IPhones Flooding Wireless LAN At Duke 441
coondoggie sends us to a Network World story, as is his wont, about network problems at Duke University in Durham, N.C. that seem to be related to the iPhone. "The Wi-Fi connection on Apple's recently released iPhone seems to be the source of a big headache for network administrators at Duke. The built-in 802.11b/g adapters on several iPhones periodically flood sections of the school's wireless LAN with MAC address requests, temporarily knocking out anywhere from a dozen to 30 wireless access points at a time. Campus network staff are talking with Cisco, the main WLAN provider, and have opened a help-desk ticket with Apple. But so far, the precise cause of the problem remains unknown. 'Because of the time of year for us, it's not a severe problem,' says Kevin Miller, assistant director, communications infrastructure, with Duke's Office of Information Technology. 'But from late August through May, our wireless net is critical. My concern is how many students will be coming back in August with iPhones? It's a pretty big annoyance, right now, with 20-30 access points signaling they're down, and then coming back up a few minutes later. But in late August, this would be devastating.'" So far, the communication with Apple has been "one-way."
sigh (Score:3, Insightful)
At least the editors admit that coondoggie is filling the queue up with network world stories. Maybe they'll do something about it at some point
Re:sigh (Score:4, Funny)
Re:sigh (Score:5, Funny)
It's like me at the discotheque on Saturday night.
Re: (Score:3, Funny)
Well actually.. (Score:3, Funny)
Least I hope he did, or he was really missing out!
MAC address REQUEST? (Score:5, Insightful)
Slashdot...sigh...
Well tested (Score:3, Insightful)
I'd lay odds there's something screwed with their network...
Re: (Score:2, Insightful)
jeffk
Re:Well tested (Score:4, Funny)
Re:Well tested (Score:4, Insightful)
Re:Well tested (Score:4, Insightful)
Re: (Score:3, Insightful)
Dom
Re:MAC address REQUEST? (Score:5, Interesting)
Re: (Score:3, Informative)
Re:MAC address REQUEST? (Score:5, Funny)
But the iPhone is from Apple, of course it would ask for a Mac address! Heck, they should be glad it didn't ask for a Mac-II address, things would be twice as bad!
(You can do the math for a Mac-IIcx
All your base... (Score:3, Funny)
Re:MAC address REQUEST? (Score:4, Informative)
I would suggest that perhaps you didn't RTFA, but that is a given, since this is Slashdot.
It is, indeed, asking for a MAC address.... it's called ARP [wikipedia.org] and it is how an Ethernet device determines what MAC address to use to reach a destination IP address.
What's the big deal? (Score:4, Insightful)
Re: (Score:3)
There's nothing inherently deceptive in submitting your company's (or your own) stories.
If they make clear who they're representing then in general true.
However, at some point excessive volume equals spam and that crowds out alternative points of view and stories.
---
Free speech is compromised by too much noise as well as too little message. Most advertising is content free noise.
Re: (Score:3, Funny)
You're setting the bar too high. I'm impressed that they correctly used the word "wont".
Re: (Score:2)
Well... (Score:2)
Interesting problem (Score:3, Interesting)
Re: (Score:3, Informative)
Re:Interesting problem (Score:5, Funny)
Re:Interesting problem (Score:5, Informative)
Re:Interesting problem (Score:5, Funny)
Re:Interesting problem (Score:5, Insightful)
I didn't know MAC addresses were assigned dynamically.
But I'm over 40- what do I know?
Re: (Score:2)
The nodes need to know the MAC address associated with an IP address, so they ask for it... or something like that. It's part of the dynamic DHCP process.
I'm sure someone else will give a much better answer.
Re: (Score:2)
Re:Interesting problem (Score:5, Informative)
My guess is that either there is no DHCP and the iPhones just try like crazy, or some other misconfiguration of the network is causing these. Couple this with potential interference from all the other iPhone devices in the area, which could (and probably does) cause dropped packets, and one has a veritable storm of ARP requests which could easily take out subnets. 8 wireless cards is enough to DoS a high end wireless access point (Yellow Laptop anyone) so it doesn't stretch the imagination to think that some iPhone's could do it.
