UPDATED: DoS on hostap

[mike-hostap at tiedyenetworks.com]

Ok I've been looking at this and I think there's something really screwey 
here. The message "AP: drop packet to non-associated STA 
xx:xx:xx:xx:xx:xx" will all of a sudden begin to be emitted from my AP for 
no discernable reason, flooding the log server and the local network with 
these messages. What I've figured out is that the AP is complaining about 
a frame to a destination mac address of a machine on the lan behind it - 
specfically, a pppoe server. I have been unable to capture any frames 
exchanged between the pppoe server and the access point that would appear 
to cause the problem - it's as if, all of a sudden, something in the ap 
remembers this box and just begins shitting messages like nobody's 
business. I've spent a lot of time with tcpdump trying to capture anything 
suspecious between these two (or any others for that matter), and came up 
empty.

	My ap basiclly bridges three interfaces - eth0, wlan0, and wlan1. 
I have spanning three turned ON, and wlan0/wlan1 are NOT bridging frames 
nor are they talking to themselves. The software rev is 0.1.3 and both 
wlan cards are running 1.1.0/1.8.0 firmwares. But as I said the AP 
messages aren't talking about anything received on a wlan interface, it's 
complaining about a device on the wired side. This, combined with that 
other nonesense (the incremending bssid's, the crap garbage monitor mode 
output showing every kind of 802.11 frame tcpdump knows how to decode), 
leads me to think that perhaps theres just something broke between the 
kernel bridging code and hostap. There is NO WAY that the 'drop packet to 
non-associated STA' message could be referencing any packet received on 
the wireless side, this AP is not in use yet and has nothing around it I 
can hear.








-- 

WillitsOnline.Com - Your LOCAL provider of High Speed Internet!