Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

IPhones Flooding Wireless LAN At Duke

kdawson posted more than 7 years ago | from the arp-storm dept.

Wireless Networking 441

coondoggie sends us to a Network World story, as is his wont, about network problems at Duke University in Durham, N.C. that seem to be related to the iPhone. "The Wi-Fi connection on Apple's recently released iPhone seems to be the source of a big headache for network administrators at Duke. The built-in 802.11b/g adapters on several iPhones periodically flood sections of the school's wireless LAN with MAC address requests, temporarily knocking out anywhere from a dozen to 30 wireless access points at a time. Campus network staff are talking with Cisco, the main WLAN provider, and have opened a help-desk ticket with Apple. But so far, the precise cause of the problem remains unknown. 'Because of the time of year for us, it's not a severe problem,' says Kevin Miller, assistant director, communications infrastructure, with Duke's Office of Information Technology. 'But from late August through May, our wireless net is critical. My concern is how many students will be coming back in August with iPhones? It's a pretty big annoyance, right now, with 20-30 access points signaling they're down, and then coming back up a few minutes later. But in late August, this would be devastating.'" So far, the communication with Apple has been "one-way."

cancel ×

441 comments

Sorry! There are no comments related to the filter you selected.

sigh (2, Insightful)

bucky0 (229117) | more than 7 years ago | (#19882989)

coondoggie sends us to a Network World story, as is his wont,

At least the editors admit that coondoggie is filling the queue up with network world stories. Maybe they'll do something about it at some point

Re:sigh (3, Funny)

Icarus1919 (802533) | more than 7 years ago | (#19882995)

Hey guys, no breaking the fourth wall!

Re:sigh (0, Offtopic)

fractoid (1076465) | more than 7 years ago | (#19883125)

Hey, what's this say? P... a... n.... d...... AAARRRGH~!

Re:sigh (5, Funny)

HTTP Error 403 403.9 (628865) | more than 7 years ago | (#19883435)

"18,000 address requests per second"

It's like me at the discotheque on Saturday night.

MAC address REQUEST? (5, Insightful)

Anonymous Coward | more than 7 years ago | (#19883137)

I'm sorry, but there's something a little OFF here. No wireless hardware requests a MAC address. It may use MAC to authenticate to a table, but it goes for a DHCP lease.

Slashdot...sigh...

Well tested (3, Insightful)

Anonymous Coward | more than 7 years ago | (#19883185)

Not to mention that there are several hundred wireless access points on the Apple campus, and several hundred (possibly thousands) of iPhones on the same campus. You'd have thought that any inherent problem with the phone and networking would have been caught, isolated, patched, and distributed by now...

I'd lay odds there's something screwed with their network...

Re:Well tested (1, Insightful)

statusbar (314703) | more than 7 years ago | (#19883483)

Yeah, but the wireless access points at the Apple Campus are probably Airport Extreme base stations. Perhaps that is why it works there...

jeffk

Re:MAC address REQUEST? (1, Informative)

Vulturejoe (570401) | more than 7 years ago | (#19883317)

They're requesting the MAC addresses of other devices, using ARP. The problem seems to be at least partially the fault of Duke's network. From TFA:

"The requests are for what is, at least for Duke's network, an invalid router address. Devices use the Address Resolution Protocol (ARP) to request the MAC address of the destination node, for which it already has the IP address. When it doesn't get an answer, the iPhone just keeps asking."

Re:MAC address REQUEST? (-1)

Vulturejoe (570401) | more than 7 years ago | (#19883339)

whoops, posted before I finished reading the article, the invalid router address has nothing to do with Duke's network.

MODERATORS!!! (-1, Troll)

Anonymous Coward | more than 7 years ago | (#19883427)

Mod parent DOWN!

--Vulturejoe

Re:sigh (1)

exeme (831902) | more than 7 years ago | (#19883155)

I was about to ask if /. editors proof read before posting. Silly question, no I'm not new here!

What's the big deal? (3, Insightful)

PCM2 (4486) | more than 7 years ago | (#19883321)

So, who cares? So he submits stories from Network World. He probably works for Network World. Does that fact alone make the story less valuable or interesting? If someone else had submitted the same story, it would be OK then? Slashdot has editors and a moderation system. There's nothing inherently deceptive in submitting your company's (or your own) stories.

Re:sigh (2, Funny)

slamb (119285) | more than 7 years ago | (#19883329)

coondoggie sends us to a Network World story, as is his wont,
At least the editors admit that coondoggie is filling the queue up with network world stories. Maybe they'll do something about it at some point

You're setting the bar too high. I'm impressed that they correctly used the word "wont".

Re:sigh (1)

PhrostyMcByte (589271) | more than 7 years ago | (#19883341)

If it's not good and still getting accepted, that is a problem with the editors. But so long as the article provides something interesting, what does it matter if the person who submits it gets a profit off the site?

