Does the WIDPS functionality of your WLAN infrastructure system catch this?
Frank -----Original Message----- From: Stan Brooks [mailto:[EMAIL PROTECTED] Sent: Monday, September 11, 2006 6:25 PM To: [email protected] Subject: [WIRELESS-LAN] Wireless Disconnects - Possible Hacker? We are getting and have confirmed some reports of some wireless clients getting dropped repeatedly. Upon further investigation, it looks like the client/STA (or someone impersonating them) is sending a disassociate frame to our AP. This problem looks like it is localized on a couple of dorms and on specific floors. It also seems to affect most(all?) clients in the area. It also seems time sensitive - no problems for hours, then disassocs every 3-5 minutes. I've yet to capture a packet trace of the problem as it stops before we get on site with a wireless protocol analyzer. In light of the symptoms, I think we are experiencing a series of DOS or MitM attacks, probably hacker initiated. The usual AirJack-based attacks I've seen use deauths, not disassocs. Has anyone experienced similar symptoms or problems lately? Perhaps a new attack script? -- >>-> Stan Brooks - CWNA/CWSP Emory University Network Communications Division 404.727.0226 [EMAIL PROTECTED] AIM: WLANstan Yahoo!: WLANstan MSN: [EMAIL PROTECTED] ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
