- Community Home
- >
- Networking
- >
- Wireless
- >
- M and MSM Series
- >
- Re: Possible DoS attack
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-20-2012 03:06 AM
12-20-2012 03:06 AM
Hello, I am having problems with user authentication. The configuration has been running for a months with no problems but since three days ago, I am having problems with authentication, I have to authenticate several times before get login. I have seen some strange logs in the controller, 4 MAC address that are continuously requesting Radius authentication, exceeding the maximum request queued on the controller.
Dec 20 10:25:30 warning iprulesmgr Discarding RADIUS Request (id='25') from RADIUS Client (ip-address='169.254.0.12',port='32772') as the maximum simultaneous number of RADIUS Requests waiting for answer have been reached (2900).
Dec 20 10:25:30 warning iprulesmgr Discarding RADIUS Request (id='130') from RADIUS Client (ip-address='169.254.0.12',port='32772') as the maximum simultaneous number of RADIUS Requests waiting for answer have been reached (2900).
Dec 20 10:25:30 warning iprulesmgr Discarding RADIUS Request (id='162') from RADIUS Client (ip-address='169.254.0.12',port='32772') as the maximum simultaneous number of RADIUS Requests waiting for answer have been reached (2900).
Dec 20 10:25:30 debug iprulesmgr Received RADIUS Accounting Request (id='102',acct-status-type='2') for user (calling-station-id='64:A7:69:84:3B:67',virtual-ap-index='4') from RADIUS Client (ip-address='169.254.0.12',port='32772',called-station-id='00:24:A8:B0:1B:40').
Dec 20 10:25:30 debug iprulesmgr Received RADIUS Accounting Request (id='35',acct-status-type='2') for user (calling-station-id='64:A7:69:84:3B:67',virtual-ap-index='4') from RADIUS Client (ip-address='169.254.0.12',port='32772',called-station-id='00:24:A8:B0:1B:40').
Dec 20 10:25:30 debug iprulesmgr Received RADIUS Accounting Request (id='208',acct-status-type='2') for user (calling-station-id='64:A7:69:84:3B:67',virtual-ap-index='4') from RADIUS Client (ip-address='169.254.0.12',port='32772',called-station-id='00:24:A8:B0:1B:40').
Dec 20 10:25:30 debug iprulesmgr Received RADIUS Accounting Request (id='253',acct-status-type='2') for user (calling-station-id='50:CC:F8:57:90:C7',virtual-ap-index='4') from RADIUS Client (ip-address='169.254.0.12',port='32772',called-station-id='00:24:A8:B0:1B:40').
Dec 20 10:25:30 debug iprulesmgr Received RADIUS Accounting Request (id='229',acct-status-type='2') for user (calling-station-id='64:A7:69:84:3B:67',virtual-ap-index='4') from RADIUS Client (ip-address='169.254.0.12',port='32772',called-station-id='00:24:A8:B0:1B:40').
I tried to block this devices with MAC filter, device wireless association is blocked, but Radius authentication are not. The called-station-id is not an AP of my controller
Any idea?
Regards
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-20-2012 06:52 AM
12-20-2012 06:52 AM
Re: Possible DoS attack
this is not DoS attack
check client certificate and ssid profile
some wireless client can't authentication and can't get ip address on your system (169.254 address is apipa address)
if you see more than mac address create new eap certificate on radius server for authentication
- Tags:
- certificate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-20-2012 08:16 AM
12-20-2012 08:16 AM
Re: Possible DoS attack
Hello Cenk,
I think the IP pipa belongs to the AP that has received the request form the user... also the MAC address of the AP does not correspond to any AP configured on the controller. Even the MAC address is not located on the LAN (I used show mac-address ... on the Core switch and it does not exists)
There is no acces problem. Most of the users are connected, but they have packet loses. Other users require to authenticate several times to have access. I have only one Radius server and I have not seen errors on the event viwer.
We have found the four devices that are sending Radius requests. We have turn wifi off, but request still present.
I will reboot the Controller.
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-20-2012 08:59 AM