cancel
Showing results for 
Search instead for 
Did you mean: 

Details to RADAR messages

Details to RADAR messages

Stephan
New Contributor II
Hi guys,

can somenone please explain what is meant in Radar Analysis Engine message when the shown MAC address is like this (FF:FF:FF:FF:FF:FF)??

Full message is:

Security threat [Denial of Service] detected by AP [DZAP017], SN
[XXXXXXXX85G0000].
Details: state [inactive], location [Bauteil D - 1. OG - Flur mitte], channel
[44], frequency [5220MHz], associated MAC [FF:FF:FF:FF:FF:FF], RSS [-78],
description [Invalid disconnect
code attack]


Security threat [Denial of Service] detected by AP [DZAP002], SN
[XXXXXXXXX85B0000].
Details: state [active], location [EDV - Systemgruppe], channel [44], frequency
[5220MHz], associated MAC [FF:FF:FF:FF:FF:FF], RSS [-77], description
[Authentication
frame flood attack]

Regards,
Stephan


3 REPLIES 3

Stephan
New Contributor II
Doug, thank you very much! Great work - as always.

Stephan

Doug
Extreme Employee
Typically the all FF's Indicates that a wireless client is trying to inject these messages but purposely obfuscating it’s MAC address or this could be a client with a bad card driver, there’s not enough info to pin-point which client is the source.

You can work with GTAC by taking a trace of the air when the issue occurs, then providing that trace to GTAC for review.

Doug
Doug Hyde
Director, Technical Support / Extreme Networks

Jeremy_Gibbs
Contributor
I also get lots of these.. IDK if they are true or not because I put a Cisco 3701-i AP in the area and it detected nothing of the sort.

GTM-P2G8KFN