UPDATED: DoS on hostap
mike-hostap at tiedyenetworks.com
mike-hostap
Fri Apr 2 16:55:08 PST 2004
Ok I've been looking at this and I think there's something really screwey
here. The message "AP: drop packet to non-associated STA
xx:xx:xx:xx:xx:xx" will all of a sudden begin to be emitted from my AP for
no discernable reason, flooding the log server and the local network with
these messages. What I've figured out is that the AP is complaining about
a frame to a destination mac address of a machine on the lan behind it -
specfically, a pppoe server. I have been unable to capture any frames
exchanged between the pppoe server and the access point that would appear
to cause the problem - it's as if, all of a sudden, something in the ap
remembers this box and just begins shitting messages like nobody's
business. I've spent a lot of time with tcpdump trying to capture anything
suspecious between these two (or any others for that matter), and came up
empty.
My ap basiclly bridges three interfaces - eth0, wlan0, and wlan1.
I have spanning three turned ON, and wlan0/wlan1 are NOT bridging frames
nor are they talking to themselves. The software rev is 0.1.3 and both
wlan cards are running 1.1.0/1.8.0 firmwares. But as I said the AP
messages aren't talking about anything received on a wlan interface, it's
complaining about a device on the wired side. This, combined with that
other nonesense (the incremending bssid's, the crap garbage monitor mode
output showing every kind of 802.11 frame tcpdump knows how to decode),
leads me to think that perhaps theres just something broke between the
kernel bridging code and hostap. There is NO WAY that the 'drop packet to
non-associated STA' message could be referencing any packet received on
the wireless side, this AP is not in use yet and has nothing around it I
can hear.
--
WillitsOnline.Com - Your LOCAL provider of High Speed Internet!
More information about the Hostap
mailing list