Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

VERY STRANGE WIRELESS BEHAVIOR


  • Please log in to reply

#1
googlymoogly

googlymoogly

    Member

  • Member
  • PipPip
  • 18 posts
Hi all just woke up today and tried to log on to the net, and noticed it was a no go! I fired up wireshark to see what the problem could have been and apparently my wireless card was just sitting back receiving EAPOL keys all night. Not exactly sure why but I will post a screen shot. I'm assuming this was going on for hours as well...

Any ideas?

Attached Thumbnails

  • wireshark_2007_07_27_11_50_21.JPG

Edited by googlymoogly, 27 July 2007 - 11:24 AM.

  • 0

Advertisements


#2
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
is the buffalo or the actiontec in y our computer? (i'm going to assume that the actiontec is the wireless router/modem and the buffalo is your PC's wireless card right?)
  • 0

#3
googlymoogly

googlymoogly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
actiontec is router, buffalo is wireless card.
  • 0

#4
googlymoogly

googlymoogly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
bump::

Hey guys, I just had this happen again. It's like all of a sudden my wireless card refuses to respond or something. I see in wireshark again that it's receiving "EAPOL" key but even disabling and re enabling wireless adapter doesn't work.

The only thing that does work is a reboot. And even then, it hangs on soft reboot so I have to hit the reset button.... What is going on!?!?!?

EDIT: Uploaded events and services where things started to "look funky". The TCPIP error continues from 8 AM to about 11 AM.

Attached Thumbnails

  • mmc_001.jpg
  • mmc_002.jpg

Edited by googlymoogly, 23 August 2007 - 11:20 AM.

  • 0

#5
googlymoogly

googlymoogly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hello all-

Just found some stuff on EAPOL attacks... I don't use EAPOL on my wireless adapter, but the computer that is having problems is in the DMZ of my router (Running Sygate Personal Firewall). I do this to allow web hosting and some other remote access solutions from home. Even though I don't use EAPOL to authenticate, is it possible someone is trying to gain access by spoofing as "me" and trying to hijack my session on the router? Then in turn I am being kicked off until rebooting?

PLEASE anyone- if you can help that would be so great.



EAPOL Start Attack

WiFi Manager raises this alarm when it sees a wireless client sending too many EAPOL start packets.
What is EAP ?

EAP stands for Extensible Authentication Protocol. It is a general protocol for authentication more commonly used in wireless networks and Point-to-Point connections. It supports multiple authentication methods such as EAP-MD5, EAP-TLS, EAP-SIM, EAP-TTLS, LEAP, PEAP.
What is this EAPOL Attack ?

EAP authentication starts with a EAPOL-start frame, which is sent by the wireless client to the Access point. Upon reception of such a frame the Access point responds back to the wireless client with an EAP-Identify-Request and also does some internal resource allocation. Attackers use this vulnerability, they send a lot of EAPOL-start frame to the Access point either by spoofing the MAC address or by emulating wireless clients, forcing the Access point to allocate more and more resource and there by bringing it down

EAPOL-Logoff Attack

WiFi Manager raises this alarm when it sees a wireless client sending too many EAPOL Logoff packets.
What is EAP ?

EAP stands for Extensible Authentication Protocol. It is a general protocol for authentication more commonly used in wireless networks and Point-to-Point connections. It supports multiple authentication methods such as EAP-MD5, EAP-TLS, EAP-SIM, EAP-TTLS, LEAP, PEAP.

EAPOL LOGOFF attack

Attacker spoofs a 802.1x EAPOL-Logoff frame
from the legitimate client station to fool the AP in logging off the client
What is this EAPOL Logoff Attack ?

Wireless clients using EAP authentication to connect to the wireless LAN, terminates their authenticated session by sending an EAPOL Logoff frame. This frame sent by the wireless client is not authenticated. Attackers use this vulnerability. They spoof this frame and send it to the Access point by having the source MAC to that of the wireless client, thus knocking the wireless client off the WLAN. Typically the wireless clients will try to re-establish the association, but the session will be short lived as the attacker will be sending this EAPOL Logoff frame continuously.
  • 0

#6
googlymoogly

googlymoogly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Guys, anyone PLEASE if you can shed some knowledge on what is going on... I moved my computer out of the DMZ last night to see if that was the problem.

I think it may have something to do with downloading.

I was downloading a bunch of stuff off of steam client all night ( not torrents), and I had been kicked off. Ran wireshark again and its the same as in the first screenshot I posted.

I run WPA-PSK not EAPOL what is going on!?
  • 0

#7
Steve Lacy

Steve Lacy

    Member

  • Member
  • PipPip
  • 12 posts
I am seeing the same exact behavior on my wife's laptop. The wireless card has been crapping out all day. At first I could reconnect...then a soft reboot would work...now she can't connect at all. Have you gotten any help???
  • 0

#8
googlymoogly

googlymoogly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Negative!

Today I woke up and tried to reboot as it had lost connection overnight. The reboot did not solve the problem though this time! I had to actually power cycle my router to get it to go....

Yikes...

No idea steve?
  • 0

#9
googlymoogly

googlymoogly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
nobody's got any ideas???
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP