Strange Communications

J

James Suttles

Active Member
Today, I went to a project and when I got on site, I started up the LS base, set to use TCP with verizon Jet Pack. The Jet Pack required an update when I turned it on, I updated the jetpack, but when I went to connect the LS to the WIFI from the Jetpack, it would connect and then quickly disconnected. So fired up the Rover LS, and its jetpack, required the same update, so updated it, and it exhibited the same behavior. My cell phone would connect, and then quickly disconnect, so the behavior was not limited to the LS. The LS would connect, and showed no internet connection, and then dropped the connection, and started the whole process over. So after about 30 min of rebooting both the LS and Jetpacks, I decided to switch to the spread spectrum radio. Fired up the radio, setup the base, and fired up the rover. The rover showed great radio signal, but was not recieving corrections from the base. Again started everything over and resetup everything, nothing. So after an hour of trying to get some sort of connection, I gave up.

Packed everything up, drove back to the Office, 1 1/2 hour drive. Set both units up outside at the office, had both units logon to the WIFI at the office, no problems. Got into remote support, had Adam login and check things out, fired up the jetpacks, both connected and held steady. So thought try the Spread Spectrum Radio, and it was steady. So not sure what was going on at my site, but it was like something was jamming the Jetpacks and the Radio. Plan to go back and try again.

Anyone ever experienced a connection problem like that?
 
John Thompson

John Thompson

Well-Known Member
I had a similar problem the other day, but I didn't troubleshoot it much. The jetpack required an updated when I turned it on. A couple minutes later I noticed it had turned itself off so I assumed it had updated. I proceeded to start base as normal, but I never got a fixed solution. The wifi led on the T2 was green, but the Jetpack said no devices connected. I'm not sure the LS had a good internet connection either.

It was hot outside and I didn't feel like fighting it so I just went back to the office. I tried it at home the next morning before heading to the job site and everything worked normally, and has ever since.
 
J

James Suttles

Active Member
I wish that was the case. I returned today to, find the same problems. I went roughly 1500' off the property and everything Jetpacks, Radio worked. So setup base about 1.4 miles away. Started collecting points back toward the location, and BAM get within 1000' the Jetpack drops out. It hooked phone to Jetpack, and it dropped the same time as the LS. So something has to be jamming 2.4 ghz and 5.0 ghz and 900mhz for the SS radio. Strange. I ran a static session and got results, but was hoping to use the point for the base, guess not. Also the Machine control group was going to use the point in their calibration, guess we will see if UHF is effected.

Any ideas on what they maybe using to jam the signal. I could see about 15 wifi networks in the LS, but they were all secured, and looked to be part of the school, so maybe whatever they are jamming the signal with has a whitelist and those routers are on it.
 
J

James Suttles

Active Member
My experience acted like a Deauthentication attack. Do we know if the LS has 802.11w in it? Check the vid to see why we may need it. This acted a lot like a jammer, but it exhibited a Deauthentication type issue. The wifi would connect, but the DHCP IP was like the one, that you get when it doesn't really get an IP, 169.48.XX.XXX or something like that, It normally is 192.168.1.1 which is the default network in the Jetpack.

Jamming vs Deauthentication

As for the Spead Spectrum radio, that is strange also. It would transmit and the rover showed excellent signal, but never got a correction, base ID or anything.
 
J

James Suttles

Active Member
Very interesting post from REDDIT

https://www.reddit.com/r/sysadmin/comments/8stxxb
I have never ran into this before, but apparently is been around a while and it would make sense if the school wanted to prevent unauthorized use of wifi on their campus. I do not know if 802.11w would have corrected the issue, but would be nice to know we are not subject to that policy.
 
Adam

Adam

Well-Known Member
5PLS
This is great information Doug. Thanks for posting. This may become more prevelant as time goes by.
 
Adam

Adam

Well-Known Member
5PLS
James Suttles said:
Very interesting post from REDDIT

https://www.reddit.com/r/sysadmin/comments/8stxxb
I have never ran into this before, but apparently is been around a while and it would make sense if the school wanted to prevent unauthorized use of wifi on their campus. I do not know if 802.11w would have corrected the issue, but would be nice to know we are not subject to that policy.
Click to expand...
Still, they even jammed your FHSS radio. No wifi involved there.
 
