When will we be able to disable EAPOL retries to protect unpatched devices from KRACK?
People can do this on Cisco APs:https://blogs.cisco.com/security/wpa-...
Even cheap APs running LEDE support this:https://git.lede-project.org/?p=sourc...
It is ridiculous that devices connected to a $50 Linksys would be more secure than devices connected to a $1000 Ruckus.
I know that the WIPS helps, but that only checks every N seconds. That gives plenty of time for exploit scripts to run and penetrate deeper. I can imagine my wireless smart outlets being manipulated to run up electric bills, among other nefarious things.
Do I really need to deploy a $50 Linksys running third party firmware to protect my vulnerable devices?
If Ruckus either cannot or will give us this mitigation, could it at least enable a competent third party like LEDE to provide firmware for their APs? Management would be a pain, but at least the connected client devices would be secure.