Slashdot Mirror
IPhones Flooding Wireless LAN At Duke
coondoggie sends us to a Network World story, as is his wont, about network problems at Duke University in Durham, N.C. that seem to be related to the iPhone. "The Wi-Fi connection on Apple's recently released iPhone seems to be the source of a big headache for network administrators at Duke. The built-in 802.11b/g adapters on several iPhones periodically flood sections of the school's wireless LAN with MAC address requests, temporarily knocking out anywhere from a dozen to 30 wireless access points at a time. Campus network staff are talking with Cisco, the main WLAN provider, and have opened a help-desk ticket with Apple. But so far, the precise cause of the problem remains unknown. 'Because of the time of year for us, it's not a severe problem,' says Kevin Miller, assistant director, communications infrastructure, with Duke's Office of Information Technology. 'But from late August through May, our wireless net is critical. My concern is how many students will be coming back in August with iPhones? It's a pretty big annoyance, right now, with 20-30 access points signaling they're down, and then coming back up a few minutes later. But in late August, this would be devastating.'" So far, the communication with Apple has been "one-way."
coondoggie sends us to a Network World story, as is his wont,
At least the editors admit that coondoggie is filling the queue up with network world stories. Maybe they'll do something about it at some point
-Bucky
He states now it's not a big problem, (guessing because it's summer and not as many students there). Then expecting it to be a BIG problem once students arrive. So to me this says that the iPhones using their service aren't students at all. If this is the case, buckle down the AP settings so they're not open or easily accessible via iPhone and require students to anti up their MAC addresses to connect to the wireless network.
Holy mother of christ! These people ever hear of sleep()?
I'll believe in corporations having personhood when Texas executes one... - advocate_one
But from late August through May, our wireless net is critical.
Wireless? Critical? Dumb.
I don't respond to AC's.
No wonder there is no answer... Apple people weren't able to receive any network package with all those iPhones around.
Rethinking email
that is a polite way of saying that Apple has not been responsive. Any other network having this problem?
Well, I'm sure that the university admins are all morons and the iPhone is working as advertised. This is just more FUD from the haters. Go Steve!
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
Man sits outside Starbucks gets 40 years in jail for illegally connect to wifi network. Starbucks manager informed our reporter that this would all have blown over, if the defendant had simply purchased a cappacino. The defendant claims that he is innocent, but was found to have in his position an iPhone.
This behavior is very typical of the Apple fanboi. Luckily it isn't that bad on Slashdot as it is on Digg. The story was just posted on Digg so lets see what happens...
"I don't believe it's a Cisco problem in any way, shape, or form," he says firmly"
How do they know that?
The terminal preppies DDoS their own LAN with toys that their rich parents bought them. Boo Hoo!
Does anyone else see the fact that so many students at this elite school can afford this expensive luxury an insult to the rest of us? So many capable young adults would love to have the resources available to Duke students (not just iCrap, but genuine empowering technology and knowledge), yet only those with wealthy families* can get in. We need a fair and democratic school system including free universal higher education. Private schools that help perpetuate wealth and power (and, moreover, further class stratification!) should no longer be respected. It's OK to be selective and aim for an intelligent student body, but why should tuition be a barrier for anyone in a society as wealthy as ours?
(*or the obedience necessary to create a squeaky clean scholarship worthy image)
------ Take away the right to say fuck and you take away the right to say fuck the government.
...it's their network. Why are we only hearing about it here? They probably have a loop in their network or some kind of ARP forwarding active they don't understand. You would think something like this would get caught early on in testing with the iPhone, this kind of problem tends to stand out. I also doubt the iPhone has enough horsepower to pump out 10Mbps of ARP requests, sounds like a networking device is sourcing these packets.
I'm sure Apple will push a patch before the entire internet's infrastructure collapses.
Maybe.
I'm sorry, but there's something a little OFF here. No wireless hardware requests a MAC address. It may use MAC to authenticate to a table, but it goes for a DHCP lease.
Slashdot...sigh...
We have a number of WAP's at work. We also have a number of people who have bought iPhones, and we have not seen any wireless nodes go down from iPhone traffic.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I can take out a cisco WLAN controller with thin APs and aironet APs with an arp flood for a non-existent IP. Are they even in the same subnet? Is the whole wifi network from one building to another layer2? Or is the problem arising because it is actually layer3 from building to building and the APN name doesn't change.
Judging by the statement that they can exhibit the behavior after being handed from one access point to another kind of nullifies the theory that they may be trying to re associate with the users home network. They're trying to get back to the old AP, which arping wont do because it's on a different VLAN.
Mystery solved, now what can cisco do about it. I don't really care that it's an iPhone bug. I just think its one more DoS vector to patch up. Maybe de-associate the phone and drop traffic until it acts right? Set a threshold or something? You might still have a source of noise, hopefully it would realize it was dropped though. No link layer, no arp right?
Any non-secured network (either where users can plug into the lan or over wireless) where a device is able to bring down the network should be considered defective. I've seen places were the entire lan was flat with users connecting on cisco's management vlan and could bring down the whole company by plugging in a device that advertised a new route to the internet (legit or not). To a similar point, if a device on a wireless network is able to flood the network, then the access points need to be tuned. Sure, they can jam the airwaves, and there's nothing you can do to stop that DoS. But, you don't have to turn 18,000 requests per second into something that broadcasts across the rest of the network. Every firewall app that I've worked with includes throttling and I would hope these APs do as well.
