Question

Locked

Cisco 857w log entries

By ross ·
Can anyone help with the interpreting my log files please.
I am having an awful lot (100's per day) of log entries in the log file of the following nature...
TKIP Replay: TA=000f.b539.xxxx, RSC=0xEC98,TSC=0xEC96
I assume the TA= is a MAC address but i don't know what the rest of it means. I also don't know why there are so many of them.
Does this indicate a problem? Does it indicate an intrusion attempt.

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

TKIP

by CG IT In reply to Cisco 857w log entries

The quick and dirty is:

Temporal Key Intergrity Protocol used for IEEE 802.11i wireless. The replay is that using a 48 bit sequence # someone can't replay the packets as a method of intrusion. an attacker can't use old packets because they would be out of the sequence order because there virtually isn't any repeats in the sequence #.

Collapse -

Cisco TKIP Replay messages in log

by ross In reply to TKIP

Thanks for the response.

So this means that they are not an indication of a problem they are just there for informational purposes. then it's ok if i just filter them from being logged.

Very much appreciated...

Rossco

Collapse -

not entirely... your logging what?

by CG IT In reply to Cisco TKIP Replay message ...

if you are logging security and your getting a lot of replay events, that could mean that someone is trying to replay packets.

Depends on what events your logging for.

Back to Networks Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums