- Mar 3, 2001
- 8,859
- 2
- 0
Some info is here: http://forums.anandtech.com/me...=2185525&enterthread=y
Backstory: About 2 weeks ago our wireless started crapping out on us at regular intervals, eventually causing me to buy a new wireless router. No change, so I returned it and bought another, same thing. Borrowed air magnet card and software from work, and here's what happens:
Only SSIDs in range are mine and the 12-20 across the street at an elementary school. I check air magnet for the school's channels, they are all on 6, so I set up my SSID as ABCD on channel 1
About 10 minutes later, I see all the school's APs change to channel 1, my wireless drops, and air magnet now sees TWO SSIDs of ABCD, one of which is my router's MAC address and the other is one of the school's AP's MAC address.
So, I go into my router, change the SSID to WXYZ, lower the signal strength to LOW, change the signal strength of my two laptop's wireless cards to LOW, turn off SSID broadcast, change the channel to 11, and connect.
Guess what? 10 minutes later I see all the school's APs change to channel 11, my wireless drops, and now the air magnet sees TWO SSIDs of WXYZ, as well as an ABCD still, all matching the MAC address of one of the school's AP's MAC address. Not JUST air magnet either, windows still sees the previous SSIDs with only 1-2 bars of strength
WTF can I do? Call the school board and ask to talk to someone in IT? Is this even legal? No FCC violations or anything? What if they just tell me to go pound sand?
UPDATE: Received a call from the technology office today requesting I email my wireless MAC addresses to them, which I did. Now it's up to them to see what happens. Here is a portion of the email I sent:
Waiting game now.
School's response:
My response:
OK hopefully the final update:
From the school system
Backstory: About 2 weeks ago our wireless started crapping out on us at regular intervals, eventually causing me to buy a new wireless router. No change, so I returned it and bought another, same thing. Borrowed air magnet card and software from work, and here's what happens:
Only SSIDs in range are mine and the 12-20 across the street at an elementary school. I check air magnet for the school's channels, they are all on 6, so I set up my SSID as ABCD on channel 1
About 10 minutes later, I see all the school's APs change to channel 1, my wireless drops, and air magnet now sees TWO SSIDs of ABCD, one of which is my router's MAC address and the other is one of the school's AP's MAC address.
So, I go into my router, change the SSID to WXYZ, lower the signal strength to LOW, change the signal strength of my two laptop's wireless cards to LOW, turn off SSID broadcast, change the channel to 11, and connect.
Guess what? 10 minutes later I see all the school's APs change to channel 11, my wireless drops, and now the air magnet sees TWO SSIDs of WXYZ, as well as an ABCD still, all matching the MAC address of one of the school's AP's MAC address. Not JUST air magnet either, windows still sees the previous SSIDs with only 1-2 bars of strength
WTF can I do? Call the school board and ask to talk to someone in IT? Is this even legal? No FCC violations or anything? What if they just tell me to go pound sand?
UPDATE: Received a call from the technology office today requesting I email my wireless MAC addresses to them, which I did. Now it's up to them to see what happens. Here is a portion of the email I sent:
"Good morning. I did some research about your Enterasys WAPs and found this information:
?RoamAbout simplifies roll-outs with enhanced automation tools, and comprehensively secures the wireless infrastructure with leading-edge encryption, authentication, rogue access point detection and WLAN intrusion defense.?
So, if you turned off the bolded portion we shouldn?t have an issue. In fact, this issue just started about a week and a half ago so I don?t think the rogue access point detection was turned on until recently. Also, adding my MAC addresses to your ignore list should take care of things, but wouldn?t that mean every time I had a visitor or bought a new wireless device I would have to report that MAC address to you as well? Same thing if I change my SSID?
I have attached an Excel document with some notes and screenshots I took while running Airmagnet software. It shows specifically your danville_domain WAP with MAC address 00:11:88:87:0D:90 performing a DoS attack on my wireless devices after spoofing my MAC address and changing to the channel my SSID is on. Give me a call if you need more information or need to discuss options. Thanks."
Waiting game now.
School's response:
About the same time you started having problems we performed a firmware and software update to our wireless infrastructure. What I didn?t see at the time was that some options were changed regarding the handling of RF countermeasures. Our control software still showed it was disabled, but on the security switch level it changed over to ?attack? anything detected.
I went ahead and placed the MAC of your AP in the ignore category. Searching through the logs I couldn?t find a mention of any of your other MAC addresses. The only mention I found of your AP?s MAC was it being detected as an ad-hoc client, but before I found the other problem the security switch was performing a disconnect attack.
So sorry for the inconvenience, it was never our intention to disable any network outside of our buildings. Unfortunately the change in settings wasn?t mentioned in the release notes we had and when I checked it the first time after you contacted us everything looked like it was normal and shouldn?t have been impacting you or anyone else.
Let either me or Jacob know if you have any further problems.
My response:
So will you be turning this off completely or will I have to inform you of any changes I make to my WAP settings, such as buying a new router or changing my SSID? What will happen if others in the neighborhood attempt to install a wireless network? Thanks again.
OK hopefully the final update:
From the school system
Yes the setting was meant to be off in the first place. But a configuration error had it switched on for everything not part of our network. It should be saved and turned off now so you shouldn?t have to do anything else.