[Voyage-linux] ICMP dest unreachable broadcast storm on wlan0
Punky Tse
(spam-protected)
Fri Sep 29 00:05:23 HKT 2006
Hi Edwin,
- did you box expose to Internet that everyone can reach your box?
- did you check /var/log/ to see if any strange things happens?
- did you run vmstat to see the CPU consumption? If you can tell
whether it is consuming CPU on system or userland program it could help.
Punky
Edwin Whitelaw wrote:
> Running Voyage 0.2 fully updated on WRAP 2C. Two radios, one 5GHz
> (SR5)for backhaul and an NL2611 for the AP. Firmware on the AP radio is
>
> wifi0: NIC: id=0x8013 v1.0.0
> wifi0: PRI: id=0x15 v1.1.1
> wifi0: STA: id=0x1f v1.8.2
> wifi0: Intersil Prism2.5 PCI: mem=0xa0000000, irq=9
> wifi0: registered netdevice wlan0
>
> I'm only recently getting occasional (every few days) ICMP dest
> unreachable broadcast storms that are effectively DoS attacks on the
> system though at this point I'm not sure whether it's a
> rogue/defective hardware issue, misbehaving software or a deliberate
> attack from an infected customer's site. Unfortunately, it has been
> difficult to determine the origin since the source IP address is
> 0.0.0.0 and the source MAC shows as all "f"s. Iptables entries to
> block all ICMP from 0.0.0.0 incoming on wlan0 has no effect.
>
> The storms last from just a few minutes to 10s of minutes though if I
> am not actually at the console when they occur it is difficult to get
> an exact read on the duration.
>
> The clients on this AP are a mix of Engenius CB3s, Tranzeo CPEs
> (basically the same radio) and a few smartbridges.
>
> iptraf shows the storms as ICMP dest unreachble and tcpdump shows ICMP
> and OSPF as the protocol. We do run OSPF but I have shut down quagga
> during one of these storms with no effect and would expect it to stop
> if OSPF were the cause.
>
> Anyone else experiencing this problem or have a suggestion on how to
> protect against it? I will try and capture some tcpdump output the
> next time and regret not having it at this point though to my eyes, it
> doesn't offer much information beyond this verbal description.
>
> Edwin
>
>
More information about the Voyage-linux
mailing list