New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiple AP with the same SSID and WPA2/3 mixmode returns undesired alerts. #642
Comments
It looks like nzyme is getting confused here with two different SSIDs served by the same BSSID. I'm looking into it. |
Took a deeper look and actually nzyme appears to operate correctly here. Let's look at the two alerts you posted:
This is correct. Your configuration for
This is correct. Your configuration for You should be able to simply extend your configuration and no longer receive the alerts. |
Thanks
Think this is already in config see Network23_W entry where both c6:41:1e:f5:36:44 and c4:41:1e:f8:9b:9c are listed.
Ok, replaced WPA3-AES-CCMP to WPA3-PSK-PSKSHA256-SAE-CCMP is this what you intended. Extending with multiple SSID with the same name is not possible. |
Those two are, but the alerted BSSID
Not sure if I understand correctly. Did this solve the false alerts? |
Hi here my screenshots. I think it is the same problem. Two different security settings within one SSID but two BSSID. SSID [Router1] was advertised with unexpected security settings [WPA2-PSK-CCMP]. SSID [Router1] was advertised with unexpected security settings [WPA2-PSK-CCMP]. The related config:
I think the array of the security mechanism isn't handled in the right way. For me it seems that the alarms are coming alternating. So if WPA3 is expected WPA2 is seen -> Alarm!. But WPA2 is stored internally and if WPA3 comes up the alarm raises again and store WPA3 for the next comparison. |
Firstly error-ed indeed on c6 or c4 in mac address config caused by some reworked SSIDs with alternative mac address set. |
Duplicate #527 |
I think I understand the problem now. Could one of you send me a PCAP of this environment so I can confirm? It appears like the networks are advertised with different frames per security mechanism. Nzyme expects them to be advertised all in one frame. A PCAP would let me confirm this. |
Any traction on this? I'm still seeing this with a fresh install as of yesterday. |
Nothing heard about it, unfortunally. |
This will be solved with the architecture in v2.0. |
Observation.
Clients are able to choose WPA3 or WPA2 (mixed mode) on 5.5 SSID but this results in many of these alerts
CRYPTO_CHANGE_BEACON
Using same SSID with different mac results in many
UNEXPECTED_SSID_BEACON
using different mac on same SSID results in many
UNEXPECTED_BSSID_BEACON
AP1
radio 1 SSID Network23 2.4 WPA2-PSK-CCMP c4:41:1e:f8:9b:9c
radio 1 SSID Network23_W 2.4 WPA2-PSK-CCMP c4:41:1e:f8:9b:9c
radio 2 SSID Network23 5.5 WPA2-PSK-CCMP and WPA3-PSK-PSKSHA256-SAE-CCMP c4:41:1e:f8:9b:9d
AP2
radio 1 SSID Network23 2.4 WPA2-PSK-CCMP c4:41:1e:f5:36:44
radio 1 SSID Network23_W 2.4 WPA2-PSK-CCMP c4:41:1e:f5:36:44
radio 2 SSID Network23 5.5 WPA2-PSK-CCMP and WPA3-PSK-PSKSHA256-SAE-CCMP 2 C4:41:1E:F5:36:45
UNEXPECTED_BSSID_BEACON
SSID [Network23_W] was advertised with beacon frame by unexpected BSSID [c6:41:1e:f8:9b:9c]
true can also be c4:41:1e:f5:36:44
CRYPTO_CHANGE_BEACON
SSID [Network23] was advertised with unexpected security settings [WPA2-PSK-CCMP]
SSID [Network23] was advertised with unexpected security settings [WPA3-PSK-PSKSHA256-SAE-CCMP]
true can be both on 2.4 and 5.5 with the same SSID
Most interesting bits from nzyme.conf
in ui the sec settings a presented like this.
The text was updated successfully, but these errors were encountered: