[Voyage-linux] ICMP dest unreachable broadcast storm on wlan0

[Edwin Whitelaw]

Running Voyage 0.2 fully updated on WRAP 2C.  Two radios, one 5GHz  
(SR5)for backhaul and an NL2611 for the AP.  Firmware on the AP radio is

wifi0: NIC: id=0x8013 v1.0.0
wifi0: PRI: id=0x15 v1.1.1
wifi0: STA: id=0x1f v1.8.2
wifi0: Intersil Prism2.5 PCI: mem=0xa0000000, irq=9
wifi0: registered netdevice wlan0

I'm only recently getting occasional (every few days) ICMP dest 
unreachable broadcast storms that are effectively DoS attacks on the 
system though at this point I'm not sure whether it's a rogue/defective 
hardware issue, misbehaving software or a deliberate attack from an 
infected customer's site.  Unfortunately, it has been difficult to 
determine the origin since the source IP address is 0.0.0.0 and the 
source MAC shows as all "f"s.  Iptables entries to block all ICMP from 
0.0.0.0 incoming on wlan0 has no effect.

The storms last from just a few minutes to 10s of minutes though if I am 
not actually at the console when they occur it is difficult to get an 
exact read on the duration.

The clients on this AP are a mix of Engenius CB3s, Tranzeo CPEs 
(basically the same radio) and a few smartbridges.

iptraf shows the storms as ICMP dest unreachble and tcpdump shows ICMP 
and OSPF as the protocol.  We do run OSPF but I have shut down quagga 
during one of these storms with no effect and would expect it to stop if 
OSPF were the cause.

Anyone else experiencing this problem or have a suggestion on how to 
protect against it?  I will try and capture some tcpdump output the next 
time and regret not having it at this point though to my eyes, it 
doesn't offer much information beyond this verbal description.

Edwin


-- 
<=+=+=+==+=+=+==+=+=+=+=+=+=+=+=>
Edwin Whitelaw, P.E.
New River Valley Unwired, LLC
2200 Lonesome Dove Dr
Christiansburg, VA 24073
540-239-0318