I’m almost done doing that. This should be interesting. Rory
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Jaime Solorza Sent: Monday, March 07, 2016 9:55 PM To: Animal Farm <af@afmug.com> Subject: Re: [AFMUG] I might be under attack by a competitor Change your ssid and hide it... On Mar 7, 2016 9:05 PM, "Rory Conaway" <r...@triadwireless.net<mailto:r...@triadwireless.net>> wrote: Received disassoc from 04:18:d6:e4:c0:15. Reason: Disassociated because sending STA is leaving (or has left) BSS (8). Feb 13 07:17:43 wireless: ath0 STA-TRAFFIC-STAT mac=04:18:d6:e4:c0:15 rx_packets=633675 rx_bytes=116857546 tx_packets=2225222 tx_bytes=3041234063 Feb 13 07:17:43 wireless: ath0 Expired node:04:18:D6:E4:C0:15 Feb 13 07:17:43 hostapd: ath0: STA 04:18:d6:e4:c0:15 IEEE 802.11: disassociated Feb 13 07:17:43 wireless: ath0 Sending deauth to 04:18:d6:e4:c0:15. Reason: Class 2 frame received from nonauthenticated STA ( From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf Of Rory Conaway Sent: Monday, March 07, 2016 9:03 PM To: af@afmug.com<mailto:af@afmug.com> Subject: [AFMUG] I might be under attack by a competitor I have a couple of customers off the same Ubiquiti Rocket 5 AP that have been having an issue the last couple days with going offline for a short time and then reconnecting and coming back online. I pull the logs on the AP and see a bunch of handshaking and several of these. I’m pretty sure this is what happens when an enterprise radio does Rogue Access Point Suppression. Am I reading this right or is there something I’m not aware of like a bad CPE that can cause this? Rory
