More DoS information
M. Grabert
xam
Mon Apr 5 00:43:51 PDT 2004
On Sun, 4 Apr 2004, Jouni Malinen wrote:
> On Wed, Mar 31, 2004 at 01:47:30PM -0800, mike-hostap at tiedyenetworks.com wrote:
>
> > We recorded 573 syslog messages _per second_ at one point.
I just found out that I have a similar problem on Linux/PA-RISC
(see my last mail about my setup and my similar problem).
I not only get a kernel message (with a bogous MAC address) every 2 minutes,
I also get "AP: drop packet to non-associated STA" messages with
valid MAC addresses, but rather seldomly (ie. only each couple of days,
but then in bursts within a few seconds).
> > Presumably this means that the AP is picking up frames at that rate - for
> > example:
> >
> > Mar 31 13:26:01 12.149.131.195 klogd: AP: drop packet to non-associated
> > STA 00:60:08:a2:01:a4
>
> Do you recognize that MAC address? It would be useful to know if it one
> of the known devices in the wired or wireless networks. That seems to be
> 3Com device.
In my case the reported MAC addresses are from wired network cards of PCs
that are connected to the same hub as my server.
(except for the (bogous) MAC address that is reported every 2 minutes).
> This message is printed out when something is trying to send a unicast
> frame through the Host AP interface to a destination address that is not
> currently associated. This can happen, e.g., when bridge code does not
> know the address and is forced to send the packet to all bridge ports.
> In this case, the packet would have either be received from another
> bridge port (one of the wired interfaces) or locally generated in the
> AP.
>
> Since this may be a valid packet, Host AP driver should probably just
> drop it silently. I have used that message to debug some error cases,
> but maybe it is time to just get rid of it..
Ahh, makes sense.
However that still doesn't explain my other problem of those reports
with a (bogous) MAC address every 2 minutes (the reported MAC is kind of
similar to the wlan0 or bridge MAC address, see in my last post).
Thanks,
Max
More information about the Hostap
mailing list