We are getting and have confirmed some reports of some wireless clients
getting dropped repeatedly. Upon further investigation, it looks like
the client/STA (or someone impersonating them) is sending a disassociate
frame to our AP. This problem looks like it is localized on a couple of
dorms and on specific floors. It also seems to affect most(all?)
clients in the area. It also seems time sensitive - no problems for
hours, then disassocs every 3-5 minutes. I've yet to capture a packet
trace of the problem as it stops before we get on site with a wireless
protocol analyzer.
In light of the symptoms, I think we are experiencing a series of DOS or
MitM attacks, probably hacker initiated. The usual AirJack-based
attacks I've seen use deauths, not disassocs.
Has anyone experienced similar symptoms or problems lately? Perhaps a
new attack script?
--
>>-> Stan Brooks - CWNA/CWSP
Emory University
Network Communications Division
404.727.0226
[EMAIL PROTECTED]
AIM: WLANstan Yahoo!: WLANstan MSN: [EMAIL PROTECTED]
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
