nanog mailing list archives
Re: Apple devices spoofing default gateway?
From: Jimmy Hess <mysidia () gmail com>
Date: Thu, 14 Mar 2019 16:19:04 -0500
On Thu, Mar 14, 2019 at 7:29 AM Simon Lockhart <simon () slimey org> wrote:
Apple devices, but what's more strange is that we're only seeing it where those Apple devices are connected to Cisco 1810 and 1815 APs, and where those APs are connected to a Cisco WLC running v8.5 software. If we downgrade the WLC to v8.2 the problem goes away (but v8.2 doesn't support 1815 APs, so we
Apple's Bonjour protocols include something called Apple Bonjour Sleep Proxy for Wake on Demand --- When a device goes to sleep, the Proxy that runs on various Apple devices is supposed to seize all the IP and MAC addresses that device had registered, so it can wait for an incoming TCP SYN, (and if one's received, then signal the sleeping device to wake up and process the connection.) Bonjour and the related mDNS protocols used for AirPlay/AirPrint/etc are built on Link-Local multicast. I wonder what would happen if some random Wireless LAN controllers malfunctioned, and decided that it would like to ignore that Link-Local restriction and proxy those packets b/w subnets anyways, as if they had been unrestricted multicast or Unicast, Possibly with the source IP address on registration Mangled to or "gateway'd" from the router's IP address. (Or perhaps they wanted to have a feature to let someone AirPlay from a different VLAN than another device?) Either way.... playing around with the source IP address on the Link-local m/c packets might accidentally get them a Default Gateway IP address registered with other workstations as a mobile device that's gone to sleep and needs a proxy. -- -JH
Current thread:
- Apple devices spoofing default gateway? Simon Lockhart (Mar 14)
- Re: Apple devices spoofing default gateway? Mel Beckman (Mar 14)
- Re: Apple devices spoofing default gateway? Simon Lockhart (Mar 14)
- Re: Apple devices spoofing default gateway? Mel Beckman (Mar 14)
- Re: Apple devices spoofing default gateway? J. Hellenthal via NANOG (Mar 14)
- Re: Apple devices spoofing default gateway? Simon Lockhart (Mar 14)
- Re: Apple devices spoofing default gateway? Mel Beckman (Mar 14)
- Re: Apple devices spoofing default gateway? Jimmy Hess (Mar 14)
- Re: Apple devices spoofing default gateway? Simon Lockhart (Mar 14)
- Re: Apple devices spoofing default gateway? Curtis, Bruce (Mar 14)
- Re: Apple devices spoofing default gateway? Simon Lockhart (Mar 14)