Well... (1)

msimm (580077) | more than 7 years ago | (#19883359)

At least 2 of his 20 published submissions [slashdot.org] were from non-networkworld sources. Of course his only posted comment is a 'correction' to a story linking which he's trying to point to....networkworld. Astro-tuffing should get some kind of modding too. And why are submitters not linked to directly, I had to cut/paste his name in just to see his profile.

Re:sigh (0)

Anonymous Coward | more than 7 years ago | (#19883361)

I'd be willing to bet that each offending iPhone may have been first connected to a home wireless router or gateway, and it may automatically and repeatedly be trying to reconnect to it again when something happens to the iPhone's initial connection on the Duke WLAN.

Interesting problem (2, Interesting)

jshriverWVU (810740) | more than 7 years ago | (#19882999)

He states now it's not a big problem, (guessing because it's summer and not as many students there). Then expecting it to be a BIG problem once students arrive. So to me this says that the iPhones using their service aren't students at all. If this is the case, buckle down the AP settings so they're not open or easily accessible via iPhone and require students to anti up their MAC addresses to connect to the wireless network.

Re:Interesting problem (2, Informative)

bucky0 (229117) | more than 7 years ago | (#19883011)

Summer school students?

Re:Interesting problem (5, Funny)

Icarus1919 (802533) | more than 7 years ago | (#19883019)

That's preposterous. Summer is when teachers return to their coffins to rest. Who would the students learn from?

Re:Interesting problem (5, Informative)

MoOsEb0y (2177) | more than 7 years ago | (#19883121)

Zombie graduate students.

and have opened a help-desk ticket with Apple. (1)

Presto Vivace (882157) | more than 7 years ago | (#19883037)

that is a polite way of saying that Apple has not been responsive. Any other network having this problem?

Not apple's fault (1, Informative)

megaditto (982598) | more than 7 years ago | (#19883219)

It's the university's, since their network people allow ARP broadcasts to cross subnets.

Re:Interesting problem (1, Interesting)

Osty (16825) | more than 7 years ago | (#19883041)

If this is the case, buckle down the AP settings so they're not open or easily accessible via iPhone and require students to anti up their MAC addresses to connect to the wireless network.

While not mentioned explicitly in the article, I assumed that's what they were already doing. Then the problem would be that the iPhone doesn't know when to shut up when the AP denies its MAC (I mean really, who would deny an iPhone? They're so cool!). I'm not sure what more they can do about it if there's no forthcoming patch from Apple. Ignoring the packets at the AP would still require some bandwidth, because you'd have to look to see the MAC address prior to dropping it.

Re:Interesting problem (1)

Osty (16825) | more than 7 years ago | (#19883053)

Ugh, nevermind. Should've read on to page two, where they talk about the iPhones already being on the network, so my theory doesn't work.

Re:Interesting problem (1)

z-j-y (1056250) | more than 7 years ago | (#19883097)

but several phones can bring down the network? seems very vulnerable. Is there anything AP can do to just ignore the rogue requests?

Re:Interesting problem (5, Insightful)

beheaderaswp (549877) | more than 7 years ago | (#19883203)

What I want to know is what is a "MAC address request". I've never seen one. I've seen DHCP requests, ARP requests, even AARP requests- but not a MAC address request.

I didn't know MAC addresses were assigned dynamically.

But I'm over 40- what do I know?

Re:Interesting problem (1)

popejeremy (878903) | more than 7 years ago | (#19883409)

Maybe it means a request for a router to masquerade as the device's own MAC address?

I dunno. I got nothin'

Re:Interesting problem (1)

TubeSteak (669689) | more than 7 years ago | (#19883411)

MAC addresses request != MAC addresses assigned dynamically

The nodes need to know the MAC address associated with an IP address, so they ask for it... or something like that. It's part of the dynamic DHCP process.

I'm sure someone else will give a much better answer.

Re:Interesting problem (0, Flamebait)

Basehart (633304) | more than 7 years ago | (#19883477)

My pleasure.

Every device on Earth has what's known as a MAC address, which is short for My Address on my Computer, and it's a pretty long string of numbers that help other devices know which device is being seen, heard or sensed across a network. Once the Nads in the master device sense these numbers they instantly tense up and freeze. It takes a few moments for the Nads to unfreeze and release your My Address in my Computer number ready for other Nads to sense.

Hope that helps.

Most likely a Cisco bug - firmware upgrade needed. (1, Informative)

mveloso (325617) | more than 7 years ago | (#19883485)

They're not using the right terminology. It sounds like the iPhones are doing an ARP request for an IP address that isn't on the Duke network. Maybe it's trying to update its ARP tables?

