Hey guys I'm trying to figure out if there is anyway I can block a specific Mac address from doing De-authentication attacks against one of my AP's. We rented out part of a building next door and put in one AP over there and our neighbors wireless network is attacking mine. I walked over there to get in touch with their IT guy to talk to him about it but he was "busy" and hasn't contacted me back.

Questions I have for this are:

-If I fully enabled MFP would that help in this case? I know MFP isn't working 100% on my network due to some issues I had initially that I haven't had time to work on.

- Is it possible to block out attacks from that specific mac address/addresses from our neighbors AP's to ignore the attacks?

Hopefully I can get a hold of our neighbors IT guy to put an end to this but I bet hes a reclusive loser who doesn't have the balls to talk to people and admit hes wrong. I've set up my 5508 controller to only attack rogue AP's that are on the wire. Everything else it just alerts so I can take a look at it if its RSSI is a certain number.

Thanks guys, just lookin for some advice on how to handle this

a layer 1 firewall works well; I like mine in 9mm, but .40, .45, or even .223 work well. Find his AP, apply the layer 1 firewall until the attacks stop.

_________________
"A problem well stated is a problem half solved". (Charles Kettering)

what encryption are you using ?
if not WPA2, move towards that.
I don't think there is much else you can do.
maybe put of some shielding on the common wall/

_________________
"If you're good at anticipating the human mind. It leaves nothing to chance."
-Jigsaw

We only have one SSID broadcasting using WPA2. Its hidden though . I'm gonna go over there and beat the dude cause come on, its breaking the law what their wireless is doing. Guess the next thing is, what can I do to better document and gather information to be like quit it or the feds get this?

If I knew anything about wireless.....I could contribute technically. However I'd suggest not mentioning the feds...that way if you have too...they'll never see it coming and won't have had time to prepare. Maybe a cease & desist letter but again no mention of any pending action. My .02.

maybe set up a honeypot? Thats prob a bad idea but funny I think.

I'm just going to kindly go over and ask again and sit there til he sees me. You catch more flies with honey. And if it continues I'll talk with my legal team eventually and work something out. Its nice to have an in-house lawyer if needed.

I doubt the feds would care at all about it. If your neighbor refuses to listen you might be able to take them to civil court for damages, but law enforcement is over-worked, and are not going to spend time on someone with a mis-configured access-point DoSing their neighbor.

Be nice, and hopefully they will work with you.

-Otanx

Thats pretty much what I just said in my above post. Legal team can send cease and desist letters and take them to small claims if needed. I'm sure though that once I actually get a hold of their IT group it will be worked out. Unless they are inept and don't even know how to configure their equipment

He's not doing anything illegal. If he has some WPA handshakes he could try bruteforce with rainbows. That is illegal. You cannot block his MAC because he isn't using one. Not his anyway. He spoofs the AP's Mac. In your place I would put an AP with a good higher-gain antenna on his channel pointing at their office. You could also deauth his clients. It's really easy. If nothing works threaten to rape his siblings :p

P.S. MAC's flying all over the place. What a dumb idea wireless is

_________________
Stay the curse !

"I doubt the feds..." small claims/the man/mib/the gov/the feds and blah blah etc. It's just hot air man. Kinda like when o/p said "go over there and beat the dude".

But if a beating is necessary do it with a fly filled honey jar!

I was tempted to take a few AP's over there and take my high gain directional antenna's and point them downstairs. I don't think they would like 4 Cisco AP's blasting De-auth packets at them and other things I could do. Course I don't think my warehouse would like me stealing the AP's I just installed for them to do something like this unless I included them in the fun somehow.

Thankfully I haven't heard any reports from my users having de-auth issues. Its just WCS annoying me with emails for it sometimes.