This doesn't mean that apple released a product without a defect. But if your network crashes because of a defective device, then you should fix your network first.
Umm, a bunch of ARP Requests by a few mobile devices shouldn't be knocking out a Cisco router. These AP's are supposed to be able to withstand much worse than a few of these things.
I call bullshit. I say it's their IT/Computing Department is blaming their poor infrastructure on iPhone.
I want to request a mac address from my access point. Anyone want to post a HOW-TO?
Disclaimer: Disregard the above post.
Not to mention that there are several hundred wireless access points on the Apple campus, and several hundred (possibly thousands) of iPhones on the same campus. You'd have thought that any inherent problem with the phone and networking would have been caught, isolated, patched, and distributed by now...
I'd lay odds there's something screwed with their network...
I would imagine that this problem is either A) a configuration problem on the school's end, or B) will be fixed fairly quickly. I suggest "fixed quickly" because if this is a problem, then all those iPhones Apple is giving to their own employees will crash the Apple campus wireless network too. Plus given all the amazing paid and free press Apple is getting on the iPhone I'm sure they don't want any significant problems arising to generate legitimate bad press about their shiny new product.
Mike Scanlon
There's no place like 127.0.0.1!!!
..
followed by
ET iPhone 127.0.0.1
= Grow a brain...
It's the university's, since their network people allow ARP broadcasts to cross subnets.
Obama likes poor people so much, he wants to make more of them.
I'm a net engineer for one of the major US cable isps.. A VERY common issue I see with the Apple Airport Extremes is a problem with them declining offered leases infinitely. When this happens the DHCP server marks the lease as temporarily unavailable, the end result is a single offending Airport extreme can eat all the available addresses. The work around is to configure the dhcp server to ignore declines from the client. Regardless it's very annonying (and I'm typing this post on a Macbook so I'm not anti-Apple).
For all you saying "It's Duke's fault! Secure the network!" maybe you should consider that Duke provides wireless access to something like 15,000 undergrads, grads, faculty, etc. Duke's network is set up so that you can connect to a pool of internal IPs with no authentication, but before you can actually go to any sites other than the network registration site, you have to type in your Duke ID and password.
This is an effective solution. Can you imagine if Duke locked down APs with MAC filtering? You'd have 10,000 "authorize my MAC" requests between August 15 and 30 each year on an already-overwhelmed IT staff, and you can spoof MACs anyways. How many people actually know what a MAC is and how to find it? Sure, they could provide a tool that automatically detects your MAC, but how are you going to download it if you can't get on in th first place?
Also, please don't suggest WEP/WPA, because distributing a password/passkey amoung that number of users is as good as not having one at all. And a more complex solution, like PKI or smartcards, is going to create more headaches than it's worth when deployed to this number of users.
Its tad better than saying "I'm first".
So, who cares? So he submits stories from Network World. He probably works for Network World. Does that fact alone make the story less valuable or interesting? If someone else had submitted the same story, it would be OK then? Slashdot has editors and a moderation system. There's nothing inherently deceptive in submitting your company's (or your own) stories.
Breakfast served all day!
Just junk food for thought...
At least 2 of his 20 published submissions were from non-networkworld sources. Of course his only posted comment is a 'correction' to a story linking which he's trying to point to....networkworld. Astro-tuffing should get some kind of modding too. And why are submitters not linked to directly, I had to cut/paste his name in just to see his profile.
Quack, quack.
They can ride out the iPhoney's iFlooding with a new iArk (tm) - shipping soon!
Years from now people will look back and honor the day when Steve Jobs invented the telephone.
They're not using the right terminology. It sounds like the iPhones are doing an ARP request for an IP address that isn't on the Duke network. Maybe it's trying to update its ARP tables?
Anyhow, the ARP standard is unclear enough that it's undefined what the response should be for an ARP request to an unknown destination should be (http://www.faqs.org/rfcs/std/std37.html). Theoretically, every packet that you send needs an ARP entry, which means that every packet sent to something that isn't in your machine's ARP table would generate an ARP request. In reality, it seems that your router tends to substitute its own MAC address for non-local ARP entries (since all non-local packets go through the router, you really don't have to know what the real MAC address is)
It sounds like the Duke Cisco routers are misconfigured somehow, and are generating an ARP storm. Some Cisco routers has a bug where a packet sent to an IP address for which the router doesn't have an ARP entry causes the router to broadcast all subsequent packets across all of the router's ports. It happens in the cable industry when someone swaps out a GigE card and forgets to update the ARP tables on the Ciscos. Solution: use dynamic ARP tables, which can be a security hole.
FWIW.
spend thousands of dollars on expensive Cisco AP equipment, a factor above consumer grade systems, and something goes wrong, the extra instrumentation doesn't help and the vendor just blames somebody else? Is this a good reason not to go with expensive equipment, or just colossal incompetence of the administrator who configured everything?
The iPhone really *is* a revolution in mobile phones. Or, at least, it likes inciting one at the router level!
This is a typical non-free cluster fuck, with a heavy leaning on the Cisco side. LSU's Wireless has adopted some stupid new "security" feature that won't even talk to iPhone. It's also causing lots of other problems, even with the wired network. On Windoze, the client deletes Firefox settings which requires lots work by lab owners. Printers have been iffy since roll out and today it knocked out the whole building all morning.
I get the feeling this was planned long ago to help push the Vista upgrade train along. There is no client software for Windoze 98, gnu/linux users are inconvenienced and Apple users get some kind of half ass support that does not include iPhone. The default page for sign on is now that crappy Windoze advertisement, which tells you all about how to set up your "outblaze" Outlook.
