IPhones Flooding Wireless LAN At Duke 441
coondoggie sends us to a Network World story, as is his wont, about network problems at Duke University in Durham, N.C. that seem to be related to the iPhone. "The Wi-Fi connection on Apple's recently released iPhone seems to be the source of a big headache for network administrators at Duke. The built-in 802.11b/g adapters on several iPhones periodically flood sections of the school's wireless LAN with MAC address requests, temporarily knocking out anywhere from a dozen to 30 wireless access points at a time. Campus network staff are talking with Cisco, the main WLAN provider, and have opened a help-desk ticket with Apple. But so far, the precise cause of the problem remains unknown. 'Because of the time of year for us, it's not a severe problem,' says Kevin Miller, assistant director, communications infrastructure, with Duke's Office of Information Technology. 'But from late August through May, our wireless net is critical. My concern is how many students will be coming back in August with iPhones? It's a pretty big annoyance, right now, with 20-30 access points signaling they're down, and then coming back up a few minutes later. But in late August, this would be devastating.'" So far, the communication with Apple has been "one-way."
Interesting problem (Score:3, Interesting)
Re:Interesting problem (Score:1, Interesting)
While not mentioned explicitly in the article, I assumed that's what they were already doing. Then the problem would be that the iPhone doesn't know when to shut up when the AP denies its MAC (I mean really, who would deny an iPhone? They're so cool!). I'm not sure what more they can do about it if there's no forthcoming patch from Apple. Ignoring the packets at the AP would still require some bandwidth, because you'd have to look to see the MAC address prior to dropping it.
Cisco (Score:4, Interesting)
How do they know that?
Re:Nothing new here (Score:5, Interesting)
What they need is an AP isolation: the connected client should not (easily) see other subnets and should definitely not be able to spam ARP broadcasts across subnets.
Some BOFH admin really screwed up his net config.
No problem for us (Score:2, Interesting)
Taking out Cisco Router with ARP Floods? (Score:5, Interesting)
I call bullshit. I say it's their IT/Computing Department is blaming their poor infrastructure on iPhone.
Re:Critical? (Score:5, Interesting)
So when you (Score:5, Interesting)
Re:Bet you 10 to 1... (Score:5, Interesting)
Re:Economic class and higher education (Score:3, Interesting)
Anybody who is smart and accomplished can go to to a good school, if not Duke in particular. You can always borrow the money. Many, many, if not all good schools now have need-blind admissions. Anyways, everyone knows it's really the middle class that get screwed over on aid anyways, not poor folks.
*Some* people with connections can get in even if they are not so smart, or really accomplished is the more accurate term, as grades count. You don't have to be rich, mind you, just related to somebody. These people, while deriving much less benefit from the education than the smart kids, also go on to pay for the whole deal for the next generation (along with the qualified students of course.)
Without wealthy donors, the whole system breaks down, and it's just a matter of how you create them. You can tax the unwilling, maintain a huge alumni base, and bet that students will stay closer to the school, thus more likely to donate. In case you don't get the hint, I'm talking about state schools. (Smaller) private schools need to ensure a larger proportion of wealthy alums, and allowing family connections to count makes that easier, not to mention the good will from the alumni.
BTW you just proved the point I made here [slashdot.org]. Thank you for that.
Re:MAC filtering is not a solution (Score:5, Interesting)
The only downside is that some schools require this must be done from an authorized computer, so you have to head to a computer lab or classroom the first time you do it. Other schools allow you to get into the system from any Internet-connected computer, which is the ideal solution, since it's behind a two-part authentication system anyway.
Re:Interesting problem (Score:2, Interesting)
So after I rebooted the base, My Ibook started to try on and on repeatedly (heavily repeatedly) to connect to my wireless base.
Just now, when I read this thread I realized that the iBook got my wireless network bombarded by requests.
Nothing really happened into my base, since I only had 2 computers at that time, but I can see what happens when an avalanche of those requests gets into a base.
Re:Economic class and higher education (Score:3, Interesting)
Further, do you assume that everyone is capable of making use of such "higher education"?
We seem to be pointed down this road in the US today and the truth is the answers to the two questions above are "no" and "oh my". So far, we're pretty far down the road of importing non-outsourceable low-skill jobs and moving everything else somewhere else so all the low-skill jobs don't exist for Americans. This isn't a long-term sustainable model because some people just aren't going to make it as "knowledge workers". Are these folks supposed to sit at home and collect welfare while illegal immigrants do the low-skill work?
Re:Nothing new here (Score:4, Interesting)
An interesting factoid on this, though a little OT: iPhones do not appear to implement rendezvous/bonjour/zeroconf. I can't connect to any of my Mac zeroconf hosts by connecting through the *.local domain names that bonjour usually sets up, and I've read others [duncandavidson.com] are unable to do this as well.
Re:MAC address REQUEST? (Score:5, Interesting)
Re:Economic class and higher education (Score:1, Interesting)
Are these folks supposed to sit at home and collect welfare while illegal immigrants do the low-skill work?
You aren't looking at the situation with the right frame of mind. You assume that a business has some inherent sense of right and wrong. They do not. That's not to say they are bad or good, just amoral. A business earns profits. A business does not decide to hire illegal immigrants unless it will positively affect profits in the short run. If illegal aliens are cheaper than Americans, then they're going to hire illegal aliens. A business does not often contemplate the effects of its actions other than the effect on the quarterly earnings report.
Most illegal aliens, and legal ones, are accustomed to a lower standard of living than are Americans. That's why they are happy to work for less than an equally qualified American will. Just like when you first buy a big screen television and it seems huge at first but over time less and less so, so to do immigrants (legal and illegal) become accustomed to American standards of living. They demand more pay and better working conditions with time. As soon as it costs more to continue employing them than more recent immigrants, it means they've been "Americanized" and there is a need to replace them with "fresh" immigrants who have not been so corrupted. Over time the cumulative effect of this is that the expectations of the American working class slowly trends downward. It's not because we want less, or are more lazy, but because each successive wave of immigrants undercuts the expectations of the previous one in a never-ending spiral. Instead of playing along with the market forces of supply and demand, American companies are choosing to make an end run around the market by importing supply from other markets.
To answer your question, no business hiring illegals cares what unskilled Americans are supposed to do.
Re:MAC filtering is not a solution (Score:4, Interesting)
MAC address filtering is simply a roadblock to keep the general public off the network. This need must be balanced with the high number of legitimate visitors on campuses (for presentations, symposiums, conferences, guest lectures, and all sorts of other purposes) which need to have a way to access the Internet (simple using preconfigured authentication tokens).
The students and staff are not the concern at all. Their MAC address spoofing and playing around is simply a matter of course. It's people outside the campus community that they want kept out. A combination of authentication and MAC filtering pretty much takes care of that. Even if they do successfully spoof a valid MAC, they don't have a username/password to get past the login screen. If they've gotten all of that, there's really nothing practical that will stop them from gaining access. It's also irrelevant for that handful of people. There's little point to waste any time or money tracking them down or even trying to find those isolated incidents unless a crime or breach occurred as a result.
Just ban the Apple iPhone MAC addresses then (Score:4, Interesting)
Banning iPhones campus wide because they are faulty would trigger some nice nasty press for Apple and piss off a lot of owners of the device - I imagine they would fix the problem much faster (or at least respond to the ticket!)
Re:Apple DHCP client (Score:1, Interesting)
*BUT* on my campus we switched up to Cisco a few years ago from another major manufacturer. The Macs worked perfectly on the other manu, and if there weren't that many on the network, we could get a few running on the Cisco. I bring an entire class in? Nope.
For months, we worked with Apple and Cisco, with Apple claiming they use the standards as provided, while Cisco claiming WE ARE THE STANDARDS. Without giving too much information (again, NDA) we have some killer network engineers. One of the engineers running some linux based laptops noticed that everytime he hooked up, it took considerable resources away from the Cisco routers. Of course, this was a month or two into the pissing-fest. He used that particular network stack as it was 'clean'...or some other bullshit (this is what he did for a living, he needed his tools to work perfectly). This was the clue that there was something not right and it wasn't on Apple's side.
From what I understand (and I could be completely wrong), it came out that Cisco was targeting some Windows quirk in their networking and expecting everything that connected to it to contain that same quirk. If it wasn't nonstandard, things were a little wonky. Supposedly, a robust router could deal with it as if it were nothing, but when 'certain manufacturers' tried to optimize speed based around this, it caused problems with the ones that followed the rules. Now, one of the reasons people go with Cisco is that they will offer you custom patches or other services. Thats what they did for my university and things have been perfect since them.
Again, this is what was reported back to me. It could be complete bullshit. I know as the routers were upgraded, I had no problems getting my Macs to connect wirelessly after that. Entire mobile classrooms were no problem. Most of the conversations were way over my head and maybe they oversimplified things for me. Fuck if I know.
I wouldn't be surprised if this were the case with the iPhone...but from an ever more mobile perspective.