Details to RADAR messages

  • 0
  • 2
  • Question
  • Updated 2 years ago
  • Answered
Hi guys,

can somenone please explain what is meant in Radar Analysis Engine message when the shown MAC address is like this (FF:FF:FF:FF:FF:FF)??

Full message is:

Security threat [Denial of Service] detected by AP [DZAP017], SN
[XXXXXXXX85G0000].
Details: state [INACTIVE], location [Bauteil D - 1. OG - Flur mitte], channel
[44], frequency [5220MHz], associated MAC [FF:FF:FF:FF:FF:FF], RSS [-78],
description [Invalid disconnect
code attack]


Security threat [Denial of Service] detected by AP [DZAP002], SN
[XXXXXXXXX85B0000].
Details: state [ACTIVE], location [EDV - Systemgruppe], channel [44], frequency
[5220MHz], associated MAC [FF:FF:FF:FF:FF:FF], RSS [-77], description
[Authentication
frame flood attack]

Regards,
Stephan
 
Photo of Stephan

Stephan

  • 464 Points 250 badge 2x thumb

Posted 2 years ago

  • 0
  • 2
Photo of Doug Hyde

Doug Hyde, Technical Support Manager

  • 20,502 Points 20k badge 2x thumb
Official Response
Typically the all FF's Indicates that a wireless client is trying to inject these messages but purposely obfuscating it’s MAC address or this could be a client with a bad card driver, there’s not enough info to pin-point which client is the source.

You can work with GTAC by taking a trace of the air when the issue occurs, then providing that trace to GTAC for review. 

Doug
(Edited)