The reason it got used at LSU? Federal wiretap laws and poor budgeting.
No real security is going to be gained. Insecure sites will still be interceptable on the much larger internet and Windoze botnets will have no problems negotiating the new crappy network.
Friends don't help friends install M$ junk.
Say what? The last time I saw something equally screwy it was a Cisco LightStream 1010 (ATM switch) running LANE (LAN Emulation) that played no part in layer 3 at all, yet it was still building up an ARP table of every IP datagram that flowed through it (and wondered why it kept running out of memory).
If you send out an ARP for an "unknown address", you'll get no response - it's not up to the router to respond on behalf of "non-local packets", it's up to the client to determine that the destination is non-local (by using the network and mask together) then picking a suitable gateway (usually default) for sending the packet on its way.
Therefore, the client already knows it needs to send the non-local/unknown-addressed packet through the router so it explicitly ARPs for the router's MAC address (if not already cached) - nothing to do with trying to get the MAC of the remote destination.
The iPhone doesn't support our campus wireless WPA/PEAP/TKIP. This just came into effect today, iPhone users aren't pleased.
...so.. this is at Duke, huh.. hmmm, I see what happened.
The IT department needed help "stripping out the old cables" so they told the HR to hire some "outside contractors" to come in and help, they went to the headhunters, a few words get changed or dropped....See what happens!?!11
It sounds to me as if the problem is at least partly with the network admins who don't know their ARP from their MAC...
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Its Duke, its rich kids, its rich kids who buy toys. The iPhone and its wireless capability was announced a long time ago.
Maybe, just maybe you would thought a little bit ahead and realized that a whole bunch of students and faculty would be coming back to campus with one? Then you could have, I don't know, prepared for it? You're Duke. You have the head of the Comp. Sci. department (who, I'm sure has a contact at Apple) get you non-competitive specs on the wireless capabilities.
You prepare for said capabilities or ban the phone from campus.
Expect the best but always plan for the worst. But then I forgot, you college admins have your little fiefdoms that nobody is allowed to intrude on.
Good Luck!
It is NOT a "MAC Address request"....it is most likely ARP traffic. I'd bet some piece of the WLAN infrastructure at Duke is doing UNICAST instead of MULTICAST, and the resultant flood is overwhelming the uplink switchport for the respective access point.
Could be the iPhones or something else, but I'd bet if they pull a trace from the NAMs on the Cisco chassis', they'll see a UNICAST flood. ID the source address, and either have the admin change the box or write an access list to drop the traffic.
Or not....with no more info than this, it's a WAG. One from experience on a large Cisco network, but a WAG nonetheless.
I am my own gestalt.
As a Democrat I blaim the Jew Puppet Bu$Hitler Chimpy McHaliburtin.
Too bad.
ARP is broadcast (not unicast nor multicast, unlike say, EIGRP which does use multicast); "floods" tend to be caused by broadcast (if from a single source - unicast if from multiple sources).
... where I work. Zhone changed something in the firmware that ships with their 4200IP DSLAMs that caused the Cisco equipment we put one behind to go down unless we're fast enough in changing a few choice settings first. We never found anything wrong with the Cisco equipment, and we were always able to fix the problem by reconfiguring the DSLAM to knock off the monkey business. The iPhone and a $3,000 DLSAM ought not to be flooding a network with ARP requests like that, but after seeing this I'm wondering if Cisco is completely faultless as Duke's people seem to think they are.
Okay if this is really the case, no DHCP network, then why does this same thing not happen when Laptops looking for DHCP addresses come in range of duke? For example, I would imagine that whenever there's a conference or perhaps when the student show up in september that all the laptops on campus are set to hunt for DHCP by default (since that's how one usually sets up wireless networks). Seems like you'd have the same sort of storm.
Some drink at the fountain of knowledge. Others just gargle.
You are a fountain of ignorance, at least concerning your diatribe against Duke. Instead of being wealthy and pay tuition, you can also simply be smart and hard working. My daughter just graduated from Duke, from which she had gotten a full scholarship...Most likely, someone like you wouldn't get such a scholarship, especially in view of your ignorant rant.
.only those with wealthy families* *or the obedience necessary to create a squeaky clean scholarship worthy image can get in.
Did you not read what I wrote? I'll post it again:
. .
You're right; I wouldn't get much in the way of scholarships. I'm too willing to piss people off. Also, I'm sure there are selective schools that want people more capable than me. That's OK. I don't have a problem with selection based on genuine differences in intelligence or work ethic. This isn't about me though. Plenty of capable and only slightly deviant people don't go to good colleges, or don't go to college at all, because they can't afford it and just weren't straight-laced enough to get aid/scholarships. Even if some students get in on scholarship, why should ANY of the spots go those who are more economically privileged but less intellectually capable? Maybe your daughter is smart and hard working...maybe she isn't the bland conformist that I picture when I hear "scholarship material" (try to get funds if you've had an expulsion or done significant prison time!) If you really respect her, don't you want her to go to school with other people who are at or above her level? Why should some "fountain of ignorance" be able to buy his way in? Isn't it an insult to her to say that all her hard work and talent is only worth as much as being the son of an executive?
