendees] "ietf - The wireless network ap… Erik Nordmark
- Re: [93attendees] "ietf - The wireless network ap… Ignacio Solis
- Re: [93attendees] "ietf - The wireless network ap… Henderickx, Wim (Wim)
- Re: [93attendees] "ietf - The wireless network ap… Pushpasis Sarkar
- Re: [93attendees] "ietf - The wireless network ap… Simon Perreault
- Re: [93attendees] "ietf - The wireless network ap… Simon Perreault
- Re: [93attendees] "ietf - The wireless network ap… Yoav Nir
- Re: [93attendees] "ietf - The wireless network ap… Brian E Carpenter
- Re: [93attendees] "ietf - The wireless network ap… Daniel Harkins
- Re: [93attendees] "ietf - The wireless network ap… Chris Elliott
- Re: [93attendees] "ietf - The wireless network ap… Henderickx, Wim (Wim)
- Re: [93attendees] "ietf - The wireless network ap… Mikael Abrahamsson
- Re: [93attendees] "ietf - The wireless network ap… Chris Elliott