iPhone DoS - Taking Down Wireless Network

Unanswered Question
Aug 10th, 2012

Mobile devices are saturating our medium sized enterprise network. Examples of these devices are iPhones,

iPads , Kindles, Droids, etc… When a device is authenticated on our APMobile wireless network and downloads updates, email, or music our Network bandwidth is consumed. Services/Applications are no longer available, such as VoIP. Basically, this is an internal DoS.

I have done some research and an example of this problem is an “ARP Storm” but currently clients obtain IP addresses form our DHCP server, which acts as a proxy for the clients and if effective against deliberate attempts to craft packets that create “ARP Storms”. In addition we configured the WLC to disable ARPunicast processing via the CLI.

The following link is from Cisco's site. It is the ARPstorm that we originally thought was the cause but after more researching we found it wasn't this exact issue - http://tools.cisco.com/security/cen...

Does anyone have any ideas as to why iPhones frequently take down our network? Could this be a configuration issue with our firewall (Cisco ASA 5520 running version 8.4(2))?

Please advise.
Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
Amjad Abdullah Fri, 08/10/2012 - 23:40

The issue is not clear. We need to know what exactly happens when the issue occurs. Wireless capture is needed as well as wired capture to isolate.

Is the issue hitting a specific AP/location when it happens? or all APs are affected at te same time?

Do you have multiple WLCs? If yes then do you have them in Foreign-Anchor Scenario?

Where is the WLAN gateway is configured? on the ASA?

What is the software versoin that the WLCs run?

What AP model you have?

jmac08_77 Mon, 08/13/2012 - 10:12

We are controller based connecting back to Cisco 5508 WLC and the WAPs are Cisco 1242

We are a medium sized company and are going to run WireShark on the network and force the network to go down this weekend so we can see a little more what is going on.

George Stefanick Sat, 08/11/2012 - 07:39

Hi there .. I'm curious, did you sniff the wireless medium ? Also, if you think that arp is a cause of the problem, you may want to try arp proxy on the access point. With arp proxy the ap will respond on behalf of the wireless client. This will limit some of the traffic over wireless.

http://www.my80211.com/home/2010/3/12/autonomous-understanding-cisco-ap-arp-caching-disabled-enabl.html

Also to be clear, is it the wireless being flooded or the wired ?

Sent from Cisco Technical Support iPhone App

Leo Laohoo Sat, 08/11/2012 - 18:07

Not alot of info here, except the version of the ASA firmware you are running.

Can you please elaborate more?

What kind of WLAN are you running?  Autonomous or Controller-based?

What kind of WAPs are you running?  Aironets or SMB types?

jmac08_77 Mon, 08/13/2012 - 10:11

We are controller based connecting back to Cisco 5508 WLC and the WAPs are Cisco 1242

Amjad Abdullah Mon, 08/13/2012 - 01:42

Nolan: That is a useful post. +5.

But we need to confirm if the DoS this post is talking about is with one or all APs. It is possible that APs in different locations  experience same issue at the same time.

jmac08_77 Mon, 08/13/2012 - 10:14

We are controller based connecting back to Cisco 5508 WLC and the WAPs are Cisco 1242

     

I will read the articles and get back to you.

Thank you so far you you help. We are thinking this a bandwidth issue and are going to run WireShark on the network and force it down with iphone and see what that tells us.

Actions

Login or Register to take actions

This Discussion

Posted August 10, 2012 at 3:07 PM
Stats:
Replies:8 Avg. Rating:5
Views:956 Votes:0
Shares:0

Related Content

Discussions Leaderboard