UPDATED re DoS information

[Mike Ireton]

Howdy,

	So regarding the problem I have been reporting with "AP: drop 
packet to non-assocated station", I think I have made an important 
discovery. 

	In my config, wlan0, wlan1 and eth0 are all bridged together. A 
server on the eth0 side accepts syslog messages from the AP (hey, we all 
should be keeping logs, right?!), and in my case, syslog will occasionally 
write a 'mark' message about once every 20 minutes. It had been observed 
that at the exact time the 'mark' message is emitted, hostap began 
squirting out millions of the messages. 

	So my first observation was that the messages would come 
immediately following the 'mark' message from syslog, and at the time 
although the syslog server was in the ARP cache, it was not in fact 
listed in the bridge table. And the messages from hostap would seem to 
stop the very instant I did anything that would cause the bridge to 
learn the mac of the syslog server. So taking it a step further, I set up 
a little cron job to ping the AP from the syslog server every minute, to 
ensure that the bridge table _always_ had the syslog server's mac address. 
And you know what? No more messages. It's been silent for _hours_ now.

	The only thing I can see is that since syslog runs on the AP, it 
has to arp for the mac of the syslog server. But shouldn't this wind up 
in the bridge table? 

More news later.

-- 

WillitsOnline.Com - Your LOCAL provider of High Speed Internet!