My $0.02 AU
Sounds plausible but what about Laptops? (Score:3, Insightful)
Re: (Score:3, Insightful)
Re:Interesting problem (Score:5, Informative)
DHCP is not implicit in any network topology. It may be modern and 'expected,' but, jesus christ, every time there's a network discussion on this site, DHCP is strewn all over it like shit on a truck stop toilet. Just because you were born in 1995 and have an "ADSL" connection that uses DHCP (well, it probably uses PPPoE now) doesn't mean you're qualified to say anything, and it certainly doesn't mean there aren't real networks that have never even heard of the silly little protocol.
That said, the initial DHCP request does go to a broadcast address, but it certainly has nothing to do with ARP. It goes to the global broadcast address (MAC: FF:FF:FF:FF:FF:FF). There's no such thing as an ARP address. ARP is a network layer protocol lying atop Ethernet (primarily; it isn't limited to Ethernet, of course). It is a MAC address you are thinking of.
Your use of commas is worse than your knowledge of low-level network protocols, really. I don't even know why I bother. Whoever mods this shit up, go fuck yourself. And whoever's out there that actually does know what they're talking about (surely there's someone else out of two million users), like I do, fuck you for not replying and setting these morons straight. It's a ridiculous place to read for technological discussion, anymore.
Re: (Score:3)
I suggest everyone to read Douglas E Comer's Internetworking with TCP/IP Vol 1 - Principles, Protocols and Architecture. It's a little old book but amazingly good one, allthought new editions comes with yellow cover, I liked the red one better (we used to call it Comer's Red Book :) Anyway, it came really handy when I was dealing with NDIS intermediate network drivers (Windows stuff) and Ethernet & TCPIP protocols.
Re: (Score:3, Funny)
Re: (Score:3, Informative)
I suspect what the GP meant is that it's part of the Rendezvous/zeroconf dynamic IP process, which is often built into dhcpcd/pump/dhclient or equivalent. The very first thing most modern computers do when they see a network is to pick a random address and ARP for it, then assign themselves that IP if it isn't used.
Also, it is part of the DHCP process, I think. The last step in the process is to ARP for your assigned IP to make sure it hasn't been doubly assigned. I'm not sure if that's actually part o
PEBKAC (Score:2)
Re:Most likely a Cisco bug - firmware upgrade need (Score:5, Insightful)
Say what? The last time I saw something equally screwy it was a Cisco LightStream 1010 (ATM switch) running LANE (LAN Emulation) that played no part in layer 3 at all, yet it was still building up an ARP table of every IP datagram that flowed through it (and wondered why it kept running out of memory).
If you send out an ARP for an "unknown address", you'll get no response - it's not up to the router to respond on behalf of "non-local packets", it's up to the client to determine that the destination is non-local (by using the network and mask together) then picking a suitable gateway (usually default) for sending the packet on its way.
Therefore, the client already knows it needs to send the non-local/unknown-addressed packet through the router so it explicitly ARPs for the router's MAC address (if not already cached) - nothing to do with trying to get the MAC of the remote destination.
I'm sorry, but *WHAT*?!?!?! (Score:5, Informative)
How the hell did you get modded informative with that god-awful collection of misunderstandings and poor comprehension of clearly understood concepts?
There's nothing unclear about the standard, except when you apply it incorrectly.
To begin with, there is no such thing as an "unknown destination" - if the address is unknown, how the hell do you send a request for it?!?! (You ever call 411 and say "Hi, I need the phone number for someone, but I don't know who they are, where they live, what they do, or anything about them.")
Now, if you're clumsily trying to say "there's no way to answer: what is the MAC address of an IP address that is unassigned", then that's simple - there is no answer (nobody responds, so therefore there is no answer - which means that the IP address is unassigned.)
However, if you're trying to say "what is the MAC address of an IP address that resides on a different network" then the answer is the same - there (again) will only be a reply if
a machine with that IP address exists on the network. IP networks are virtual - you can have many different IP networks residing on the same wire. If a machine hears an ARP request for an address that is not on it's network, it just doesn't answer (the inherit assumption is that there is another IP network on the same wire, and the request is ignored.)
ARP doesn't know anything about IP network layout - basically, machines just respond if they hear a request for their IP address.
When you want to send to an *IP* address that is not on the local link, you look up the IP address for the router(s) to that network, ARP for it (if you don't already know it's MAC address) and send the packet to it - there is no 'substitution' involved. You never ask for the MAC address of the destination IP address, you ask for the MAC address of your router, then send it the packet for forwarding.
