Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Wireless network appears to have been compromised...

Hi,

Lately, I've been having some weired problems with my wireless network. All of a sudden I receive the following message, up to 20-25 times a day:

"The wireless network appears to have been compromised and will be disabled for about a minute."

My network is WPA secured and SSID is not visible. I read in a different forum that by changing to WEP, the problem seamed to disappear. But to be honest, that's like having it completely open to everybody. Is there any other solution to that problem?

P.S. @Apple: This problem goes back over five years. How about releasing some kind of bugfix or at least give us the chance to switch of this "protection"?

Macbook Pro Late 08, Mac OS X (10.5.6)

Posted on Mar 15, 2009 1:00 PM

Reply
6 replies

Mar 15, 2009 4:11 PM in response to Macindows

Macindows wrote:
Hi,


P.S. @Apple: This problem goes back over five years. How about releasing some kind of bugfix or at least give us the chance to switch of this "protection"?


To reach Apple, file a bug report here:
https://bugreport.apple.com
Apple does not, as a rule, read these posts - - certainly not each and every one of them.

BTW, that message is coming from your modem and has nothing to do with Apple. Time to get a new modem or update the firmware.

Mar 16, 2009 3:29 AM in response to nerowolfe

Actually, nerowolfe, that message comes from the *AirPort driver* when it detects a problem with the TKIP Message Integrity Check or the associated checksum.

(See the file:

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resource s/ClientController.bundle/Contents/Resources/English.lproj

it contains the strings:

"wpaIsFailureMIC" = "The wireless network appears to have been compromised and will be disabled for about a minute.";
"wpaIsReplayAttack" = "The wireless network appears to have been compromised and will be disabled for about a minute.";


)

Two "easy" ways of avoiding this are to change to a different router or, if possible, only use WPA2 encryption.

Detail:

When the message is seen, it's because:

TKIP uses a keyed Message Integrity Check (MIC) to detect packets that are replayed or forged. Anyone can send (that is, inject) a TKIP-encrypted packet that has been captured and modified, but those packets are dropped because the MIC and checksum do not match the data carried by the packet. APs using TKIP usually transmit an error report when the first bad MIC is received. If a second bad packet arrives within 60 seconds, the AP stops listening for another minute and then "rekeys" the WLAN, requiring all clients to start using a new "pairwise master key" to generate both the MIC key and those per-packet encryption keys.

http://searchnetworking.techtarget.com.au/tips/28356-How-to-avoid-the-WPA-attack -entirely


Now there are TKIP injection attacks, and it could be that the wireless network involved is under attack, but it's more likely that the router is incorrectly calculating the MIC or checksum, or the MIC or checksum are being corrupted during transmission, usually due to interference from another router nearby.

Wireless network appears to have been compromised...

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.