When iPhones attack!
Update 07/22/07: Duke University said yesterday that widely publicized problems with its campus wireless network it had originally blamed on Apple Inc. iPhones had instead been traced to Cisco Systems Inc. hardware. See article at computer worldIt’s been widely reported now (thanks to Network World for the poor fact checking) that the iPhone has downed over 30 access points on the Duke University network due to a continued flood of ARP packets.
Here are some questions I have for the Admins at Duke:
1. How do you know the iPhone is causing the flood? A fairly old attack against switches to be able to sniff packets going over the switch involves overloading a switches CAM table. This is done by flooding a switch with bogus arp traffic with many different source mac addresses. See: Packet Sniffingon Layer 2 Switched also see winArpAttacker - a window tool that will perform these attacks
2. Is it possible you have a bridging loop? In the case of loops and arp packets, your system may broadcast a single ARP packet but the bridging loop causes it to appear many times over, hence your routers (and WiFi controllers) would spend lots of time replying to the same request. Do you have Spanning tree protocol disabled? For more info on bridging loops see: wildpackets.com
Its funny how we take Duke at there word, I personally own an iPhone. I’ve connected it to many wireless networks and found that it has always performed as expected. I’ve also used ARP cache poising against the device using Cain and Abel. I found that each time I performed the attack on the iPhone, the iPhone simply disassociated from the wireless network.I'd imagine that on seeing an arp flood on the Duke network those iPhones would also disassociate.