Thanks Jason!  That is very interesting and affirms the same we are seeing with 
consumer devices (netgear) originating containments.  
----------------------------------- 
Eric Kenny
Network Architect
Harvard University IT
-----------------------------------

> On Apr 10, 2018, at 3:46 PM, Trinklein, Jason R <trinkle...@cofc.edu> wrote:
> 
> We have detected 78 signatures of Deauth and DIsassoc broadcast attacks on 
> our network in the past 24 hours (as reported by our Aruba Mobility Master).
>  
> I pulled the MAC addresses of the systems and performed a MAC-Vendor lookup 
> to see if there were any patterns. Here is what I found:
> <image001.png>
>  
> Perhaps the most surprising is the relative high occurrence of Nintendo.
>  
> I’ll continue pulling data in the future to see if these trends continue.
>  
> -- 
> Jason Trinklein
> Wireless Engineering Manager
> College of Charleston
> 81 St. Philip Street | Office 311D | Charleston, SC 29403
> trinkle...@cofc.edu | (843) 300–8009
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Samuel Clements 
> <scleme...@gmail.com>
> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Date: Tuesday, April 3, 2018 at 6:23 PM
> To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Subject: Re: [WIRELESS-LAN] Handling Wifi Deauth Attacks
>  
> I have filed a complaint with the FCC in the past and it was surprisingly 
> successful. I would suggest you start with this link:
> https://www.fcc.gov/document/warning-wi-fi-blocking-prohibited
>  
> Which includes the following tidbit:
> What Should You Do if You Suspect Wi-Fi Blocking? If you have reason to 
> believe your personal Wi-Fi hot spot has been blocked, you can file a 
> complaint with the FCC. To do so, you can visit www.fcc.gov/complaints or 
> call 1-888-CALL-FCC. If you contact the FCC, you are encouraged to provide as 
> much detail as possible regarding the potential Wi-Fi blocking, including the 
> date, time, location, and possible source.
>  
> Ideally you would be able to provide a packet capture in tandem with your 
> complaint. In my particular situation, I received a formal letter after my 
> case was reviewed and found to be a non-issue (mine was an illegal jammer). 
> After calling to re-open the case, the FCC field team was dispatched and 
> 'mitigated' the issue with much precision. Be forewarned that you're likely 
> to feel like your being ignored and given the run around - in my case there 
> was no followup, just an FCC field van show up and then a clean spectrum 
> shortly thereafter. If you provide the above link in your complaint and 
> inform them that you believe you're impacted by the clarification provided, 
> that should shore up your story some.
> Good luck, and happy hunting!
>   -Sam
>  
> On Tue, Apr 3, 2018 at 9:42 AM, Kenny, Eric <eric_ke...@harvard.edu> wrote:
> While investigating some “wifi is slow” and “wifi is dropping” complaints, we 
> noticed deauth/disassociation flooding attacks reported by our wireless IDS.  
> So far I’ve been able to identity a small percentage of these as local 
> businesses and other local (non-university affiliated) organizations.  What 
> strikes me as odd is that a lot of the MAC OUIs from offending devices appear 
> to be consumer grade wireless devices (Belken, Netgear, eero, etc.).  I’d 
> love to get a hold of one of these devices and look at its settings to see 
> how it’s configured.  I’m not a lawyer, but I think this falls under 
> regulation 47 U.S. Code § 333.
> 
> Besides filing a complaint with the FCC, I’m wondering if any of you have 
> experienced this on your campuses, and if so, how you’ve gone about dealing 
> with it.  I’m afraid asking the business nicely would just result in a blank 
> stare, as they would not likely understand the nature of the complaint, or 
> what their wireless is actually doing.
> 
> §333. Willful or malicious interference
> No person shall willfully or maliciously interfere with or cause interference 
> to any radio communications of any station licensed or authorized by or under 
> this chapter or operated by the United States Government.
> (June 19, 1934, ch. 652, title III, §333, as added Pub. L. 101–396, §9, Sept. 
> 28, 1990, 104 Stat. 850.)
> 
> Thanks,
> -----------------------------------
> Eric Kenny
> Network Architect
> Harvard University IT
> -----------------------------------
> 
> 
> **********
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found athttp://www.educause.edu/discuss.
> 
>  
> ********** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/discuss.
> ********** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/discuss.


**********
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Reply via email to