Hello all,
My wireless network has recently been DOSed. With police intervention, we were able to fix the problem but I'm wondering if anyone would be able to enlighten me with the exact attack we endured:
First it started where no one outside of 2km of certain sectors could get Internet. We found that the issue was only on verticle polarity so we switched a great number of people to one of our other towers that happen to be on horizontal, writing things off as something new deployed on verticle. Then, on another PoP (the guy set moved his equipment to a new tower of ours) two of our sectors went down. After much playing around it just happened by chance we saw a house with a 24dBi antenna pointed at our tower at only 2km away. Before they "decided" to turn the equipment off, we made the following discoveries:
-> Netstumber could NOT find the two AP's that this 24dBi dish happened to be pointed inbetween. Not at 100m away, and definetly not 1km to 10km away.
-> Kismet could see that it was broadcasting a signal, that it was as strong as usual. This is interesting, since Kismet is passive, I came to the conclusion that the AP was NOT receiving any packets but was definetly sending things out. Kismet reported some traffic (~10 to 20 packets/second). Interestingly, if we turned WEP off, Kismet could see the ARP packets being broadcasted out. We concluded that the AP could transmit packets, but there was no room for it the receive them.
-> The associations list on the AP's were empty.
-> Things went back to normal immidiately following the shut down of the incriminating antenna.
Thanks in advance, Kevin Brown.