Wireless Access

Reply
Highlighted
Occasional Contributor I

Disconections problem

Hello, i've been notice that several devices lost conexion with APs several times.

Now i'm checking the logs and found this.

 

 

Spoiler
Dec 7 11:38:07 authmgr[3896]: <132094> <3896> <WARN> |authmgr| MIC failed in WPA2 Key Message 2 from Station f8:16:54:96:3e:8a 84:d4:7e:65:d5:f0 Plaza Seca Defensa
Dec 7 11:38:22 wms[3790]: <126075> <3790> <WARN> |wms| |ids| AP(84:d4:7e:75:ec:a0@test-networking): Valid Client Misassociation: f4:f1:e1:9a:2f:d4 and access point (BSSID 00:1a:30:c1:96:24 and SSID tbsemployee on CHANNEL 11). Association type is (Association To External AP), SNR of client is 0.
Dec 7 11:38:22 wms[3790]: <126075> <3790> <WARN> |wms| |ids| AP(84:d4:7e:75:ec:a0@test-networking): Valid Client Misassociation: An AP detected a misassociation between valid client f4:f1:e1:9a:2f:d4 and access point (BSSID 00:1a:30:c1:96:24 and SSID tbsemployee on CHANNEL 11). Association type is (Association To Honeypot AP), SNR of client is 0.
Dec 7 11:38:27 authmgr[3896]: <132094> <3896> <WARN> |authmgr| MIC failed in WPA2 Key Message 2 from Station f8:16:54:96:3e:8a ac:a3:1e:5b:e8:b0 ap-ba-auditorio
Dec 7 11:38:31 wms[3790]: <126069> <3790> <WARN> |wms| |ids| AP(84:d4:7e:75:ec:a0@test-networking): AP Spoofing: An AP detected a frame that has a spoofed source address of 84:d4:7e:75:ec:a0, a BSSID of 84:d4:7e:75:ec:a0, a destination address of ff:ff:ff:ff:ff:ff, and is on CHANNEL 11. SNR is 32, and FrameType is Deauth. Additional Info: SSID:. Associated WVE ID(s): WVE-2005-0019.
Dec 7 11:38:31 authmgr[3896]: <132094> <3896> <WARN> |authmgr| MIC failed in WPA2 Key Message 2 from Station f8:16:54:96:3e:8a ac:a3:1e:5b:e8:b0 ap-ba-auditorio
Dec 7 11:38:38 wms[3790]: <126075> <3790> <WARN> |wms| |ids| AP(84:d4:7e:75:ec:20@Plaza Seca Esquina): Valid Client Misassociation: An AP detected a misassociation between valid client f4:f5:e8:48:a7:2a and access point (BSSID 00:23:eb:e2:d0:e4 and SSID tbsemployee on CHANNEL 1). Association type is (Association To External AP), SNR of client is 0.
Dec 7 11:38:38 wms[3790]: <126075> <3790> <WARN> |wms| |ids| AP(84:d4:7e:75:ec:20@Plaza Seca Esquina): Valid Client Misassociation: An AP detected a misassociation between valid client f4:f5:e8:48:a7:2a and access point (BSSID 00:23:eb:e2:d0:e4 and SSID tbsemployee on CHANNEL 1). Association type is (Association To Honeypot AP), SNR of client is 0.
Dec 7 11:38:40 authmgr[3896]: <132094> <3896> <WARN> |authmgr| MIC failed in WPA2 Key Message 2 from Station f8:16:54:96:3e:8a ac:a3:1e:5b:e8:b0 ap-ba-auditorio
Dec 7 11:38:41 wms[3790]: <126065> <3790> <WARN> |wms| |ids| AP(84:d4:7e:65:d5:e0@Plaza Seca Defensa): Valid Client Not Using Encryption: An AP detected an unencrypted frame between a valid client (48:45:20:3b:5e:e8) and access point (BSSID 00:25:84:90:5b:b1), with source 48:45:20:3b:5e:e8 and receiver ff:ff:ff:ff:ff:ff. SNR value is 41.
Dec 7 11:38:42 authmgr[3896]: <132094> <3896> <WARN> |authmgr| MIC failed in WPA2 Key Message 2 from Station f8:16:54:96:3e:8a ac:a3:1e:5b:e8:b0 ap-ba-auditorio
Dec 7 11:38:52 authmgr[3896]: <132094> <3896> <WARN> |authmgr| MIC failed in WPA2 Key Message 2 from Station f8:16:54:96:3e:8a 84:d4:7e:75:ec:30 Plaza Seca Esquina
Dec 7 11:38:56 authmgr[3896]: <132094> <3896> <WARN> |authmgr| MIC failed in WPA2 Key Message 2 from Station f8:16:54:96:3e:8a 84:d4:7e:65:d5:f0 Plaza Seca Defensa

Anyone knows what kind of problem is?

 

Thanks

 

Gabriel

Frequent Contributor I

Re: Disconections problem

if the logs are correct, someone is likely trying to perform attacks against your clients/aps to gain access to tbsemployee or just generally be a nuisance. You should go have a look who is around the APs that are reported (Plaza Seca Defensa, Plaza Seca Esquina, ap-ba-auditorio)

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: