cancel
Showing results for 
Search instead for 
Did you mean: 

When will we be able to disable EAPOL retries per SSID to protect unpatched devices against KRACK?

shiningarcanine
New Contributor III
When will we be able to disable EAPOL retries to protect unpatched devices from KRACK?

People can do this on Cisco APs:

https://blogs.cisco.com/security/wpa-...

Even cheap APs running LEDE support this:

https://git.lede-project.org/?p=sourc...

It is ridiculous that devices connected to a $50 Linksys would be more secure than devices connected to a $1000 Ruckus.
I know that the WIPS helps, but that only checks every N seconds. That gives plenty of time for exploit scripts to run and penetrate deeper. I can imagine my wireless smart outlets being manipulated to run up electric bills, among other nefarious things.

Do I really need to deploy a $50 Linksys running third party firmware to protect my vulnerable devices? If Ruckus either cannot or will give us this mitigation, could it at least enable a competent third party like LEDE to provide firmware for their APs? Management would be a pain, but at least the connected client devices would be secure.
2 REPLIES 2

michael_brado
Esteemed Contributor II
Hello Richard,

   Please see most recent update details on our WPA2 KRACK Support resource center page:
https://support.ruckuswireless.com/krack-ruckus-wireless-support-resource-center 

and in the Release Notes for KRACK Vulnerabilty Fix:
https://support.ruckuswireless.com/documents/2065-smartzone-release-notes-for-krack-vulnerability-fi... 

pointing CUs to the SZ 3.1.2 - 3.6 Software Release AP CLI Scripts (WPA2 KRACK patch):
https://support.ruckuswireless.com/software/1487-smartzone-3-1-2-3-6-software-release-ap-cli-scripts... 

Which allow you to disable EAPOL retries, and protect non-updated clients.

shiningarcanine
New Contributor III
I am running Ruckus unleashed, which is why I marked this post as applying to Ruckus unleashed. How do the scripts for smart zone apply to that?