Anyhow, the ARP standard is unclear enough that it's undefined what the response should be for an ARP request to an unknown destination should be (http://www.faqs.org/rfcs/std/std37.html). Theoretically, every packet that you send needs an ARP entry, which means that every packet sent to something that isn't in your machine's ARP table would generate an ARP request. In reality, it seems that your router tends to substitute its own MAC address for non-local ARP entries (since all non-local packets go through the router, you really don't have to know what the real MAC address is)

It sounds like the Duke Cisco routers are misconfigured somehow, and are generating an ARP storm. Some Cisco routers has a bug where a packet sent to an IP address for which the router doesn't have an ARP entry causes the router to broadcast all subsequent packets across all of the router's ports. It happens in the cable industry when someone swaps out a GigE card and forgets to update the ARP tables on the Ciscos. Solution: use dynamic ARP tables, which can be a security hole.

FWIW.

Re:Interesting problem (-1, Flamebait)

Idbar (1034346) | more than 7 years ago | (#19883283)

Don't worry, Steve Jobs will tell us everything is going to be just fine... there there.

Current networks are just not prepared for the revolutionary TCP, UDP and ICMP packets from the iPhone.

Re:Interesting problem (1)

sokoban (142301) | more than 7 years ago | (#19883335)

Duke runs a lot of summer camps. I know second session of TIP should be running right now, and probably several other camps as well.

They generally use a good chunk of the dorm space, and probably more than a few of them have iPhones.

Re:Interesting problem (1)

caffeinemessiah (918089) | more than 7 years ago | (#19883349)

He states now it's not a big problem, (guessing because it's summer and not as many students there). Then expecting it to be a BIG problem once students arrive. So to me this says that the iPhones using their service aren't students at all.

Little leap of logic there. Most campuses have a decent number of students on campus during summer for any of the following reasons:

(i) summer classes
(ii) research (i.e. most grad students who don't even realize its summer)
(iii) friggin professors

Most unis give out net access to students, faculty AND staff. overwhelmed access points don't necessarily point to lack of AP security.

Re:Interesting problem (1)

Helios1182 (629010) | more than 7 years ago | (#19883413)

The first people I can think of that would be on campus: professors, grad students, summer classes, visiting students, administrative staff, and summer camps & programs. I'm sure there are more, but the point is that a University of that size never completely shuts down.

Re:Interesting problem (1)

soapthgr8 (949548) | more than 7 years ago | (#19883487)

For some parts of the campus you have to have registered your MAC address before they let you connect to an access point. It's just a matter of rolling it out to the entire network. Like TFA said, it isn't a big problem now because the problems are coming from parts of campus that don't have the restrictions in place.

Quit Yer Bitchin' (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#19883007)

Remember, the iPhoney is made by Apple, and therefore the flooding is a feature -- and a desirable one at that!

Re:Quit Yer Bitchin' (0)

Anonymous Coward | more than 7 years ago | (#19883389)

They can ride out the iPhoney's iFlooding with a new iArk (tm) - shipping soon!

18,000? (0, Offtopic)

pionzypher (886253) | more than 7 years ago | (#19883015)

Holy mother of christ! These people ever hear of sleep()?

Critical? (4, Insightful)

DogDude (805747) | more than 7 years ago | (#19883027)

But from late August through May, our wireless net is critical.

Wireless? Critical? Dumb.

Re:Critical? (4, Insightful)

gravos (912628) | more than 7 years ago | (#19883059)

Mod parent up. My university has gone to all-wireless too, and it's completely retarded because it's so unreliable. **A MICROWAVE OVEN IN THE KITCHEN KNOCKS EVERYONE OFF THE NETWORK**, for christ's sake, and that's to say nothing of intentional disruption.

Re:Critical? (2, Insightful)

Tuoqui (1091447) | more than 7 years ago | (#19883089)

Yes it is dumb. Run some cable and leave the wireless for students with laptops and shit. Cables are the best method for mission critical things anyways.

Ofcourse, if they are using it for everything even desktop computers in labs... It could very easily be that a few iPhones can bring down APs but that would be a colossally stupid idea to begin with and any network designer approving such a plan should be shot.

Re:Critical? (5, Insightful)

PCM2 (4486) | more than 7 years ago | (#19883345)

Yes it is dumb. Run some cable and leave the wireless for students with laptops and shit. Cables are the best method for mission critical things anyways.

Yeah. Unless you're a university, and your "mission critical things" (remember the definition of "mission"?) include things like ... ohhh, I dunno ... students with laptops and shit?

Re:Critical? (0)

Anonymous Coward | more than 7 years ago | (#19883099)

I could see the campus network being mission critical during a first-come, first-serve online course registration period (of which there are usually only a handful of hours on a handful of days). But otherwise, most university network traffic consists of BoingBoing, teh pr0n, and stupid Facebook shenanigans. Decidedly not critical.

Re:Critical? (0)

Anonymous Coward | more than 7 years ago | (#19883157)

Who was the moron that modded this down? It's the absolute bloody truth. No one who has any idea relies on wireless for ANYTHING critical - fuck, I wouldn't rely on wireless full stop. What the fuck was Duke thinking?

Re:Critical? (1)

ResidntGeek (772730) | more than 7 years ago | (#19883377)

They were thinking "wow, there's a lot of students demanding wireless... too bad they're too drunk to understand why it's unreliable! Oh well, they're the bosses..."

I go there. I know this to be true.

Re:Critical? (0)

Anonymous Coward | more than 7 years ago | (#19883163)

Why is this marked as a troll? "Wireless? Critical? Dumb!" is the best summary anyone could write.

Re:Critical? (5, Interesting)

Citius (991975) | more than 7 years ago | (#19883193)

The number of students who use a wireless network for basic needs is rapidly growing at Duke. As a recent Duke graduate, I've been in a number of classes where tests are administered over the WLAN using Blackboard (burn BB to hell!). If a WLAN AP goes down, and that's during a test, you've got the grades - and unhappiness - of 40+ people/class on your head. Given that we're a rather nitpicky bunch over our grades, grade unhappiness doesn't end well for those who cause it... So yes. Wireless is critical at Duke.

Re:Critical? (2, Insightful)

snowraver1 (1052510) | more than 7 years ago | (#19883243)

Pretty sure the point was that one should have a wired network that is critical, and a wireless network just for fun.

I agree 100% Wireless is nowhere near as reliable as wired.

No wonder (4, Funny)

marcosdumay (620877) | more than 7 years ago | (#19883031)

"So far, the communication with Apple has been "one-way."

No wonder there is no answer... Apple people weren't able to receive any network package with all those iPhones around.

Re:No wonder (4, Funny)

User 956 (568564) | more than 7 years ago | (#19883179)

"So far, the communication with Apple has been "one-way." No wonder there is no answer... Apple people weren't able to receive any network package with all those iPhones around.

Communication with Apple is always "one way". Or the highway.

Nothing new here (0, Troll)

dedazo (737510) | more than 7 years ago | (#19883049)

Well, it just goes to show you that this company is incapable of doing anything right. I mean, talk about putting profits over everything to release a gadget that kills the networks it connects to. Typical Micros...

...oh wait... this is Apple? Oh. Hmmmm....

Well, I'm sure that the university admins are all morons and the iPhone is working as advertised. This is just more FUD from the haters. Go Steve!

LOL (0)

Anonymous Coward | more than 7 years ago | (#19883081)

This behavior is very typical of the Apple fanboi. Luckily it isn't that bad on Slashdot as it is on Digg. The story was just posted [digg.com] on Digg so lets see what happens...

Re:Nothing new here (5, Interesting)

Anonymous Coward | more than 7 years ago | (#19883101)

Sounds like they are having some issues with arp-whois being propagated across the subnets. Knowing Apple, each time these iPhones try to 'rendezvous' with all the Macs or iTuned PCs they refresh their ARP tables off the entire campus. Something is fucked up with their network machines if the arp boroadcasts are seen by the entire campus (hence the 30 access points going at once).

What they need is an AP isolation: the connected client should not (easily) see other subnets and should definitely not be able to spam ARP broadcasts across subnets.

Some BOFH admin really screwed up his net config.

The just in (0)

Anonymous Coward | more than 7 years ago | (#19883065)

Man sits outside Starbucks gets 40 years in jail for illegally connect to wifi network. Starbucks manager informed our reporter that this would all have blown over, if the defendant had simply purchased a cappacino. The defendant claims that he is innocent, but was found to have in his position an iPhone.

Cisco (3, Interesting)

zymano (581466) | more than 7 years ago | (#19883083)

"I don't believe it's a Cisco problem in any way, shape, or form," he says firmly"

How do they know that?

Re:Cisco (0)

Anonymous Coward | more than 7 years ago | (#19883199)

"I don't believe it's a Cisco problem in any way, shape, or form," he says firmly"

How do they know that?
How could it NOT be a Cisco problem?

Re:Cisco (3, Informative)

prisoner-of-enigma (535770) | more than 7 years ago | (#19883235)

Probably because he knows that a wireless network -- no matter how robust -- will always be at the mercy of a misbehaving device. Air is a shared medium. You can't force a device to shut up no matter what you try, assuming the device is engineered badly enough. That seems to be the case here. Even attempting something basic like blocking a wildcard MAC for all iPhones wouldn't work if the device just persistently floods the airwaves with spurious requests. It's essentially a DoS attack similar to a ping flood, but with no way to "cut it off" at an upstream router. Even better, the "attacking" device isn't fixed to a landline somewhere, it could be roving around in somebody's pocket or purse making neutralization a huge headache. Fun!

I've done consulting in the wireless market for a while now. One of my key markets is the healthcare market, and I make sure I tell any hospital using wireless that there is absolutely, positively, unequivocally no way they can stop a determined DoS WLAN attack. Set up a noise source at 2.4GHz (or 5.8GHz for 802.11a), crank up the wattage well above the FCC limit for the ISM bands, and aim the antenna at the building. It *will* shut down *any* WLAN you've got unless the building is built like a Faraday cage.

There is nothing you can do about it short of rooting out the source of the noise and shutting it down. Granted, such an attack is highly illegal (violates FCC radiated power limits, which might be a felony, I'm not sure), but I doubt that's on the mind of the prankster (or terrorist) who's shutting you down.

Re:Cisco (1)

lukesky321 (1092369) | more than 7 years ago | (#19883373)

I am taking a cisco internetworking class and I do not think that it is similar to a DoS attack because a DoS attack involves changing the source address in the packets that are sent to a server. I do not think any students at Duke have found a way to hack the iphone
to allow modified packets to be sent out.

Re:Cisco (1)

Timothy Brownawell (627747) | more than 7 years ago | (#19883489)

I am taking a cisco internetworking class and I do not think that it is similar to a DoS attack because a DoS attack involves changing the source address in the packets that are sent to a server. I do not think any students at Duke have found a way to hack the iphone
to allow modified packets to be sent out.

Dude, WTF? A DoS ("Denial of Service") attack is any attack that makes things stop working (or is intended to do that). Nothing to do with changing the source address, that's just to make it easier to not get caught.

Re:Cisco (0)

Anonymous Coward | more than 7 years ago | (#19883323)

Because problems with Cisco's wifi thin access points don't make the front page of slashdot.

Re:Cisco (1)

PCM2 (4486) | more than 7 years ago | (#19883391)

Sure. And when some script kiddies launch a DoS attack that takes out your router, leaving you completely without connectivity, that's not a Cisco problem either. It's obviously a script kiddie problem.

Economic class and higher education (0, Flamebait)

delirium of disorder (701392) | more than 7 years ago | (#19883087)

The terminal preppies DDoS their own LAN with toys that their rich parents bought them. Boo Hoo!

Does anyone else see the fact that so many students at this elite school can afford this expensive luxury an insult to the rest of us? So many capable young adults would love to have the resources available to Duke students (not just iCrap, but genuine empowering technology and knowledge), yet only those with wealthy families* can get in. We need a fair and democratic school system including free universal higher education. Private schools that help perpetuate wealth and power (and, moreover, further class stratification!) should no longer be respected. It's OK to be selective and aim for an intelligent student body, but why should tuition be a barrier for anyone in a society as wealthy as ours?

(*or the obedience necessary to create a squeaky clean scholarship worthy image)

Re:Economic class and higher education (1)

Mattintosh (758112) | more than 7 years ago | (#19883167)

free universal higher education

It would probably be prudent to fix the existing "lower" education systems we already have so that they are once again adequate training to hold a normal job. We should be fully trained in "general studies" by the end of our 6th or 7th year of school, and ready to take 4 or 5 years of specialized training for a field. The first 4 or 5 year specialist training course should be paid for by the government, any additional ones, well, ka-ching!

Re:Economic class and higher education (1)

Citius (991975) | more than 7 years ago | (#19883451)

I must agree that 'free universal higher education' would be wonderful. The question is: where would it come from? Humans naturally complain about their situations and say that 'such and such' must happen. However, when they're called to sacrifice some amount of money - in the form of taxes - to accomplish such a fact, what then? They're stingy, reluctant, and complain even more. Furthermore, look at how many elderly people are disgruntled over paying taxes to the town/state for education when they don't even have children anymore. Look also at taxpayers who complain over paying for things that directly benefit the community and only indirectly benefit themselves. Yes, Duke is extremely fortunate to have a foundation with lots of money to do stuff with. I must admit that it's done very well as a money-making machine - raising rich alumni to add to Duke's coffers - but that's, well, business. In essence, for a 'utopian' society, something like communism or marxism would need to be in place. On the other hand, such practices stifle scientific advancement - and the inequalities drive us to achieve more to reach those levels. It all depends on how you look at it.

Re:Economic class and higher education (0)

Anonymous Coward | more than 7 years ago | (#19883175)

There are open universities in every state in this nation. If there is a problem with the curriculum or the school standards for state schools it is largely the fault of the alumni and the current students for not demanding better!

I have yet to hear anyone say, "God that class was f-ing easy, i didn't learn a thing, I feel cheated!" Far more often i hear the refrain, "why the hell do i have to learn all this shite that won't help me one wit in the real world!" or, "that professors and ass, making us learn all of this stuff, he's way too tough.

Schools deliver what we demand. I've never heard a complaint from a teacher when I go and ask for more information. If they're not overly busy they're usually delighted to have someone wanting to learn.