Re: (Score:2)
They generally use a good chunk of the dorm space, and probably more than a few of them have iPhones.
Re: (Score:2)
Little leap of logic there. Most campuses have a decent number of students on campus during summer for any of the following reasons:
(i) summer classes
(ii) research (i.e. most grad students who don't even realize its summer)
(iii) friggin professors
Most unis give ou
Re: (Score:2)
Re: (Score:3, Funny)
ante [answers.com]
auntie [answers.com]
Re: (Score:3, Informative)
Re: (Score:3, Informative)
Re: (Score:3, Informative)
It's probably related to Cisco's built in defense mechanisms. By default if a Cisco AP detects what it thinks is an attack it will go offline for awhile. The problem is that in the real world there are buggy chipsets and drivers that will trigger this so one usually ends up disabling them in self-defense. As a specific example there is an Intel WLAN chipset present in many o
Critical? (Score:4, Insightful)
Wireless? Critical? Dumb.
Re:Critical? (Score:5, Insightful)
Re: (Score:3, Insightful)
Ofcourse, if they are using it for everything even desktop computers in labs... It could very easily be that a few iPhones can bring down APs but that would be a colossally stupid idea to begin with and any network designer approving such a plan should be shot.
Re:Critical? (Score:5, Insightful)
Yeah. Unless you're a university, and your "mission critical things" (remember the definition of "mission"?) include things like ... ohhh, I dunno ... students with laptops and shit?
Re:Critical? (Score:5, Interesting)
Re: (Score:2, Insightful)
I agree 100% Wireless is nowhere near as reliable as wired.
Re: (Score:3, Insightful)
Re: (Score:2)
I go there. I know this to be true.
Re:Critical? (Score:4, Funny)
Student: I'm at Duke and my iPhone's wifi just stopped working.
Apple rep: I'm sorry sir, but Apples just work
Student: Yeah, well mine isn't just working right now!
Apple rep: Sir, do you BELIEVE in the power of Steve?
Student: The what?
Apple Rep: Sir, maybe if you had more faith in Steve, you wouldn't be having problems...
Student: Look, I just want my damn phone to work.
Apple Rep: Then I think you need to attend our Apple Reaffirmation Camp
Student: Will it help get my wifi signal back?
Apple Rep: No, but it will help you get your FAITH back, and stop questioning the infallability of Apple products
Student: Um, okay. Anything to get my smug sense of superiority back.
No wonder (Score:5, Funny)
No wonder there is no answer... Apple people weren't able to receive any network package with all those iPhones around.
Re:No wonder (Score:5, Funny)
Communication with Apple is always "one way". Or the highway.
Cisco (Score:4, Interesting)
How do they know that?
Re:Cisco (Score:4, Informative)
I've done consulting in the wireless market for a while now. One of my key markets is the healthcare market, and I make sure I tell any hospital using wireless that there is absolutely, positively, unequivocally no way they can stop a determined DoS WLAN attack. Set up a noise source at 2.4GHz (or 5.8GHz for 802.11a), crank up the wattage well above the FCC limit for the ISM bands, and aim the antenna at the building. It *will* shut down *any* WLAN you've got unless the building is built like a Faraday cage.
There is nothing you can do about it short of rooting out the source of the noise and shutting it down. Granted, such an attack is highly illegal (violates FCC radiated power limits, which might be a felony, I'm not sure), but I doubt that's on the mind of the prankster (or terrorist) who's shutting you down.
Re: (Score:2)
I am taking a cisco internetworking class and I do not think that it is similar to a DoS attack because a DoS attack involves changing the source address in the packets that are sent to a server. I do not think any students at Duke have found a way to hack the iphone
to allow modified packets to be sent out.
Dude, WTF? A DoS ("Denial of Service") attack is any attack that makes things stop working (or is intended to do that). Nothing to do with changing the source address, that's just to make it easier to not get caught.
Re:Cisco (Score:5, Informative)
Not to seem unkind, but it sounds like you need to finish your classes before weighing in on this subject. You do not seem to understand the nature of a DoS attack enough to comment properly on it.
To clarify, it has nothing to do with altering the source address. While some hardwired DoS attacks involve the spoofing of source addresses, it is not required. Any kind of action that prevents the target from functioning as designed constitutes a DoS attack, and flooding an AP with spurious MAC requests fits that description. Since the iPhone is doing this as part of its (probably flawed) design, no hacking of the iPhone is required.