I know a Duke student who's extremely intelligent and hard working...but he also has a fairly well off family that supported him through prep school and now through University. Most successful people have a number of advantages in their favor. I understand that not everyone fits into the ugly demographics that we see when we think about social groups abstractly. I don't see have any of these nuances take away from my claim that education should be available to all, and access to an elite education should be based entirely upon mental ability, not on how well your parents managed to exploit the working class.
On a related note, few of the current determining factors for college acceptance should be considered at all. Admissions offices shouldn't look at race, family status as alumni, economic class, or even past academic performance. The last item may strike you as absurd, but think about it! Leadership and project development in hobbies and non-profit work, standardized test scores, work experience, and essays are far better ways of determining ability than grades. You get good grades in K-12 by doing what you're told. If you finish the work each day and turn it in, you get an passing grades whether you understand the concepts involved or not. (In K-12) If you attempt to spend your time learning through practical experience and self study, not matter how intellectually rigorous, you'll probably get expelled. Merely setting foot off the school grounds (without permission) can get you arrested for truancy! Compulsory school is a form on imprisonment or involuntary servitude. If colleges wanted to encourage insight instead of wrote parroting, they would ignore high school grades in their admissions decisions.
------ Take away the right to say fuck and you take away the right to say fuck the government.
Damnit...it's hard to win a debate in support of alternatives to the education system when you haven't slept for days and can't manage to write a few paragraphs without making so many grammatical mistakes and typos that everyone reading questions your education. I think I'll rest for a bit and resume this discussion later.
------ Take away the right to say fuck and you take away the right to say fuck the government.
Oh, you already did. Never mind.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
Spanning Tree Protocol is the root bridge of all evil.
I don't know what kind of crack I was on, but I suspect it was decaf.
Well, actually, maybe you can. Someone posted that Airpoerr Extremes have interesting DHCP problems. I would not be surprised if the DHCP client in the iPhone wasn't just impatient, or trying to hog a lease at the expense of any other competitor device. Not the first time Apple has been caught playing 'mine's bigger than yours' in networking code.
It wouldn't surprise me, either, that the iPhone might even try using the last IP it had. Never know, it might have just moved a few feet, and sheesh, that last AP has some hot packets, dude. Break me off another piece of that eh? Gone? Ah well, in the wireless biz, easy come easy gone.
And, don't forget, Duke sucks.
deleting the extra space after periods so i can stay relevant, yeah.
Very true, grades aren't the optimal method of determining skill, but they are one of the better methods of measuring a persons masochism (er... how determined you are academically). Knowing a student has the patience to do things he may dislike or outright hate is an important factor, hell may be the most important factor if you want measure someone by their earning potential only.
While I disgree with abolishing compulsory education in high school, I'd support giving high school students the same freedoms college students enjoy (study what you want to, set your own schedule, etc). Mostly because my experience as a teen makes me think most teenagers are horny and don't like schoolwork. They do however like freedom and the option to not take classes they hate.
i doubt any of this is in software these days. this has got to be an ARP storm taking down the receivers (essentially DOS "attack"). what part of the firmware does ARP requests? is the ethernet stuff built into the wireless chip(s)? does anyone know what wireless chip/chipset is in the iphone?
Sammy at IT/Personafile
Stop whining and solve the frickin' problem.
That's what you are paid for. If you can't solve the problem, resign and let other more competent ppl do it.
How the hell did you get modded informative with that god-awful collection of misunderstandings and poor comprehension of clearly understood concepts? the ARP standard is unclear enough that it's undefined what the response should be for an ARP request to an unknown destination should be Umm, what?!?!?!
There's nothing unclear about the standard, except when you apply it incorrectly.
To begin with, there is no such thing as an "unknown destination" - if the address is unknown, how the hell do you send a request for it?!?! (You ever call 411 and say "Hi, I need the phone number for someone, but I don't know who they are, where they live, what they do, or anything about them.")
Now, if you're clumsily trying to say "there's no way to answer: what is the MAC address of an IP address that is unassigned", then that's simple - there is no answer (nobody responds, so therefore there is no answer - which means that the IP address is unassigned.)
However, if you're trying to say "what is the MAC address of an IP address that resides on a different network" then the answer is the same - there (again) will only be a reply if
a machine with that IP address exists on the network. IP networks are virtual - you can have many different IP networks residing on the same wire. If a machine hears an ARP request for an address that is not on it's network, it just doesn't answer (the inherit assumption is that there is another IP network on the same wire, and the request is ignored.)
ARP doesn't know anything about IP network layout - basically, machines just respond if they hear a request for their IP address. Theoretically, every packet that you send needs an ARP entry, which means that every packet sent to something that isn't in your machine's ARP table would generate an ARP request. No - every packet you send needs a DESTINATION (either broadcast, unicast, or multicast). Unicast packets (which is what we're talking about here) require a destination MAC address, but these destinations don't have to be resolved using ARP - it's quite possible to have some or all of them in a static table, if you like. However, it looks like you're just confused, because of... In reality, it seems that your router tends to substitute its own MAC address for non-local ARP entries (since all non-local packets go through the router, you really don't have to know what the real MAC address is) You are confusing IP and Ethernet (802.3, 802.11, etc.) networks. To ethernet, there is no such thing as a "non-local" packet - all packets are local.
When you want to send to an *IP* address that is not on the local link, you look up the IP address for the router(s) to that network, ARP for it (if you don't already know it's MAC address) and send the packet to it - there is no 'substitution' involved. You never ask for the MAC address of the destination IP address, you ask for the MAC address of your router, then send it the packet for forwarding.
