cancel
Showing results for 
Search instead for 
Did you mean: 

FragAttacks Security Vulnerability - RUCKUS Technical Support Response Center

grodog-prod
Contributor II

At 11:00am PDT today, the Wi-Fi Alliance announced a new Wi-Fi security vulnerability, FragAttacks.

The FragAttacks - RUCKUS Technical Support Response Center is our central web page that brings together all of the RUCKUS-related information you need to address FragAttacks, including:

In addition, the RUCKUS senior technology leadership has prepared resources to explain the nature and impact of the FragAttacks vulnerabilities, including technical blogs, videos, and podcasts.  These are all linked on the FragAttacks - RUCKUS Technical Support Response Center web page.

Please use this thread as a central location for your FragAttacks questions and concerns.  Doing so will help to ensure that we can respond as quickly as possible to your issues as you raise them. 

Thank you!

Allan Grohe

Allan T. Grohe Jr.
==
Knowledge Management Program Director
for RUCKUS Customer Services & Support
44 REPLIES 44

Thank you! Much appreciated!

syamantakomer
Community Admin
Community Admin

eizens_putnins
Valued Contributor II

Hi,

I want to emphasize, that normally new firmware can't be installed if ZD isn't under active support. In Release Note is stated that for some time this check is suspended, to allow patching all systems, with or without support.

It is really very responsible step from Ruckus and must be clearly stated in BIG LETTERS on the same page with list of download links to encourage immediate action! 

What about version 9.8-9.9 --  as Ruckus APs have a very long useful life, there are still many 802.11n networks in operation and even 802.11g - it is extreme, but there is a network with ZF2942 APs (in 4star hotel, installed by us in 2007, and still "good enough not to be replaced yet" for hotel management!). Of cause, these networks have no support, as they can't upgrade to the latest versions anyway (APs and even controllers are not supported).

Are there any plans to get patches to version 9.9 or similar, which allows managing older APs? At least for version supporting ZF7372/52, ZF7982, etc.

I know that it is better to replace them, but it is not going to happen for quit a while.  As far as 802.11n service is still acceptable, they will stay around, secure or not.

There is, of cause, question about patch efficiency --  as you can never guarantee that all devices connected to network are patched, is patching a network really efficient? I understand, that without patching APs, you can't fix the vulnerability at all, but if there is a big part of unpatched clients,  will this provide any real improvement?

For really critical networks -- is there a way to block vulnerable clients on WiFi level, or the only chance for that is NAC?

Hi @eizens_putnins ,

Most of the queries above are already answered in our FragAttack support page.

Please refer the page from here.

I am trying to answer a few queries here.

  1. Yes you can upgrade the ZD even if you don't have support entitlement. Try to sync license online from ZD, or reachout to support and request for temporary entitlement.
  2. Without patching APs and clients, fix is useless, so yes, both side devices needs to be patched.
  3. However, there are some vulnerabilities which can be patched just by APs but not all, hence patching both sides is strongly recommended.
  4. It could be hard to patch already EOS/EOL devices. I am still checking this internally.

You can refer detailed information on FragAttach support page.


Syamantak Omer
Sr.Staff TSE | CWNA | CCNA | RCWA | RASZA | RICXI
RUCKUS Networks, CommScope!
Follow me on LinkedIn