[Battlemesh] Extremely odd wireless network in the air causing problems

Musti musti at wlan-si.net
Wed Nov 27 10:19:35 CET 2013


Hi folks,

I am writing to you all with a description of a problem I am facing at the moment here in Slovenia, where a very odd wireless network is causing problems in existing networks. Any thoughts and ideas would be welcome.

Location: Maribor, Slovenia

A few days ago a network appeared in the air, that uses 802.11 but is not a conventional AP or mesh, transmitting at a rather high power in several directions, possibly omni at 5680MHz (ch 136). Triangulation of the signal thus-far has been a failure, not being able to find any consistent direction of the origin and perform triangulation. But looking at the traffic generated by this “thing” is where it gets weird. 

All the packets transmitted have a common BSSID: DE:6C:11:9E:DE:6C and originate from the following devices:

10:0E:DE:6C:11:9E
E8:00:DE:6C:11:9E
28:00:DE:6C:11:9E
3E:00:DE:6C:11:9E
64:00:DE:6C:11:9E
30:00:DE:6C:11:9E

As well as 
10:0E:00:00:00:00
E8:00:00:00:00:00
28:00:00:00:00:00
3E:00:00:00:00:00
64:00:00:00:00:00
30:00:00:00:00:00

The MAC addresses do not appear to be from a valid vendor, first to sections changing make no sense really.

Now things get even more strange, the traffic is of 6M bitrate, consisting only of DeAutehntication packets, utilising the maximum throughput of the channel, mostly originating from 28:00:DE:6C:11:9E. Example from tcpdump verbose output:

01:54:32.120993 30290112us tsft 6.0 Mb/s 5680 MHz 11a -87dB signal antenna 1 DeAuthentication (28:00:de:6c:11:9e (oui Unknown)): Reserved

Some other packets of type ACK and RTS have been seen, but absolutely no data of any form.

The measurements and observations were made using Ubiquiti Nanostation Loco M5, Nanobridge M5 25dB running openwrt AA, using Horst and tcpdump. Btw, on these devices the only way how to make horst listen on a specific channel appears to be by creating an ap on that channel and then adding a mon0 interface. Any ideas how to use it more conveniently or use automatic channel hopping. Manual setting of the channel allows only the first two digits to be entered.


Any ideas on what other experiments to do and how to go about finding the source of this “noise” would be appreciated.

Kind regards,
Musti
wlan slovenija






More information about the Battlemesh mailing list