[Systems] Rogue Access Point countermeasures

[Frederick Grose]

On Sun, Sep 20, 2009 at 9:25 PM, Ivan Krstić
<krstic at solarsail.hcs.harvard.edu> wrote:
> On Sep 20, 2009, at 6:23 PM, David Farning wrote:
>> The RIT campus has signal jammers in its APs so that rouge network
>> transmitters won't work on campus.
>
> I've never heard of this; how does it work?

Last week Wesley and I met with Michael Muttitt, communications
specialist with RIT ITServices, and he explained that they have a
process running on the access point controller that searches on about
a 10-minute cycle and floods disconnect packets onto rogue, access
points in a denial of service countermeasure.  I don't remember the
essential details, but to the end user the behavior described was that
you could connect OK, but after about 10 minutes, you would be dropped
from the connection.  He described that some of the access point
systems would shut themselves down completely after receiving too many
packets from an outside process when such messages normally should be
coming from an internal process (or address?).  This countermeasure
may be something relatively new.

I'm not sure if ad-hoc networks have disconnect requests because there
is really no association going on in an ad-hoc network (at least, as
I've been advised, but there may be other ways to disrupt 802.11
networks with the right tools).

Our wireless networking laboratory exercise page,
http://teachingopensource.org/index.php/RIT/Wireless_networking, has a
few details. Comments welcome.

     --Fred