[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Apple devices spoofing default gateway?
- Subject: Apple devices spoofing default gateway?
- From: wwwboy at gmail.com (www boy)
- Date: Tue, 11 Jun 2019 13:45:55 +1000
- In-reply-to: <CAJWk1pRv4eo3u1b-qQ6zGUP8r6p-3Eo998TZPdFC=QjN0QWS7g@mail.gmail.com>
- References: <CAEuCE9xS1KtHueVkDYJ0j88gys0Mzb=98yjP0s4BAY3d52UuBA@mail.gmail.com> <[email protected]> <[email protected]> <CAJWk1pRv4eo3u1b-qQ6zGUP8r6p-3Eo998TZPdFC=QjN0QWS7g@mail.gmail.com>
Good day Matt,
We have a combination of IAP-135 and IAP-125's , we are running a older
firmware (yeah i know it needs updating something for next month or so)
Worst luck I couldnt work out how to modify local arp caches on the access
points.
I have just enabled "Deny inter user bridging" and that seems to have
stopped the network from crashing when a client steals the router IP.
(this solution may not be the best for some environments tho)
Worst luck Apple is being very slow with a solution and even admitting
there is a issue.
But I just wanted to make sure i updated this thread so at least people in
the future can find it when they google.
If anyone else has any good ideas or solutions let me know. I am keen to
try the latest firmware to see if that has any other features that might
prevent this.
Regards,
Mike
On Sat, Jun 8, 2019 at 5:59 AM Matt Freitag <mlfreita at mtu.edu> wrote:
> For those of us with Aruba wireless, www boy, could you share some more
> info about your setup/code version/configuration/specific APs/controller
> model(s)/etc?
>
> Matt Freitag
> Network Engineer
> Michigan Tech IT
> Michigan Technological University
>
> We can help.
> mtu.edu/it
> (906) 487-1111
>
>
> On Fri, Jun 7, 2019 at 3:06 PM Matt Hoppes <
> mattlists at rivervalleyinternet.net> wrote:
>
>> Turn on client isolation on the access points?
>>
>> > On Jun 7, 2019, at 3:00 PM, Hugo Slabbert <hugo at slabnet.com> wrote:
>> >
>> >
>> >> On Fri 2019-Jun-07 16:21:29 +1000, www boy <wwwboy at gmail.com> wrote:
>> >>
>> >> I just joined nanog to allow me to respond to a thread that Simon
>> posted in
>> >> March. .
>> >> (Not sure if this is how to respond)
>> >>
>> >> We have the exact same problem with Aruba Access points and with
>> multiple
>> >> MacBooks and a iMac.
>> >> Where the device will spoof the default gateway and the effect is that
>> vlan
>> >> is not usable.
>> >>
>> >> I also have raised a case with Apple but so far no luck.
>> >>
>> >> What is the status of your issue? Any luck working out exactly what
>> the
>> >> cause is?
>> >
>> > We appeared to hit this with Cisco kit:
>> >
>> https://www.cisco.com/c/en/us/support/docs/wireless/aironet-3800-series-access-points/214491-arp-responses-for-default-gateway-ip-add.html
>> >
>> > They don't say *exactly* that the Apple devices are spoofing the
>> gateway, but some behaviour in what they send out results in the proxy arp
>> being performed by the APs to update the ARP entry for the gateway address
>> to the clients':
>> >
>> >> * This is not a malicious attack, but triggered by an interaction
>> between the macOS device while in sleeping mode, and specific broadcast
>> traffic generated by newer Android devices
>> >> * AP-COS while in FlexConnect mode provides Proxy ARP (ARP caching)
>> services by default. Due to their address learning design, they will
>> modify table entries based on this traffic leading to default gateway ARP
>> entry modification
>> >
>> > The fix was to disable ARP caching on the APs so they don't proxy ARP
>> but ARP replies pass directly between client devices.
>> >
>> > --
>> > Hugo Slabbert | email, xmpp/jabber: hugo at slabnet.com
>> > pgp key: B178313E | also on Signal
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190611/60e8898a/attachment.html>