iPhone and Network Disruptions ...

Warren Kumari warren at kumari.net
Tue Jul 24 18:43:47 UTC 2007 

Adding to the random speculation pile this just arrived in my mailbox:

------------------------------------------------------------------------ 
--
Cisco Security Advisory: Wireless ARP Storm Vulnerabilities

Advisory ID: cisco-sa-20070724-arp

http://www.cisco.com/warp/public/707/cisco-sa-20070724-arp.shtml
------------------------------------------------------------------------ 
----

It sounds like a badly configured pair of wireless controllers can,  
under fairly normal conditions, lead to an ARP storm...

I have no idea if this is the actual issue that occurred at Duke, but  
it *is* interesting....

W

On Jul 24, 2007, at 12:28 PM, Frank Bulk wrote:

>
> Duke runs both Cisco's distributed and autonomous APs, I believe.   
> Kevin's
> report on EDUCAUSE mentioned autonomous APs, but with details as  
> hazy as
> they are right now, I don't dare say whether one system or another  
> caused or
> received the problem.
>
> Frank
>
> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On  
> Behalf Of Dale
> W. Carder
> Sent: Sunday, July 22, 2007 2:51 PM
> To: Bill Woodcock
> Cc: Sean Donelan; North American Network Operators Group
> Subject: Re: iPhone and Network Disruptions ...
>
>
>
> On Jul 21, 2007, at 8:52 PM, Bill Woodcock wrote:
>>>> Cisco, Duke has now come to see the elimination of the problem,
>>>> see:
>>>> "*Duke Resolves iPhone, Wi-Fi Outage Problems"* at
>>>> http://www.eweek.com/article2/0,1895,2161065,00.asp
>
>>> it's an ARP storm, or something similar,
>> when the iPhone roams onto a new 802.11 hotspot.  Apple hasn't
>> issued a
>> fix yet, so Cisco had to do an emergency patch for some of their
>> larger
>> customers.
>
> As I understand, Duke is using cisco wireless controllers to run their
> wireless network.  Apparently there is some sort of interop issue  
> where
> one system was aggravating the other to cause arp floods in rfc1918
> space.
>
> We've seen 116 distinct iphones so far on our campus and have had
> sniffers
> watching arps all week to look for any similar nonsense.  However, we
> are running the AP's in autonomous (regular ios) mode without any  
> magic
> central controller box.
>
> Dale
>
> --
> Dale W. Carder - Network Engineer
> University of Wisconsin at Madison / WiscNet
> http://net.doit.wisc.edu/~dwcarder
>
>
>

-- 
Never criticize a man till you've walked a mile in his shoes.  Then  
if he didn't like what you've said, he's a mile away and barefoot.

More information about the NANOG mailing list