https://community.ruckuswireless.com/t5/Unleashed/When-will-we-be-able-to-disable-EAPOL-retries-per-SSID-to/m-p/8528#M538 When will we be able to disable EAPOL retries to protect unpatched devices from KRACK?<BR /><BR />People can do this on&nbsp;Cisco APs:<BR /><BR /><A href="https://blogs.cisco.com/security/wpa-vulns" rel="nofollow" target="_blank" title="Link: https://blogs.cisco.com/security/wpa-vulns">https://blogs.cisco.com/security/wpa-...</A><BR /><BR />Even cheap APs running LEDE support this:<BR /><BR /><A href="https://git.lede-project.org/?p=source.git;a=commit;h=d501786ff25684208d22b7c93ce60c194327c771" rel="nofollow" target="_blank" title="Link https//gitlede-projectorg/psourcegitacommithd501786ff25684208d22b7c93ce60c194327c771">https://git.lede-project.org/?p=sourc...</A><BR /><BR />It is ridiculous that devices connected to a $50 Linksys would be more secure than devices connected to a $1000 Ruckus.<BR /> I know that the WIPS helps, but that only checks every N seconds. That gives plenty of time for exploit scripts to run and penetrate deeper. I can imagine my wireless smart outlets being manipulated to run up electric bills, among other nefarious things.<BR /><BR />Do I really need to deploy a $50 Linksys running third party firmware to protect my vulnerable devices? If Ruckus either cannot or will give us this mitigation, could it at least enable a competent third party like LEDE to provide firmware for their APs? Management would be a pain, but at least the connected client devices would be secure. Thu, 30 Nov 2017 20:30:13 GMT shiningarcanine 2017-11-30T20:30:13Z https://community.ruckuswireless.com/t5/Unleashed/When-will-we-be-able-to-disable-EAPOL-retries-per-SSID-to/m-p/8528#M538 When will we be able to disable EAPOL retries to protect unpatched devices from KRACK?<BR /><BR />People can do this on&nbsp;Cisco APs:<BR /><BR /><A href="https://blogs.cisco.com/security/wpa-vulns" rel="nofollow" target="_blank" title="Link: https://blogs.cisco.com/security/wpa-vulns">https://blogs.cisco.com/security/wpa-...</A><BR /><BR />Even cheap APs running LEDE support this:<BR /><BR /><A href="https://git.lede-project.org/?p=source.git;a=commit;h=d501786ff25684208d22b7c93ce60c194327c771" rel="nofollow" target="_blank" title="Link https//gitlede-projectorg/psourcegitacommithd501786ff25684208d22b7c93ce60c194327c771">https://git.lede-project.org/?p=sourc...</A><BR /><BR />It is ridiculous that devices connected to a $50 Linksys would be more secure than devices connected to a $1000 Ruckus.<BR /> I know that the WIPS helps, but that only checks every N seconds. That gives plenty of time for exploit scripts to run and penetrate deeper. I can imagine my wireless smart outlets being manipulated to run up electric bills, among other nefarious things.<BR /><BR />Do I really need to deploy a $50 Linksys running third party firmware to protect my vulnerable devices? If Ruckus either cannot or will give us this mitigation, could it at least enable a competent third party like LEDE to provide firmware for their APs? Management would be a pain, but at least the connected client devices would be secure. Thu, 30 Nov 2017 20:30:13 GMT https://community.ruckuswireless.com/t5/Unleashed/When-will-we-be-able-to-disable-EAPOL-retries-per-SSID-to/m-p/8528#M538 shiningarcanine 2017-11-30T20:30:13Z https://community.ruckuswireless.com/t5/Unleashed/When-will-we-be-able-to-disable-EAPOL-retries-per-SSID-to/m-p/8529#M539 Hello Richard,<BR /><BR />&nbsp; &nbsp;Please see most recent update details on our WPA2 KRACK Support resource center page:<BR /><A href="https://support.ruckuswireless.com/krack-ruckus-wireless-support-resource-center" rel="nofollow">https://support.ruckuswireless.com/krack-ruckus-wireless-support-resource-center</A>&nbsp;<BR /><BR />and in the Release Notes for KRACK Vulnerabilty Fix:<BR /><A href="https://support.ruckuswireless.com/documents/2065-smartzone-release-notes-for-krack-vulnerability-fix" rel="nofollow" target="_blank">https://support.ruckuswireless.com/documents/2065-smartzone-release-notes-for-krack-vulnerability-fi...</A>&nbsp;<BR /><BR />pointing CUs to the SZ 3.1.2 - 3.6 Software Release AP CLI Scripts (WPA2 KRACK patch):<BR /><A href="https://support.ruckuswireless.com/software/1487-smartzone-3-1-2-3-6-software-release-ap-cli-scripts-wpa2-krack-patch" rel="nofollow" target="_blank">https://support.ruckuswireless.com/software/1487-smartzone-3-1-2-3-6-software-release-ap-cli-scripts...</A>&nbsp;<BR /><BR />Which allow you to disable EAPOL retries, and protect non-updated clients. Thu, 30 Nov 2017 21:18:03 GMT https://community.ruckuswireless.com/t5/Unleashed/When-will-we-be-able-to-disable-EAPOL-retries-per-SSID-to/m-p/8529#M539 michael_brado 2017-11-30T21:18:03Z https://community.ruckuswireless.com/t5/Unleashed/When-will-we-be-able-to-disable-EAPOL-retries-per-SSID-to/m-p/8530#M540 I am running Ruckus unleashed, which is why I marked this post as applying to Ruckus unleashed. How do the scripts for smart zone apply to that? Thu, 30 Nov 2017 22:02:07 GMT https://community.ruckuswireless.com/t5/Unleashed/When-will-we-be-able-to-disable-EAPOL-retries-per-SSID-to/m-p/8530#M540 shiningarcanine 2017-11-30T22:02:07Z