On Tue, Dec 3, 2013 at 3:04 PM, Johannes Berg <johannes@xxxxxxxxxxxxxxxx> wrote: > On Tue, 2013-12-03 at 14:50 +0530, Krishna Chaitanya wrote: >> On Tue, Dec 3, 2013 at 12:21 AM, Johannes Berg >> <johannes@xxxxxxxxxxxxxxxx> wrote: >> > From: Johannes Berg <johannes.berg@xxxxxxxxx> >> > >> > The GTK is shared by all stations in an 802.11 BSS and as such any >> > one of them can send forged group-addressed frames. To prevent this >> > kind of attack, drop unicast IP packets if they were protected with >> > the GTK, i.e. were multicast packets at the 802.11 layer. >> > >> > Based in part on a patch by Jouni that did the same but in the IP >> > stack, which was considered too intrusive. >> > >> As per RFC 1122 this is an invalid case: >> When a host sends a datagram to a link-layer broadcast address, >> the IP destination address MUST be a legal IP broadcast or IP >> multicast address. >> >> A host SHOULD silently discard a datagram that is received via >> a link-layer broadcast (see Section 2.4) but does not specify >> an IP multicast or broadcast destination address. >> >> We can simply drop this frame irrespective of GTK/PTK is used. > > Interesting. Can you point out where this is implemented in the IP > stack(s)? AFAIK there is no check in the drivers/IP Stack for this. May be we can implement this IP stack in a generic way confirming to RFC1122? -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