Adam

Adam

Well-Known Member
5PLS
@Eugene Aksyonov , I think you may like this thread. I worked with Doug closely on this and it is not just a mishap. Is there anyway to get around it?

Doug, I'm curious how the static files processed. If they were jamming the sat Sig's too?

What would I do if my neighbor did this to me? It would be a hardship on my business.
It was a definite hardship on your survey project. The LS was not able to be used for it's intended purpose (rtk) because of it.
 
J

James Suttles

Active Member
The static file worked out well, its attached. So no jamming there. Best I can tell they were not Jamming 4G either, as the Jetpacks and my phone showed 4 bars of signal on 4G. This is a private elementary school, so maybe they have a hired IT group that has blanketed about a 2000x2000 foot area. I could see other AP's but they must have been in an approved whitelist, and my jetpacks were considered rogue AP's. Will be interesting to see if the Contractor's UHF will work, either on that points, or on the line he is constructing at the rear of the campus.

The SS radio, is the baffling part. It will show radio signal is Excellent, but no corrections. Just stays CDF, never gets base ID, Distance to base, etc.
14219-1_001.png
 
Adam

Adam

Well-Known Member
5PLS
That would explain it getting the radio too. Thanks Shawn I didn't know that.
 
Shawn Billings

Shawn Billings

Shawn Billings
5PLS
I take that back. Our spread spectrum operates at 900MHz. WiFi operates at either 2.4GHz or 5GHz. There are some spread spectrum radios that operate at 2.4GHz, but not ours.
 
J

James Suttles

Active Member
If the LS can connect with 802.11w-2009 would that prevent the deauthentication of our wifi from being subject to this hack or countermeasure?

As far as Radio, I have no idea why it acted that way. Once away from the school location, the radio worked fine. So they must have something that induces noise into the 900mhz range, too.
 
J

James Suttles

Active Member
Does anyone know if the LS has 802.11w-2009 capablitlity. If so, do we know if the jetpacks have to be compliant with 802.11w-2009. This maybe a fluke, or it could become an increasing issue, as new routers start to adopt that countermeasure.

Best I can tell anything that is not listed in the white list of a router running deauthorization packets will not be able to function, unless 802.11w-2009 is deployed on our equipment.
 
J

James Suttles

Active Member
I had to be back on the site this AM. While I was there, I thought I would go to an area outside the school. Approx. 1000' from the school site and the issue still persisted. So I checked all the Wireless networks available in order to pin down which one my be causing the disconnects. ALL the wireless routers available were listed as ATT and one MySpectrum router, so knowing that, My guess is ATT or Spectrum are deploying Wireless access points that are using the deauthentication countermeasure? If so, this could become a problem, since our equipment is not able to override this network broadcast.
 
J

James Suttles

Active Member
Found this, so could Linux be our answer? Can someone chime in if they know the answer.....

Posted 2014
Cisco spearheaded a method of detecting these attacks and even protecting this type of attack if it is enabled and the client device supports it (minimum support of CCXv5). The Cisco feature is called "Management Frame Protection" and full details can be found on the Cisco website.
In essence, the process adds a hash value to all management frames that are sent.
This process was standardized with the IEEE 802.11w amendment released in 2009, and is supported by most modern Linux/BSD distributions in the kernel. Windows 8 was introduced with 802.11w support by default (which did cause some initial problems in some environments). AFAIK, OS X still lacks 802.11w support.
For reference, 802.11w was rolled up in the 802.11-2012 maintenance release of the 802.11 standard.

Updated Post May 31, 2018

The Wi-Fi Alliance (WFA) has made support of Protected Management Frames (PMF) mandatory to pass 802.11ac or Passpoint (aka HotSpot2.0) certifications. This has pushed support for 802.11w significantly and you can even find it in most consumer devices today.
Unfortunately, Apple still appears to be the holdout. Let me lead off by saying that I was surprised to find that Apple has not certified a single device with the WFA since early 2014. I know this is a voluntary process for vendors, but not taking part in the certification process seems like a bad idea to me for such a large manufacturer of wireless devices.
While Apple has added 802.11w support, there are still issues. Namely I came across this post earlier this year detailing issues with Apple connecting to a network with 802.11X authentication and 802.11w required. Networks that use a PSK (with 802.11w either optional or required) seem to work as do 802.1X networks with 802.11w optional.
So we are getting there, but still have some way to go.

So there should be a solution.
 
You must log in or register to reply here.
Top