We are with AC2. Unfortunately I’m on vacation so I’m briefly checking on it. I changed everything to 10MHz until I can deal with it this weekend.
Rory From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Reynolds Sent: Tuesday, March 08, 2016 12:54 PM To: af@afmug.com Subject: Re: [AFMUG] I might be under attack by a competitor Are you graphing the stations / APs in AirControl2 or similar? This can help diagnose the problem. On Tue, Mar 8, 2016 at 1:50 PM, Rory Conaway <r...@triadwireless.net<mailto:r...@triadwireless.net>> wrote: CCQ% is 95-98%. But it doesn’t mean it’s not an interference issue. I’ve seen Mikrotik do serious damage to Ubiquiti. Rory From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf Of Josh Reynolds Sent: Tuesday, March 08, 2016 12:10 PM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] I might be under attack by a competitor Yes, substantial interference will cause this, even on 5GHz. It could be noise at the AP, but only if all stations having high CCQs. If not, the CPEs are seeing another signal that either has very high signal or is on a near or overlapping frequency. On Tue, Mar 8, 2016 at 12:53 PM, George Skorup <geo...@cbcast.com<mailto:geo...@cbcast.com>> wrote: Rory, I think you're seeing somewhat normal operation from the UBNT radios. The AP heard nothing from that CPE in a while so it tore down the session. CPE still thinks it's registered. AP says nope. Could be interference. We saw this all the time in the 2.4 band w/ UBNT radios. On 3/8/2016 9:03 AM, Rory Conaway wrote: I haven’t seen one on a Ubiquiti AP which is why I asked but when I get back in town next week, I’m going to set it up so I can see how it works. Our Xirrus radios have that feature. Rory From: Af [mailto:af-boun...@afmug.com] On Behalf Of Mike Hammett Sent: Tuesday, March 08, 2016 6:02 AM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] I might be under attack by a competitor When a deauth is happening, the laptop doing the deauth impersonates the AP, telling the client to disconnect. What I see below doesn't look like a deauth attack. ----- Mike Hammett Intelligent Computing Solutions<http://www.ics-il.com/> [http://www.ics-il.com/images/fbicon.png]<https://www.facebook.com/ICSIL>[http://www.ics-il.com/images/googleicon.png]<https://plus.google.com/+IntelligentComputingSolutionsDeKalb>[http://www.ics-il.com/images/linkedinicon.png]<https://www.linkedin.com/company/intelligent-computing-solutions>[http://www.ics-il.com/images/twittericon.png]<https://twitter.com/ICSIL> Midwest Internet Exchange<http://www.midwest-ix.com/> [http://www.ics-il.com/images/fbicon.png]<https://www.facebook.com/mdwestix>[http://www.ics-il.com/images/linkedinicon.png]<https://www.linkedin.com/company/midwest-internet-exchange>[http://www.ics-il.com/images/twittericon.png]<https://twitter.com/mdwestix> The Brothers WISP<http://www.thebrotherswisp.com/> [http://www.ics-il.com/images/fbicon.png]<https://www.facebook.com/thebrotherswisp>[http://www.ics-il.com/images/youtubeicon.png] <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> ________________________________ From: "timothy steele" <timothy.pct...@gmail.com<mailto:timothy.pct...@gmail.com>> To: af@afmug.com<mailto:af@afmug.com> Sent: Tuesday, March 8, 2016 6:28:42 AM Subject: Re: [AFMUG] I might be under attack by a competitor 04:18:d6:e4:c0:15 Is a ubnt Mac sure you don't own that Mac? In the client list you should see it pop up now and then maybe pop up a fake ap with same said with passphrase ubnt should connect then you can get into the network of who ever is doing it On Tue, Mar 8, 2016, 7:14 AM Gino Villarini <ginovi...@gmail.com<mailto:ginovi...@gmail.com>> wrote: are you running 802.11n or airmax? On Tue, Mar 8, 2016 at 1:44 AM, Rory Conaway <r...@triadwireless.net<mailto:r...@triadwireless.net>> wrote: I’m almost done doing that. This should be interesting. Rory From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf Of Jaime Solorza Sent: Monday, March 07, 2016 9:55 PM To: Animal Farm <af@afmug.com<mailto:af@afmug.com>> Subject: Re: [AFMUG] I might be under attack by a competitor Change your ssid and hide it... On Mar 7, 2016 9:05 PM, "Rory Conaway" <r...@triadwireless.net<mailto:r...@triadwireless.net>> wrote: Received disassoc from 04:18:d6:e4:c0:15. Reason: Disassociated because sending STA is leaving (or has left) BSS (8). Feb 13 07:17:43 wireless: ath0 STA-TRAFFIC-STAT mac=04:18:d6:e4:c0:15 rx_packets=633675 rx_bytes=116857546 tx_packets=2225222 tx_bytes=3041234063 Feb 13 07:17:43 wireless: ath0 Expired node:04:18:D6:E4:C0:15 Feb 13 07:17:43 hostapd: ath0: STA 04:18:d6:e4:c0:15 IEEE 802.11: disassociated Feb 13 07:17:43 wireless: ath0 Sending deauth to 04:18:d6:e4:c0:15. Reason: Class 2 frame received from nonauthenticated STA ( From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf Of Rory Conaway Sent: Monday, March 07, 2016 9:03 PM To: af@afmug.com<mailto:af@afmug.com> Subject: [AFMUG] I might be under attack by a competitor I have a couple of customers off the same Ubiquiti Rocket 5 AP that have been having an issue the last couple days with going offline for a short time and then reconnecting and coming back online. I pull the logs on the AP and see a bunch of handshaking and several of these. I’m pretty sure this is what happens when an enterprise radio does Rogue Access Point Suppression. Am I reading this right or is there something I’m not aware of like a bad CPE that can cause this? Rory