There is a standard called proxy arp that does essentially this. In essence the router will start responding to arps for IP addresses on it's other interfaces. The valid use cases for it are virtually all bizarre and it can cause all sorts of horrific problems.
True (on all counts) - though you've nailed it by saying, "the router"; for proxy ARP to be an issue, the device responding must be a participating layer 3 (IP routing) device. If that's at the heart of Duke's problem... *shudder*
It could be something to do with bad RF design, maybe the wifi chipset in the iphone behaves badly with CISCO AP's. I wonder if the iphone has cisco certified compatible extensions?...If not this could cause big problems working with cisco AP's
Without RTFA I thought it could be a problem with the Iphones attempting to authenticate with the AP's
I know most AP's have a security mechanism which will stop all clients authentication if there has been a number of unsuccessful authentication attempts in a given time period. I have seen problems where users have used incorrect credentials to many times and then the AP shutdown for a time period (it was set at 300 seconds) would ignore/prevent all authentication requests.
The RADIUS server will prevent authentication in the same way.
These features may need to be tweaked or setup property to prevent the Denial of Service.
These are just the birth pangs of SKiNET.
But that's exactly the problem. The iPhone handshakes with a "How are you gentlemen." and asks for a MAC address, at which point the WLAN's response is "What you say !!" and it goes downhill from there...
Violence is the last refuge of the incompetent. Polar Scope Align for iOS
My money is on the issue being related to rendezvous / bonjour / zeroconf / whatever they call multicast DNS these days.
If iPhone is 'running OSX' (yeah right...) or rather enough of it to duplicate some of the network functionality, then we would expect to see similar network traffic that we see on a network of Macs which is usually made up of a constant stream of ARP requests as OSX constantly looks for other devices on the subnet to interrogate them.
Sorry folks, this message is incomplete info; I searched heavily to provide a supporting link but failed.
A few days ago ( > 1 week?) in the comments for an article subject I cannot recall, and engineer explained that the common bottleneck on free ISP hotsopts for VOIP use would max out at 4 client/sip-phones per access point, due to packet collision and *not* bandwidth.
That's what he stated the average Linksys-type unit can handle with SIP packets, as I recall.
You can't be ahead of the curve, if you're stuck in a loop.
As long as the client device have their default gateway and routing properly configured it shouldn't matter if the proxy arp is enabled or disabled. On the other hand, if they use proxy arp to find the next-hop router (or default gateway) the amount of ARP traffic is significantly higher. If this is the case, the question is why not to deliver the proper default gateway by using DHCP?
-- Reality checks don't bounce.
Seriously?
Slashdot really is going down the shitter.
You're making an assumption that the Duke, as an institution, provides a "better" education than a public University.
I think the only thing better about Duke than, say, NC State is the basketball team. And that's only in most years.
Besides which, if people want to pay more to attend a private institution, that is their right. Personally, I'm a product of the state system, and I work with a couple Dukies. They're fine, except for March Madness when they get "sick" the day after Duke loses in the tournament.
Isn't it true that even if magically you didn't need money to attend a University, Duke would still have to limit it's admission?
And when they did, what would be the basis for those limits? How smart? How good looking? How successful some person thinks you'll be?
I mean, you've got to limit it somehow, Duke is private, they can make admissions anything they'd like.... hair color, how well you play basketball, family connections, even the ability to pay. Is that awful? Not really. My supermarket will throw out people who can't afford food. That doesn't make them immoral or even terrible.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
If Apple can't make hardware that works, and/or won't own up to their problems and fix them, then ban all iPhones from connecting to the university WiFi network via their MAC vendor and device ID portions. After all that is what the structure of a MAC is for - so the network admins know what kind of devices are being used.
Banning iPhones campus wide because they are faulty would trigger some nice nasty press for Apple and piss off a lot of owners of the device - I imagine they would fix the problem much faster (or at least respond to the ticket!)
Tests for almost everything should not be testing memorization sorts of things. The reason is that bears no resambaliance to the actual reality you'll be working in. At work, if I don't know the answer I'm not only allowed but ENCOURAGED to look at Google, ask other people, check the docs, and so on. While it is useful for me to remember things I commonly need to know, I'm not expected to be a little database of information. WE've got computers for that and they are better than any human will ever be.
The math class that I learned the most ever in was a community college precalc class I took my senior year in high school (since I had a schedule conflict with the high school precalc). All tests were open book, open note, graphics calculators allowed, and you could ask the teacher for help. They were not designed to see if you could memorize shit about math, they were designed to see if you could do math when provided with all the proper resources. At the end of that class, I was an absolute ace at precalc. I've never learned more in a single math class before or since.
The more that a test relies on restricting your access to information to be hard, the worse of a test it is. I loathe CS departments (and ours is one of them) that insist that tests should be done on a pencil and paper with no reference. That's crap, because that's not how real programming is done. You aren't testing a person's actual knowledge or ability, you are testing how well they do in a contrived situation.
I realise that not all tests can be perfectly designed, but there's nothing wrong with making your goal to be as open as possible, and that includes the idea of a take home test, where there are literally no restrictions on what can be used as a resource.
Just wait until MS releases the zunephone! They ain't seen nothin' yet!
Also, let's be honest, this is duke. Next week, faculty will be taking out full page ads about the iPhone being a racist symbol of male patriarchy designed to facilitate rape. A 9 month investigation will find that duke network admins made the whole thing up.
Do you even lift?
These aren't the 'roids you're looking for.