Re:Economic class and higher education (1)

porcupine8 (816071) | more than 7 years ago | (#19883237)

While I agree that overall, Duke is worse than many top schools as far as being full of rich preppy kids (though they do have need-blind undergrad admissions now, but that doesn't mean they're truly fulfilling everyone's need), the article states there are 150 iPhones there. At a school of over 12,000 students plus well over 30,000 employees and faculty, I'm not sure you can say that 150 fancy phones (one for every 280 people on campus) are a sign of excess.

Re:Economic class and higher education (0)

Anonymous Coward | more than 7 years ago | (#19883401)

Duke is worse than many top schools as far as being full of rich preppy kids

Yes. Rich preppy kids who get charged with absolutely fake rape charges to boost a prosecutor's standing with black voters before an election.

Read the sordid tale. [wikipedia.org]

Re:Economic class and higher education (0)

Anonymous Coward | more than 7 years ago | (#19883457)

Am I missing something? 12K students who are NOT THERE right now for the most part because it's summer...

150 iPhones out of a small fraction of 12K students != 1/280 people on campus.

Re:Economic class and higher education (0)

Anonymous Coward | more than 7 years ago | (#19883429)

Anyone qualified enough to go to a top university like Duke has a mailbox full of offers and scholarships from equally good schools that don't have as big of a name. Tuition is only a barrier for the underqualified, and even they have no trouble going to a community college (which they should probably be doing anyway before committing to 4 years they might not be able to handle).

So what's the purpose of your solution? To ensure that everyone can go to a school with a big name? To ensure that college-aged kids don't form cliques based on their upbringing? Or maybe the idea of universal free higher education makes you feel all warm and fuzzy inside? There's no lack of access to higher education right now. But why should that stop you from seeing the "injustice" of rich kids owning things you don't and hanging out together at exclusive locations?

Re:Economic class and higher education (0, Offtopic)

profplump (309017) | more than 7 years ago | (#19883433)

Tuition isn't a barrier for anyone who really wants to attend the school; it's an excuse people who aren't dedicated use to rationalize their choice not to attend.

First, it's entirely possible to go to a perfectly respectable in-state school for just a few grand a year. If you're actually poor you can get that much money in grants and interest-free loans from the federal government. I agree that UW-La Crosse doesn't have the same weight as Yale, but if you get your cheap undergrad, then go to work for a few years and save, you could afford to attend whatever graduate program you like, and no one will care where your undergrad degree came from.

Or you can, with very few exceptions, finance your undergraduate education entirely on credit, even with no credit history, no income, and poor parents. When you're done you'll have $125k in debt, but you'll have the degree you sought.

Certainly it's easier for people with access to money to do go to expensive schools -- the risk they take on is lower, the commitment they need is lesser, and the time it takes them to reach their goals is likely reduced. And reasonable people may decided that the addition value of Yale over UW-La Crosse isn't worth the price in money, time, risk or dedication, but it's disingenuous to say that someone couldn't go to a school because it was too expensive.

Re:Economic class and higher education (2, Insightful)

arminw (717974) | more than 7 years ago | (#19883441)

.........but why should tuition be a barrier for anyone in a society as wealthy as ours?.......

You are a fountain of ignorance, at least concerning your diatribe against Duke. Instead of being wealthy and pay tuition, you can also simply be smart and hard working. My daughter just graduated from Duke, from which she had gotten a full scholarship. Without that, there would have been no way she could have afforded to study there. Many Colleges and Universities give scholarships to exceptional young people who do NOT come from wealthy homes. Most likely, someone like you wouldn't get such a scholarship, especially in view of your ignorant rant.

Bet you 10 to 1... (5, Insightful)

g-san (93038) | more than 7 years ago | (#19883091)

...it's their network. Why are we only hearing about it here? They probably have a loop in their network or some kind of ARP forwarding active they don't understand. You would think something like this would get caught early on in testing with the iPhone, this kind of problem tends to stand out. I also doubt the iPhone has enough horsepower to pump out 10Mbps of ARP requests, sounds like a networking device is sourcing these packets.

Good reason to move to IPv6! (1)

Doctor Memory (6336) | more than 7 years ago | (#19883337)

I also doubt the iPhone has enough horsepower to pump out 10Mbps of ARP requests
A 486 can swamp a T-1 line, I don't doubt that the ARM processor(s) in the iPhone can max out a 54Mb 802.11/g link. One ARP request is only about 28 bytes, and it's not like there's a lot of computation involved in creating one. I agree, it sounds like there's some kind of misconfiguration, I can't imagine why any device would fire off that many requests unless it was receiving some kind of response that caused it to send a new request. Hmmm, I wonder if it's some kind of timing issue, maybe the phone is receiving multiple responses from multiple APs very closely spaced, and it's triggering some kind of multiple response? IANANE, so I'll stop guessing.

push (0)

TheSHAD0W (258774) | more than 7 years ago | (#19883093)

I'm sure Apple will push a patch before the entire internet's infrastructure collapses.

