Preventing TKIP Counter measure / MIC Failure floods (SonicOS 5.9 and above)
03/26/2020 7 11170
SonicOS 5.9 and above provides a solution to detect WPA TKIP MIC failure floods and automatically place the problematic wireless station(s) into a blacklist to stop the attack. As wireless clients generate the TKIP countermeasures, they will also be automatically moved into blacklist, so the other wireless stations within the same wireless LAN network will not be affected.
1. Login to the SonicWall Management Appliance and navigate to SonicPoint | SonicPoints page
2. Edit the desired SonicPoint Provisioning Profile or the SonicPoint device.
3. In the Pop-up window click on 802.11n Radio tab
4. In the ACL Enforcement section Check/Enable the option "Enable MAC Filter List" and ensure the Allow and Deny settings are as follows:
- Allow List: All MAC Addresses
- Deny List: Default SonicPoint ACL Deny Group
5. Check/Enable the option "Enable MIC Failure ACL Blacklist".
- MIC Failure Frequency Threshold (times / Minutes) = 3 (default)
6. Click OK to apply the settings.
How to Test:
Once it is detected that the threshold has been reached, the SonicWall will automatically add the problematic station to the “Default SonicPoint ACL Deny Group”. This will also be listed in the SonicWall’s log: