Every packet encrypted with AES or TKIP contains a unique sequence number so that the receiver can recognize and and drop replays. Where QoS is active, the recipient has to run a replay counter for each different priority level.
If not, an attacker could replay a sniffed packet on a different priority level. This situation is actually the basis for a number of methods of attacking TKIP.
As of LCOS version 7.70, recipients can conduct replay checks for each priority level, and there is also an additional ‘global’ check that keeps track of the sequence numbers recently used by the remote station. Senders are prohibited from repeating sequence numbers on different priority levels, meaning that to a certain extent replay attacks on another priority level can be recognized.
Some WLAN clients, such as those used in mobile phones, operate with a faulty AES implementation, whereby the sender uses a separate sequence counter for each priority level. It is normal for these devices to repeat sequence numbers.
In order to allow these devices to operate in the WLAN, it is possible to omit the global check of the crypto sequence.
Command line:
- Omit-Global-Crypto-Sequence-Check
- This is where you set the value for the crypto sequence check.
Possible values:
- Auto, Yes, No
- Auto
- Auto: LCOS contains a list of relevant devices. In the 'Auto' setting, the global sequence check is disabled. For other devices not included in this list, the global sequence check has to be disabled manually.
