Community discussions

MikroTik App
 
Twido
newbie
Topic Author
Posts: 30
Joined: Fri Apr 05, 2013 11:33 pm

is this packet injection?

Thu Feb 06, 2014 12:50 pm

From yesterday I see almost only this in logs

16:40:40 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:40 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:42 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:42 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:42 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:42 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:42 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:44 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:44 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:44 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:44 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:44 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:46 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:46 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:46 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:46 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:46 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:46 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:48 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:48 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:48 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:48 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:48 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:48 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:50 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:50 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:50 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:50 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:50 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:50 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:52 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:52 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:52 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:52 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:52 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:52 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:52 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:52 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:52 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:52 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:52 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:52 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:54 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:54 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:54 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:54 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:54 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:56 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:56 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:56 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:56 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:56 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth 
16:40:56 wireless,info wlan2: data from unknown device 00:90:CC:9F:69:9F, sent deauth
I'm guessing that this is a packet injection, can anyone confirm this?
Last edited by Twido on Thu Feb 06, 2014 5:43 pm, edited 1 time in total.
 
plisken
Forum Guru
Forum Guru
Posts: 2509
Joined: Sun May 15, 2011 12:24 am
Location: Belgium
Contact:

Re: is this packet injection?

Thu Feb 06, 2014 4:11 pm

Weird post

give more info
 
Twido
newbie
Topic Author
Posts: 30
Joined: Fri Apr 05, 2013 11:33 pm

Re: is this packet injection?

Thu Feb 06, 2014 5:05 pm

wlan2 had wpa1 authentication enabled
Those two macs doesn't exist in local ACL, the even don't exist in whole network.
its quiet wired because that macs tried to communicate with AP all the time
more than 10 times per second AP had to send deauth package.
Even if I add them to ACL they don't try to exchange keys with AP.

Everything starts when we move one of our clients from wlan1 to wlan2 where is working pppoe server.
wlan1 was previous an open network (only ACL defend from unauthorized access).
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: is this packet injection?

Thu Feb 06, 2014 5:06 pm

Your photo is not showing
 
plisken
Forum Guru
Forum Guru
Posts: 2509
Joined: Sun May 15, 2011 12:24 am
Location: Belgium
Contact:

Re: is this packet injection?

Thu Feb 06, 2014 5:12 pm

@normis

Can you see the picture normis?
You do not have the required permissions to view the files attached to this post.
 
Twido
newbie
Topic Author
Posts: 30
Joined: Fri Apr 05, 2013 11:33 pm

Re: is this packet injection?

Thu Feb 06, 2014 5:44 pm

forgive me that, i already edit first post and put log in clear text
 
User avatar
patrikg
Member Candidate
Member Candidate
Posts: 226
Joined: Thu Feb 07, 2013 6:38 pm
Location: Stockholm, Sweden

Re: is this packet injection?

Thu Feb 06, 2014 5:48 pm

Here are the results of your search through the public section of the IEEE Standards OUI database report for 00-90-CC:

00-90-CC (hex) Planex Communications
0090CC (base 16) Planex Communications
2F FENISSAY Ebisu Bldg
3-16-3 Higashi,
Shibuya-ku, Tokyo 150-0011
JAPAN

http://standards.ieee.org/develop/regau ... ublic.html
 
Twido
newbie
Topic Author
Posts: 30
Joined: Fri Apr 05, 2013 11:33 pm

Re: is this packet injection?

Thu Feb 06, 2014 6:00 pm

yep, customer that we had to move from wlan1 to wlan2 uses before planex router witch external antenna attached via rpsma , we change this archaic setup and now it is excellent MikroTik cpe sxt lite2 :D

I supposed that someone uses old planex mac address to connect with protected ssid

Who is online

Users browsing this forum: petardo and 28 guests