The Cisco AP's and WLAN controller have little choice but to listen to whatever traffic the iPhone spews out. Sure, they can discard or ignore the traffic, but it doesn't change the fact that a rampant iPhone "attack" will consume shared air time even if such action is taken. With enough iPhones, any single AP can be completely overwhelmed even if it's ignoring everything the iPhone is throwing at it.
As I said before, you can't switch, route, or firewall air. You're always at the mercy of the person transmitting with the least control or scruples.
Re: (Score:2)
Bet you 10 to 1... (Score:5, Insightful)
Good reason to move to IPv6! (Score:2)
I also doubt the iPhone has enough horsepower to pump out 10Mbps of ARP requests
A 486 can swamp a T-1 line, I don't doubt that the ARM processor(s) in the iPhone can max out a 54Mb 802.11/g link. One ARP request is only about 28 bytes, and it's not like there's a lot of computation involved in creating one. I agree, it sounds like there's some kind of misconfiguration, I can't imagine why any device would fire off that many requests unless it was receiving some kind of response that caused it to send a new request. Hmmm, I wonder if it's some kind of timing issue, maybe the phone i
Re:Bet you 10 to 1... (Score:5, Interesting)
No problem for us (Score:2, Interesting)
So you're telling me (Score:2, Insightful)
Judging by the statement that they can exhibit the behavior after being handed from one access point to another kind of nullifies the theory that they may be trying to re associate with the u
Lets focus on the real problem (Score:5, Informative)
This doesn't mean that apple released a product without a defect. But if your network crashes because of a defective device, then you should fix your network first.
Re: (Score:2)
To clarify, I was referring to physical security, which few networks have. A properly configured network should isolate any poorly configured device as close to the source as possible. So a mis-configured wireless devices should optimally only be able to impact thi
Taking out Cisco Router with ARP Floods? (Score:5, Interesting)
I call bullshit. I say it's their IT/Computing Department is blaming their poor infrastructure on iPhone.
Re:Taking out Cisco Router with ARP Floods? (Score:5, Insightful)
Re: (Score:3, Funny)
- RG>
Re: (Score:3, Informative)
It's amazing the Apple fanboy-ism around here. I have seen MANY devices have flaws like this in my time. Everyone knew the iPhone, as a first gen product, was going to have it's problems. This is likely one of them.
And no matter what you seem to think you know about WiFi - one device can EASIL
HOWTO please (Score:3, Funny)
Re: (Score:2)
Re: (Score:2)
1 Turn the AP upside down
2 Read the MAC address off the sticker
You are welcome. I'll be here all week.
Re: (Score:3, Funny)
Apple's Campus (Score:2)
Here's a capture of the packet (Score:2)
followed by
ET iPhone 127.0.0.1
Apple DHCP client (Score:5, Informative)
Re: (Score:3, Insightful)
Re:Apple DHCP client (Score:5, Informative)
MAC filtering is not a solution (Score:2, Informative)
This is an effective solution. Can you imagine if Duke locked down APs with MAC filtering? You'd have
Re:MAC filtering is not a solution (Score:5, Interesting)
The only downside is that some schools require this must be done from an authorized computer, so you have to head to a computer lab or classroom the first time you do it. Other schools allow you to get into the system from any Internet-connected computer, which is the ideal solution, since it's behind a two-part authentication system anyway.
Re:MAC filtering is not a solution (Score:4, Interesting)
MAC address filtering is simply a roadblock to keep the general public off the network. This need must be balanced with the high number of legitimate visitors on campuses (for presentations, symposiums, conferences, guest lectures, and all sorts of other purposes) which need to have a way to access the Internet (simple using preconfigured authentication tokens).
The students and staff are not the concern at all. Their MAC address spoofing and playing around is simply a matter of course. It's people outside the campus community that they want kept out. A combination of authentication and MAC filtering pretty much takes care of that. Even if they do successfully spoof a valid MAC, they don't have a username/password to get past the login screen. If they've gotten all of that, there's really nothing practical that will stop them from gaining access. It's also irrelevant for that handful of people. There's little point to waste any time or money tracking them down or even trying to find those isolated incidents unless a crime or breach occurred as a result.
So when you (Score:5, Interesting)
Re: (Score:3, Insightful)
Cisco has it's moments, but IMHO they're not remotely worth the premium you pay. Go with HP; they sell the same level of hardware and offer the same level of support, but it costs a hell of a lot less, and since it costs so much less you can get the hardware you actually need rather than just what you have to settle for because your budget doesn't swing more than one 10,000 dollar PIX.
Add to that the byzantine configurations, and it's easy for a non-gifted engineer to make pretty big mistakes.
Just ban the Apple iPhone MAC addresses then (Score:4, Interesting)
Banning iPhones campus wide because they are faulty would trigger some nice nasty press for Apple and piss off a lot of owners of the device - I imagine they would fix the problem much faster (or at least respond to the ticket!)
Re:Nothing new here (Score:5, Interesting)
What they need is an AP isolation: the connected client should not (easily) see other subnets and should definitely not be able to spam ARP broadcasts across subnets.
Some BOFH admin really screwed up his net config.
Re:Nothing new here (Score:4, Interesting)
An interesting factoid on this, though a little OT: iPhones do not appear to implement rendezvous/bonjour/zeroconf. I can't connect to any of my Mac zeroconf hosts by connecting through the *.local domain names that bonjour usually sets up, and I've read others [duncandavidson.com] are unable to do this as well.
Re: (Score:2)
It would probably be prudent to fix the existing "lower" education systems we already have so that they are once again adequate training to hold a normal job. We should be fully trained in "general studies" by the end of our 6th or 7th year of school, and ready to take 4 or 5 years of specialized training for a field. The first 4 or 5 year specialist training course should be paid for by the government, any additional ones, well, ka-ching!
Re: (Score:3, Interesting)
Further, do you assume that everyone is capable of making use of such "higher education"?
We seem to be pointed down this road in the US today and the truth is the answers to the two questions above are "no" and "oh my". So far, we're pretty far down the road of importing non-outsourceable low-skill jobs and moving everything else somewhere else so all the low-skill jobs don't exist for Americans. This isn't a long-term su
Re: (Score:2)
Re: (Score:3, Insightful)
You are a fountain of ignorance, at least concerning your diatribe against Duke. Instead of being wealthy and pay tuition, you can also simply be smart and hard working. My daughter just graduated from Duke, from which she had gotten a full scholarship. Without that, there would have been no way she could have afforded to study there. Many Colleges and Universities give scholarships to exceptional young people who
Re:Economic class and higher education (Score:5, Informative)
He mentioned scholarships, though it was in an offhand way. You're certainly free to disagree with what he's saying, but insulting him twice in six sentences while "refuting" him with a point he already made is absolutely wrong on any level.
Besides which, your own point is really no gem either. Your advice to get a scholarship is to be smart and hard working? It's half true, sure. Colleges do give scholarships to people with good grades--though often you also need extra-curricular activities to put you ahead even though that really has nothing to do with intelligence or hard work, merely interest in organized activities--but those are limited. If every student in the nation suddenly became smart and hard working, it would still help only an exceptionally small percentage of them receive a scholarship. In fact, since Duke is a good school you can be relatively sure that the vast majority of students who are accepted there are already smart and hard working, so even in your limited example
I happen to think the way the OP handled himself was flamebait, but the question he raised about free education is a debate worth having. Preferably without insults.
Congratulations to your daughter for getting in, getting money and getting through--but just because she did doesn't mean everybody else can, even those equally smart and hard working.
Re: (Score:3, Interesting)
Anybody who is smart and accomplished can go to to a good school, if not Duke in particular. You can always borrow the money. Many, many, if not all good schools now have need-blind admissions. Anyways, everyone knows it's really the middle class that get screwed over on aid anyways, not poor folks.
*Some* people with connections can get in even if they are not so smart, or really accomplished is the more accurate term, as grades count. You don't have to be
Re: (Score:3, Insightful)
Re: (Score:3, Informative)
This fall total tuition and fees for most majors at Iowa State is $3080.66 / semester:
http://www.iastate.edu/~registrar/fees/tuition0708
Minnesota: $4705 / semester
http://admissions.tc.umn.edu/costsaid/tuition.html [umn.edu]
Wisconsin: $3365 / semester
http://www.admissions.wisc.edu/costs.php [wisc.edu]
Those figures don't include "Room & Board" because you ne
Re:The just in (Score:4, Insightful)