AP/Client Flood, Single device packet flood

JED2021
Getting noticed

AP/Client Flood, Single device packet flood

The MAC addresses reported  are all non registered.  

Worked with support for a Packet capture and was led to believe it was a ring doorbell.

Asked the co tenant to turn off the door bell. 

Issue exists still.

 

Has anyone seen  this similar issue?

 

Jan 3 13:45:07FN285-WAP2  AP / client floodradio: 1, state: end, alarm_id: 6318  more »
Jan 3 13:45:00FN285-WAP2  AP / client floodpacket: beacon, radio: 1, bssid: E2:CB:AC:90:4B:26  more »
Jan 3 13:44:57FN285-WAP2  AP / client floodradio: 1, state: end, alarm_id: 6317  more »
Jan 3 13:44:49FN285-WAP2  AP / client floodpacket: probe_resp, radio: 1, bssid: EA:CB:AC:90:4B:26  more »
Jan 3 13:44:27FN285-WAP2  Single device packet floodradio: 1, state: end, alarm_id: 6316  more »
Jan 3 13:44:27FN285-WAP2  AP / client floodradio: 1, state: end, alarm_id: 6315  more »
Jan 3 13:44:26FN285-WAP2  Single device packet floodpacket: probe_resp, device: EA:CB:AC:90:4B:26, radio: 1  more »
Jan 3 13:44:19FN285-WAP2  AP / client floodpacket: beacon, radio: 1, bssid: 0A:8D:CB:71:42:DE  more »
1 REPLY 1
Brash
Kind of a big deal
Kind of a big deal

There's no way you can really confirm whether the devices are flooding maliciously or not without tracking them down.
It could be anything from poorly designed IOT devices to bad drivers, or someone attempting a malicious attack.

Do you have any AP's on the same network or broadcasting the same SSID that are not part of this Meraki dashboard?
Is it always the same AP that's detecting it? If so, could be worth giving it a reboot.

 

A few threads that provide some more information and other people's experience:
Packet floods detected by AirMarshal - The Meraki Community
Solved: Mr34 packet flood issues - The Meraki Community
Air Marshal - Cisco Meraki

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels