Thanks Jason! That is very interesting and affirms the same we are seeing with consumer devices (netgear) originating containments. ----------------------------------- Eric Kenny Network Architect Harvard University IT -----------------------------------
> On Apr 10, 2018, at 3:46 PM, Trinklein, Jason R <trinkle...@cofc.edu> wrote: > > We have detected 78 signatures of Deauth and DIsassoc broadcast attacks on > our network in the past 24 hours (as reported by our Aruba Mobility Master). > > I pulled the MAC addresses of the systems and performed a MAC-Vendor lookup > to see if there were any patterns. Here is what I found: > <image001.png> > > Perhaps the most surprising is the relative high occurrence of Nintendo. > > I’ll continue pulling data in the future to see if these trends continue. > > -- > Jason Trinklein > Wireless Engineering Manager > College of Charleston > 81 St. Philip Street | Office 311D | Charleston, SC 29403 > trinkle...@cofc.edu | (843) 300–8009 > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Samuel Clements > <scleme...@gmail.com> > Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv > <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > Date: Tuesday, April 3, 2018 at 6:23 PM > To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > Subject: Re: [WIRELESS-LAN] Handling Wifi Deauth Attacks > > I have filed a complaint with the FCC in the past and it was surprisingly > successful. I would suggest you start with this link: > https://www.fcc.gov/document/warning-wi-fi-blocking-prohibited > > Which includes the following tidbit: > What Should You Do if You Suspect Wi-Fi Blocking? If you have reason to > believe your personal Wi-Fi hot spot has been blocked, you can file a > complaint with the FCC. To do so, you can visit www.fcc.gov/complaints or > call 1-888-CALL-FCC. If you contact the FCC, you are encouraged to provide as > much detail as possible regarding the potential Wi-Fi blocking, including the > date, time, location, and possible source. > > Ideally you would be able to provide a packet capture in tandem with your > complaint. In my particular situation, I received a formal letter after my > case was reviewed and found to be a non-issue (mine was an illegal jammer). > After calling to re-open the case, the FCC field team was dispatched and > 'mitigated' the issue with much precision. Be forewarned that you're likely > to feel like your being ignored and given the run around - in my case there > was no followup, just an FCC field van show up and then a clean spectrum > shortly thereafter. If you provide the above link in your complaint and > inform them that you believe you're impacted by the clarification provided, > that should shore up your story some. > Good luck, and happy hunting! > -Sam > > On Tue, Apr 3, 2018 at 9:42 AM, Kenny, Eric <eric_ke...@harvard.edu> wrote: > While investigating some “wifi is slow” and “wifi is dropping” complaints, we > noticed deauth/disassociation flooding attacks reported by our wireless IDS. > So far I’ve been able to identity a small percentage of these as local > businesses and other local (non-university affiliated) organizations. What > strikes me as odd is that a lot of the MAC OUIs from offending devices appear > to be consumer grade wireless devices (Belken, Netgear, eero, etc.). I’d > love to get a hold of one of these devices and look at its settings to see > how it’s configured. I’m not a lawyer, but I think this falls under > regulation 47 U.S. Code § 333. > > Besides filing a complaint with the FCC, I’m wondering if any of you have > experienced this on your campuses, and if so, how you’ve gone about dealing > with it. I’m afraid asking the business nicely would just result in a blank > stare, as they would not likely understand the nature of the complaint, or > what their wireless is actually doing. > > §333. Willful or malicious interference > No person shall willfully or maliciously interfere with or cause interference > to any radio communications of any station licensed or authorized by or under > this chapter or operated by the United States Government. > (June 19, 1934, ch. 652, title III, §333, as added Pub. L. 101–396, §9, Sept. > 28, 1990, 104 Stat. 850.) > > Thanks, > ----------------------------------- > Eric Kenny > Network Architect > Harvard University IT > ----------------------------------- > > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found athttp://www.educause.edu/discuss. > > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/discuss. > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.