[unisog] Taking down a university network with your phone!
Michael.Kaegler at marist.edu
Thu Jul 19 18:38:52 GMT 2007
At 10:26 AM -0600 7/19/07, Stephen John Smoogen wrote:
>Well from the way the article is hyped.. I figured the subject should be
>equivalent. Do people have an idea of what the issue is exactly, and
> what the 'security' implications might be
The educause wireless list has had some discussion since before the
story broke on Monday. Duke admin Kevin Miller is involved in the
He describes the traffic as follows (educause guidelines don't have a
problem with forwarding this information):
At 6:52 AM -0400 7/17/07, Kevin Miller wrote:
>[MAC Address of iPhone] > [MAC Address B] ARP who-has [IP A] tell [IP B]
>Where MAC Address B "looks" like the MAC address of a home router of
>some sort (OUI is assigned to such a manufacturer).
>IP A looks like a home router gateway IP (192.168.1.1, 10.0.1.1,
>IP B looks like an IP that might be assigned on a home router
The ARPs come in at almost 11,500 per second, which is enough to
knock out their APs (I run the same Cisco autonomous APs, I haven't
seen this happen). The exact source of the issue seems buried in the
iphone somewhere (and arguably, in the APs, as external forces
shouldn't be able to make an AP unavailable).
There's been speculation that its a side effect of iphone "special
sauce" roaming code, but no real evidence of that. The Yahoo article
quotes Ashok Agrawala from UoM; it appears he was just asked about
"wireless problems" and had no other information to work with.
The security implications? I don't see many that one doesn't already
have in other mobile 802.11 clients. The one difference I see here is
that new code releases for the iphone could be deployed to tens of
thousands of your customers at once. It dosn't take a heck of a lot
of enterprise networking experience to see the risk there (although
arguably a similar threat is posed by windows update).
Michael "Porkchop" Kaegler, Sr. Network Analyst
(845) 575-3061 Marist College, Poughkeepsie, NY
More information about the unisog