I'm sure those are up to spec, but knowing the cobbled together nature of mose college networks...
"Sic Semper Tyrannosaurus Rex."
Last man standing gets to keep the name!
hahaha...
This sounds like the revenge of appletalk...
Ah, I remember the days when apple talk used to be enabled by default on logs of equipment, and it was chatty as hell.
This is probably not quite the same thing, but it does sound very similar.
Oh well
He probably meant "adress request" as in "Your place or mine?"
Least I hope he did, or he was really missing out!
I never spellcheck and I freely admit it. Save your karma for more worthwhile "lol erorrs" replies
Is it possible that all of the iPhones at Duke are losing their cellular connection at once and/or since they likely all have the same time (ntp) that they have caches that expire simultaneously?
Isn't this more of an Apple or AT&T issue then than a Cisco issue?
My current cell phone (Samsung) burns a hole in my pocket as I'm on the fringe of its network at work--it continuously tries to get a good signal from the nearest tower, sleeps briefly, and tries again. Perhaps something similar is going on at Duke's network that triggers the flood.
I think if I was responsible for Duke's network, I'd outright ban iPhone's on the network until Apple or AT&T has resolved the issue.
It could be. On the other hand, maybe it's just Cisco's revenge for the iPhone thing. And it's hardly "one-way" communication, since what has happened is that they've opened a "ticket," and then "escalated" it. That means they've got some of the more pricey brains at Apple working at it. Hey, Apple and Cisco made an agreement to make their Wi-Fi phones compatible. Maybe this is instance #1.
Perhaps the Duke networking group asked someone to submit this to slashdot in order to solve their problem for them. Why do the legwork when all the geeks on slashdot will do it for you? *ducks*
Not bizarre at all.. it's used for subnetting. eg. your dept. has a /24, and you have 2 sub-departments that you give a /16 each. Proxy arp allows a router sitting on that subnet to respond to the arp request on the /24 block without having to reconfigure all the routers beyond it to 'know' that you're routing those specific IPs not responding to them directly.
It's more common than you'd think in companies.. especially large ones, where the IT infrastructure is very disjointed and getting any kind of unified address allocation is nearly impossible.
This seems to me that this netword got a jabbering (yet defective) NIC. One time, in my network, my own pc nic card started jabbering. I search for 3 hours until find that my pc was causing trouble. So a defective nic really can flood with garbage and cause a DoS.
I don't know... here at the Politecnico of Milan, where I've been staying for the last year in an Erasmus exchange, they seem to manage fine. They have a dual wifi, one public called "polimi" and one private with hidden SSID and name "internet", secured with WPA "enterprise", tkip + tls. When you have your laptop on "auto-associate" -bad security policy! I've seen some rogue laptops offering AP's here...-, or just join the "polimi" network, every web request gets redirected to an information page explaining quite well how to set up a proxy. Once you do that, you login with your registration number and password, both of which were given to us at the beginning of the year, together with a smart card which is used to access the labs and the libraries, and you get to download a certificate (or its revocation). With that, just follow the instructions, install it, configure a network with hidden ssid "internet" and manually specify that it needs to use the certificate just installed. All of this, of course, with screenshots of every single step. When done, as the proxy is well setup because you had to do it for the "polimi" connection, it's just resetting the wifi and it joins the "internet" network fine and securely (but through a damned proxy, blessed corkscrew ;).
It seemed easy enough that an architecture student could do it on his own... =P And it worked on macs and linux (just converting the certificate with openssl it gets picked by wpa_supplicant). No more open-air traffic as in my home university (sit on the cafeteria, open kismet, begin sniffing passwords!)
(btw, to help to manually configure a proprietary wifi interface on a chinese laptop - on a CHINESE gui has had to be the most bizarre computing experience I've had till the date :D).
I setup public wifi spots at various locations and I saw an employee with an iPhone in use at one last Friday, so I researched my logs. Here is what I see:
1. The subnet for the wifi is 192.168.3.x
2. The initial request from the iPhone was for a 192.168.1.x subnet address. I assume this was the last subnet it connected to over wifi. It does this first thing every morning. It also does this if the iPhone has been gone for a few hours. So the user must connect to a 192.168.1.x subnet at some other location, perhaps their home.
3. When the iPhone makes an initial request using a 192.168.1.x subnet address, it takes between 5-12 seconds before it is assigned a 192.168.3.x address from my DHCP server.
4. The iPhone makes a lot of DHCP requests. I guess this is because the user only uses the web for a minute or two at a time. It must be a power saving "feature" to turn off the wifi after a short period of inactivity.
5. Sometimes the DHCP requests are 15-20 minutes apart, sometimes there are 1 or 2 every minute.
I think perhaps we just have different standards of bizarre.
And I don't doubt for a minute that bizarre setups are quite common in large companies. Lord only knows I see a lot of proxyarp related bug reports for our routing software.
Most likely it isn't.
Most liekly it is the shitty MAC protocol called Apple Talk!
Apple Talk does a LAN Scan for any other Apple device everytime it connects to the network. And you can imagine with a Network that big and the constant drop and re-establishment of the connection, that can cause a ARP/Broadcast Storm.
...for clearing that up. I was wondering why his system was seeing requests from the American Association of Retired Persons.
What if the Hokey Pokey really is what it's all about?