Maybe.

No problem for us (1, Interesting)

SuperKendall (25149) | more than 7 years ago | (#19883139)

We have a number of WAP's at work. We also have a number of people who have bought iPhones, and we have not seen any wireless nodes go down from iPhone traffic.

So you're telling me (2, Insightful)

caller9 (764851) | more than 7 years ago | (#19883143)

I can take out a cisco WLAN controller with thin APs and aironet APs with an arp flood for a non-existent IP. Are they even in the same subnet? Is the whole wifi network from one building to another layer2? Or is the problem arising because it is actually layer3 from building to building and the APN name doesn't change.

Judging by the statement that they can exhibit the behavior after being handed from one access point to another kind of nullifies the theory that they may be trying to re associate with the users home network. They're trying to get back to the old AP, which arping wont do because it's on a different VLAN.

Mystery solved, now what can cisco do about it. I don't really care that it's an iPhone bug. I just think its one more DoS vector to patch up. Maybe de-associate the phone and drop traffic until it acts right? Set a threshold or something? You might still have a source of noise, hopefully it would realize it was dropped though. No link layer, no arp right?

Lets focus on the real problem (4, Informative)

bhmit1 (2270) | more than 7 years ago | (#19883147)

Any non-secured network (either where users can plug into the lan or over wireless) where a device is able to bring down the network should be considered defective. I've seen places were the entire lan was flat with users connecting on cisco's management vlan and could bring down the whole company by plugging in a device that advertised a new route to the internet (legit or not). To a similar point, if a device on a wireless network is able to flood the network, then the access points need to be tuned. Sure, they can jam the airwaves, and there's nothing you can do to stop that DoS. But, you don't have to turn 18,000 requests per second into something that broadcasts across the rest of the network. Every firewall app that I've worked with includes throttling and I would hope these APs do as well.

This doesn't mean that apple released a product without a defect. But if your network crashes because of a defective device, then you should fix your network first.

Re:Lets focus on the real problem (1)

caller9 (764851) | more than 7 years ago | (#19883183)

Well said. Pretty much what I was getting at. Also I meant SSID, not APN name. Got my wireless technologies crossed up.

Re:Lets focus on the real problem (0)

Anonymous Coward | more than 7 years ago | (#19883231)

Mod parent up! The article is too light on details to tell if it's an Apple "bug" or a Wireless AP "bug", but either way... the network shouldn't go down even if it is an iPhone problem. I would certainly expect big name corporation (Apple) devices to behave themselves on any network, but if they don't and bring the network down, then certainly something else less benign could do the same as well.

That said, does anyone have more details about this? If it's not an inherent problem with the Duke network itself, then I'd suspect the same problems are happening at other locations as well.

Re:Lets focus on the real problem (0)

Idbar (1034346) | more than 7 years ago | (#19883257)

Your network isn't secure because you're not able to bring it down. It's secure if during the processes you are able to avoid information leaks. Any network, no matter how secure, using a wrong implementation of a protocol becomes vulnerable.

Note that most of the WiFi protocols are still drafts and consequently there is not one unified way to do the things. Vendors need to literally open holes to give access to different technologies.

"But so far, the precise cause of the problem remains unknown"
Needless to say, the problem is "It's an Apple". They will perfectly work (maybe) if the routers were AirPorts. What a headache for administrators.

PS: I knocked off a network switch by attempting to get its IP address using a windows laptop from a secured port binded to a single MAC address (Which wasn't the laptop's one). So guess again.

Re:Lets focus on the real problem (1)

bhmit1 (2270) | more than 7 years ago | (#19883367)

Your network isn't secure because you're not able to bring it down. It's secure if during the processes you are able to avoid information leaks. Any network, no matter how secure, using a wrong implementation of a protocol becomes vulnerable.
To clarify, I was referring to physical security, which few networks have. A properly configured network should isolate any poorly configured device as close to the source as possible. So a mis-configured wireless devices should optimally only be able to impact things within it's wireless broadcast range. And on a lan, the closer you can get to limiting the problem to the specific port the better. You probably won't get to the optimal level in the real world, but problems resulting from not doing so should be considered a network problem.

Re:Lets focus on the real problem (0)

Anonymous Coward | more than 7 years ago | (#19883369)

I've seen places were the entire lan was flat with users connecting on cisco's management vlan and could bring down the whole company by plugging in a device that advertised a new route to the internet (legit or not).
That sounds very similar to what happened at Beth Israel Deaconess Medical Center in Boston - as I understand it, a poor network design effectively brought down the hospital's network for 3 or 4 days! Talk about a risk!

The hospital's CIO blamed a lowly researcher's computer and CISCO's hardware. But I think very poor network planning might have been the biggest culprit.

Lesson learned: don't run your hospital on a single flat network.

Taking out Cisco Router with ARP Floods? (5, Interesting)

xRelisH (647464) | more than 7 years ago | (#19883169)

Umm, a bunch of ARP Requests by a few mobile devices shouldn't be knocking out a Cisco router. These AP's are supposed to be able to withstand much worse than a few of these things.

I call bullshit. I say it's their IT/Computing Department is blaming their poor infrastructure on iPhone.

Re:Taking out Cisco Router with ARP Floods? (5, Insightful)

technormality (1086527) | more than 7 years ago | (#19883265)

18,000 arp requests a second? Smells like a spanning tree loop to me. Thats where I would start looking. Could be a single AP bridging the same vlan with spanning tree disabled. Anyone roaming into into its range could cause havoc.

HOWTO please (3, Funny)

Nikron (888774) | more than 7 years ago | (#19883173)

I want to request a mac address from my access point. Anyone want to post a HOW-TO?

Re:HOWTO please (1)

Idbar (1034346) | more than 7 years ago | (#19883385)

Man! You can imagine how revolutionary the iPhone is, it requests MAC addresses not IP addresses. No wonder why it's messing up that network.

Re:HOWTO please (0)

Anonymous Coward | more than 7 years ago | (#19883459)

1. Ask politely.
2. If that doesn't work, threaten to switch off the network.
3. ????
4. Profit!

Apple's Campus (1)

mandos (8379) | more than 7 years ago | (#19883189)

I would imagine that this problem is either A) a configuration problem on the school's end, or B) will be fixed fairly quickly. I suggest "fixed quickly" because if this is a problem, then all those iPhones Apple is giving to their own employees will crash the Apple campus wireless network too. Plus given all the amazing paid and free press Apple is getting on the iPhone I'm sure they don't want any significant problems arising to generate legitimate bad press about their shiny new product.

Here's a capture of the packet (1)

robpoe (578975) | more than 7 years ago | (#19883217)

There's no place like 127.0.0.1!!!

followed by ..

ET iPhone 127.0.0.1

Re:Here's a capture of the packet (0)

Anonymous Coward | more than 7 years ago | (#19883273)

There's no place like localhost?

ET iPhone localhost?

127.0.0.1 != home, people.

*sigh*

Figures (-1, Offtopic)

ChromeAeonium (1026952) | more than 7 years ago | (#19883251)

How much does an iPhone cost? How much does the average college student have? Yet Duke has so many, they're causing problems. But don't worry folks, America's a classless society, people of any economic background can go to a prestigious university, money has nothing to do with it!!! /sarcasm

Apple DHCP client (4, Informative)

papasui (567265) | more than 7 years ago | (#19883271)

I'm a net engineer for one of the major US cable isps.. A VERY common issue I see with the Apple Airport Extremes is a problem with them declining offered leases infinitely. When this happens the DHCP server marks the lease as temporarily unavailable, the end result is a single offending Airport extreme can eat all the available addresses. The work around is to configure the dhcp server to ignore declines from the client. Regardless it's very annonying (and I'm typing this post on a Macbook so I'm not anti-Apple).

MAC filtering is not a solution (2, Informative)

icydog (923695) | more than 7 years ago | (#19883293)

For all you saying "It's Duke's fault! Secure the network!" maybe you should consider that Duke provides wireless access to something like 15,000 undergrads, grads, faculty, etc. Duke's network is set up so that you can connect to a pool of internal IPs with no authentication, but before you can actually go to any sites other than the network registration site, you have to type in your Duke ID and password.

This is an effective solution. Can you imagine if Duke locked down APs with MAC filtering? You'd have 10,000 "authorize my MAC" requests between August 15 and 30 each year on an already-overwhelmed IT staff, and you can spoof MACs anyways. How many people actually know what a MAC is and how to find it? Sure, they could provide a tool that automatically detects your MAC, but how are you going to download it if you can't get on in th first place?

Also, please don't suggest WEP/WPA, because distributing a password/passkey amoung that number of users is as good as not having one at all. And a more complex solution, like PKI or smartcards, is going to create more headaches than it's worth when deployed to this number of users.

Re:MAC filtering is not a solution (1)

doxology (636469) | more than 7 years ago | (#19883445)

Stanford does MAC filtering. -A Stanford student.

Obligatory Duke Sucks comment (0)

Anonymous Coward | more than 7 years ago | (#19883299)

Its tad better than saying "I'm first".

Re:Obligatory Duke Sucks comment (0)

Anonymous Coward | more than 7 years ago | (#19883405)

Wrong site.

iPhoneMania (0, Redundant)

BillGatesLoveChild (1046184) | more than 7 years ago | (#19883403)

Years from now people will look back and honor the day when Steve Jobs invented the telephone.

mod 0p (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#19883475)

escape 7he8 by end, we need you and Michael Smith and committees
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>