[76attendees] Wireless 'Deauth flood' attack detected in the ORCHID West.
Masafumi OE <masa@fumi.org> Tue, 10 November 2009 01:18 UTC
Return-Path: <masa@fumi.org>
X-Original-To: 76attendees@core3.amsl.com
Delivered-To: 76attendees@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E29163A695F for <76attendees@core3.amsl.com>; Mon, 9 Nov 2009 17:18:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.617
X-Spam-Level:
X-Spam-Status: No, score=0.617 tagged_above=-999 required=5 tests=[AWL=0.707, BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1JBY9BoKT4hG for <76attendees@core3.amsl.com>; Mon, 9 Nov 2009 17:18:32 -0800 (PST)
Received: from mta.nao.ac.jp (mta1-ext.mtk.nao.ac.jp [133.40.6.5]) by core3.amsl.com (Postfix) with ESMTP id 2A07C3A6809 for <76attendees@ietf.org>; Mon, 9 Nov 2009 17:18:32 -0800 (PST)
Received: from anago.fumi.org (sslvpn-39-226.mtk.nao.ac.jp [133.40.39.226]) by mta.nao.ac.jp (Postfix) with ESMTP id 6EA85E612E; Tue, 10 Nov 2009 10:18:58 +0900 (JST)
Received: by anago.fumi.org (Postfix, from userid 1001) id D1AE22B455; Tue, 10 Nov 2009 10:18:53 +0900 (JST)
Date: Tue, 10 Nov 2009 10:18:53 +0900
From: Masafumi OE <masa@fumi.org>
To: "76attendees@ietf.org" <76attendees@ietf.org>
Message-ID: <20091110011853.GC5380@anago.fumi.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.5.19 (2009-01-05)
Cc: ietf-noc@wide.ad.jp
Subject: [76attendees] Wireless 'Deauth flood' attack detected in the ORCHID West.
X-BeenThere: 76attendees@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <76attendees.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/76attendees>, <mailto:76attendees-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/76attendees>
List-Post: <mailto:76attendees@ietf.org>
List-Help: <mailto:76attendees-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/76attendees>, <mailto:76attendees-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Nov 2009 01:18:33 -0000
All, We are detecting 'Deauth flood' from a client is having following MAC address in the ORCHID West. "00:0f:e2:02:1d:3d" / h54295 @ 09/11/10 10:07:39 This attack is consuming our valuable 2.4GHz radio resource. NOC team would like to investigate this client. please, people who owns this client contact to the Helpdesk in the terminal room or NOC in the UME(4th Floor). Thank you for your assistance. -- Masafumi OE/ NAOJ / WIDE On Mon, Nov 09, 2009 at 08:02:33PM +0900, Masafumi OE wrote: > Dear IETF-folks, > > If you have any issue on the IETF76 WiFi, please > contact to NOC staff. > > Your comment and suggestion are welcome. > > > 2009/11/09 > #1 > If people continue roaming in the venue, packet loss > late on the client is growing up. Client is required > rebooting to solve. XP on Thinkpad T500 with Intel > WiFi link 5300 is associating with 5GHz band (802.11an). > > #2 > Rouge RA clients > see 76attendees@ietf.org ML > > #3 > Someone plug off the power of WiFi AP in the 1F lobby. > DON'T PLUG OFF ANY CABLE IN THE VENUE. > Thank you for your cooperation. > > -- > Masafumi OE, Astronomy Data Center, NAOJ. > _______________________________________________ > 76attendees mailing list > 76attendees@ietf.org > https://www.ietf.org/mailman/listinfo/76attendees -- Masafumi OE, Astronomy Data Center, NAOJ.