It must be official - I am an old bastard. I know that times have changed, and college is a different world now. I remember spending $2000 on my first computer (386DX w/2MB RAM, 80MB HDD). It was HUGE deal, and I had to work my ass off to save up for that. But it meant that I didn't have to go into the computer lab to do my programming assignments. No net access (we barely could afford cable), no cell phones w/$100 a month plans, no $400 music players. I worked all through college to pay for it, scrimped and saved, STILL had to take out loans to make it. How the hell are kids doing it today?
My beliefs do not require that you agree with them.
As soon as the ball team finds out they can wreck their exams with a coat hanger and a microwave, you can count on it happening every finals week.
See, you have an opportunity to educate here, and isn't that what college is all about?
Just filter the iPhones out. Use a netfilter and figure out the damn MAC address range. Gotta be using one of these listed here...
http://standards.ieee.org/regauth/oui/oui.txt
Who cares if people complain. I wouldn't even deal with it. Must be noob network admins.
Shortly after the iPhone was released, AT&T suffered an unexplained outage of their EDGE data network. Any possiblity that this problem with the iPhone was responsible for that?
I wouldn't be suprised if the Cisco network infrastructure was responsible for this. I have owned 3 different Linksys WRT54G routers and they all crashed when my iMac came online. While troubleshooting I even discovered that Mac OS X from VMware (yes, illegal I know) also crashed the Linksys router for everyone on the network. Linksys/Cisco replaced the unit twice but to no avail. If let your server crash because a client sends something you were not expecting, it is your fault to handle that properly. Fairly confident this is entirely Cisco's fault. They probably implemented some shortcuts in the protocol stack that they shouldn't. BTW, Belkin routers don't crash :-)
"When it does not receive a response, it does it again, apparently about 18K times a second."
.06 ms ???
Isn't that a bit impatient? Is wireless fast enough to reply in that fraction of a ms ?? Is that not like
Even if it got an answer would it know it at that rate? And would it know which request the answer was to if it is sending requests faster than it can get an answer?
.....Leadership and project development in hobbies and non-profit work, standardized test scores, work experience, and essays are far better ways of determining ability than grades......
/. readers probably have at least some college, yet judging from some of the atrocious spelling and grammar here on /., it appears many are not all that good in handling "The King's English" any more.
First, I am sorry about the insult.
My daughter did have top grades and was the valedictorian of her class. However she also had many of the other qualities you mentioned. She earned a good portion of her undergrad expenses by the work-study program, but still had to get some loans. She won the county spelling contest as a junior, beating out her older sister by one word. Teachers and others who were in attendance at the school district headquarters, even now still tell us us that this was the most memorable spelling bee they ever attended. Most
She attended Duke graduate school on a full scholarship, after demonstrating outstanding scholarship and leadership as an undergraduate. In college, grades do reflect hard work and true understanding of the material. In public school, attendance is compulsory and educators have a vested interested to pass non-learners out of the classroom and school as soon as allowed, but they have to deal with them until then. The breakdown of the family unit is the largest contributor, by far, to the destruction of motivation to want to learn.
Whenever there is a limited resource, such as scholarships, an education or a well paid job, someone has to make choices based on certain criteria. I'm sure there will always be disagreement as to what those should be. All of the ones you mention are usually taken into account by good admissions officers. However, lets be honest, money does talk in this world, especially in the US. As a practicality, money can and does make up for a lack in some of the criteria you rightly held high. This world is not and never has been entirely "fair". There is also considerable disagreement about what constitutes fairness.
(....if you've had an expulsion or done significant prison time!......)
In college or job applications or even in getting insurance, past behavior is and must be taken into account. If there are a number otherwise qualified applicants for a single opening, the one whose record is blemished gets eliminated from consideration. Learning to do what you are told is very important in most jobs. Your boss pays you to do what he/she wants done and often how to do it, not when and how you decide. If you are asked to do something unethical or illegal, YOU alone have to decide whether you are willing to put your job on the line by disobeying and not do wrong.
Is a college education a privilege or a right? The founding fathers of the US recognized that there are certain "inalienable rights" for all and wrote these into the constitution. The right to an education or a job is not listed. Those privileges have to be earned.
There are many very important jobs that need to be done in our society which do not require a college degree and which generally do not have much prestige and/or pay. In a big city, such as NY, the striking of all the garbage collectors has a much greater effect on life there than when all the doctors or lawyers walk off their jobs. Unfortunately, but realistically, money is generally considered to be the number one sign of "success" in our society.
All theory is gray
The pornography-browsing features on Apple's recently released iPhone seems to be the source of a big headache for administrators at Duke. The built-in web browser is used to access pornography for hours at a time from Duke's restrooms, temporarily causing lines of up to 30 deep. Campus staff have opened a help-desk ticket with Apple. So far, the problem remains primarily with Mens' rooms, although isolated instances of Womens' room squatting have been observed.
'Because of the time of year for us, it's not a severe problem,' says Kevin Miller, assistant director of infrastructure. 'But from late August through May, our bathrooms are critical. My concern is how many students will be coming back in August with iPhones? It's a pretty big annoyance, right now, with 20-30 people waiting in line. But in late August, this would be devastating.'"
So far, the communication with Apple has been "one-way."
Any WiFi device can "bring down" a wireless access point. It is a shared medium, therefore it is an intrinsic property of the medium that any poorly-behaved device can knock all others off the network. No flaws int he network at all have to exist for this to happen. ANY wirleess device can be brought down trivially.
The only way to design it otherwise would be to have every wireless device allocate it's own communications frequency (which was not in interfering range of other used frequencies) at client negotiation time, so that communications didn't interfere with each other and they each had their own available bandwidth.
Too bad that would be totally unworkable in practice due to the extremely limited number of frequencies available, not to mention illegal since you're monopolizing the public spectrum.
Any router would appear knocked down because all the spectrum is being flooded with ARP requests so every packet is having collisions.
People gotta remember WiFi is a shared medium - it is not switched. It follows the same principle as an old fashioned hub. Anyone can flood the whole hub knocking everyone else out with collisions if they want.
This new learning amazes me, Sir Bedevere. Explain again how sheep's bladders may be employed to prevent earthquakes.
Sooner or later, either bad LAN design or a product flaw will be discovered, and the offending party will have a mack truck sized helping of egg on face to deal with.
Where do you want to be, What are you doing to get there.
This is in fact the meaning of the word 'code'.
my password really is 'stinkypants'
ARE BANNED FROM INTERNET
my password really is 'stinkypants'
Ah, good times!
I once crashed the LAN of a large-and-suddenly-very-angry bank about five years ago. I was just querying the mib-ii interface table of a LightStream via SNMP, nothing fancy. Default behaviour of a basic network performance tool, but for the 1010s it was a real problem. The LightStream had an entry for *every* potential VP.VC connection. Two problems: first, this meant that a bulk-get request was suddenly querying a few thousand interfaces (instead of the four or so channels they actually had configured). Second, it decided to give priority to responding to an SNMP query instead of doing something useful like "don't drop the network!".
As soon as I set the polling go - complaints could be heard across the office and I was quickly facing an irate operations manager.
Easy enough to resolve by just running get-requests against "real" virtual channels, rather than "potential" ones. But very daft default behaviour. And just subtle enough to get through testing in the test lab before going live.
I wouldn't be so quick to conclude as per the article that Cisco simply wouldn't be at fault!
"I don't believe it's a Cisco problem in any way, shape, or form," he says firmly"
How do they know that?
Remember when Cisco sued Apple over the iPhone trademark (after slapping an iPhone Dymo label on one of their Linksys boxes)?
I'm sure Steve Jobs took that well. And I'm sure this is an innocent mistake in the iPhone firmware that will be corrected in the next release.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Dumbass network engineers create giant flat network, iPhones with shitty antennas connect and disconnect constantly, network devices with too little memory and/or bad implementations of ARP protocol get freakin' confused...
ARP storms ensue.
Nothing to see here, move along.
(And these network admins must have missed the early 90's with lots and lots of hubs.)
Time to go back to network architecture school and quit relying on the Cisco TAC for brains.
Who hired the moron who went to the PRESS to fix his network problems, when his vendors let him down, anyway? That's the really interesting question.
Guy's obviously in over his head and hoping someone from Apple or Cisco will chopper in and rescue him. He probably even hopes, nay expects, that they do it for free.
Perhaps if they ignore him long enough, he'll figure out how to fix his own problems?
+++OK ATH
I congratulate your families on your success, however I see your success as being based on more than just hard work. There are clues in your reply... your parents' "educations were not recognized". I suspect that means they were professionals (engineers? physicians? educators?) with good educations in Europe. That they could not bring their degrees or European status with them is a shame, but it nevertheless put them in a very different poistion from those whose parents may have never had any success. Starting over is a lot easier than breaking new ground. Your wife's parents owned a farm, well that tells me they too had resources. Sharecroppers work long hard hours too, but it almost never gets them anywhere. No one works as hard as poor people, not even farmers.
Like you, I used to think that anyone could get ahead with hard work, but I now know that is not always possible. My advantage was so subtle that it was invisible to me - I simply knew it was possible to get ahead. For many people who do not have any family member who gained success through education, college is as alien a concept as supporting a family as a nomadic herder in Mongolia would be for me. I know people do it, I know it CAN be done, but I could never just start doing it no matter how hard I worked at it. I would not have the support mechanism.
There are many intelligent, hard-working people who are trapped in poverty. It isn't because they don't work hard (remember, working hard for your daughter was studying hard, while working hard for a poor person may be having two jobs to support a family), or because they get rent subsidies, or are lazy - it is because they don't have that subtle background that lets them know what is possible, or even how to advance themselves. Its like riding a bicycle. It seems obvious how to do it once you know how, but you tend to forget how hard it was when you didn't know.
Sorry the iPhone doesn't run AppleTalk (or the underlying DDP) but my Mac SE/30 did...
- Time to upgrade your knowledge and start using a calculator instead of an abacus.
..... I suspect that means they were professionals (engineers? physicians? educators?) with good educations in Europe......
Your suspicions are not correct. I am an engineer. My father was a chef and baker and got a job at a bakery and my mother was a nurse, but had to take a job as a cleaning woman at minimum wage. My wife's parents managed to save enough money for a down payment and borrow the rest from a friend. Paying off that loan meant doing without even the smallest extras and a very hard and dangerous job for her dad at a local lumber mill.
We know a young man of hispanic descent, born in LA, who was in prison until a little over a year ago, yet now has a good job with a road construction company. It is not an easy job for him, but we know he is a hard worker. It still is possible to get out of an economic hole by hard work.
Although there are some employers that needlessly require college for some entry level jobs, it is still possible to get good jobs as a high school graduate. Some employers are willing to train motivated young people. I talked to the owner of a farm machinery dealer about two weeks ago, at a wedding, who spoke very highly of the young groom he recently employed and will train as a mechanic. People who have a good attitude and high integrity level still are able to make it in our society.
All theory is gray