My Neighbour is Using a Ruckus Router to Attack me with Deauth packets

  • 1
  • Question
  • Updated 2 months ago
  • Answered
Hi All, 

My neighbour (a nursery business) isn't overly friendly (no idea why). Over the last year my wifi network and other neighbouring networks have been plagued with disconnects. Recently after many visits for the ISP to ascertained the issue they have identified that the Ruckus router used by the Nursery is being used to flood deauth packets to neighbouring AP's which I am fairly sure in the UK is illegal (why is this even a feature on your equipment!?). 

I have tried talking to them but they just refuse to even discuss the issue (it's possible they don't understand the issue). 

Any ideas on how I protect myself from people maliciously using your technology?
Protected management frame will work for some clients but not all, devices like my thermostat and doorbell will continue to be disconnected. 

Kind regards, 
Simon
Photo of Simon King

Simon King

  • 4 Posts
  • 1 Reply Like
  • Frustrated

Posted 2 months ago

  • 1
Photo of Logan Taylor

Logan Taylor

  • 9 Posts
  • 2 Reply Likes
Hi there, it's actually a protective technology that is not an automatic feature it is something you actively have to switch on as it's meant for clearing airspace of malicious rogue ap's. Unfortunately it's got your wifi in its sites. Not much you can do without them disabling the feature on the controller
Photo of Simon King

Simon King

  • 4 Posts
  • 1 Reply Like
Hi Logan, 

Thanks for your reply. If this feature is not automatic as you claim, then in this instance it is being used as a weapon against my family. There is nothing rogue about my AP, it has been there for 4years+. 

This feature seems more like a cyber-weapon than a "protection". 
Photo of Logan Taylor

Logan Taylor

  • 9 Posts
  • 2 Reply Likes
In this case yes you are experiencing the bad end of it however in big corporate setups or government, mod for example they need to protect their airspace against other access points as we all know wireless hacking is easier than gaining access to the property yourself.
But any way the point is that I'm pretty sure that it is not automatic.. I support many customers using ruckus and I have never actually seen this in action except for my own synthetic testing. What are you using as your wifi setup. I'm wondering why your access point would of flagged as a malicious rogue device on their setup to begin with.
If they are adamant that they will not turn it off then unfortunately the only way I would presume would be to change the mac address of your ap. Ergo having to buy another one.
Dont get me wrong this technology should never be used in this way but it has a very good reason to exist.

You could always buy ruckus and do it back XD
Photo of NETWizz

NETWizz

  • 180 Posts
  • 57 Reply Likes
Something like this would be illegal in the USA.  I am not even sure that is an option here.  I would talk to them about it.  If that doesn't work, your remedies would be legal not technological.

I work for a State Government, and nobody owns the airspace.  It is FCC controlled.  We detect rogue access points (mostly hot spots), but we are not de-authing them.
Photo of Simon King

Simon King

  • 4 Posts
  • 1 Reply Like
In the UK and US this form of 'protection' is classed as Radio Jamming and illegal. So no, as much as I want to I am not sure doing it back is a good idea :P I will try going down the legal-assistance route first though.

My Wifi setup was originally a standard domestic ASUS router, using it as any home user would - no special settings. The router was returned as we first thought the D/C's were due to a faulty product. We are currently using the standard Plusnet router to please the Plusnet tech team who have been investigating these issues. So the mac address has changed but it didn't solve the issue - our wireless SSID has stayed the same though.

From what I have seen in the Ruckus set-up people can mark AP's as malicious manually so I assume this is why I have been subjected to the attack?
Photo of NETWizz

NETWizz

  • 180 Posts
  • 57 Reply Likes
By legal, I am not talking about suing them but rather that you might look for Ofcom, which appears it might be your FCC equivalent.  I would talk to the Nursery first; since, I doubt they are intentionally doing this as a personal attack on you; instead, someone probably saw a checkbox that said something like, "protect against rogue access points," and it sounded like a good idea..  Perhaps ask to speak with an IT person.  If I was their Network Administrator and got a call from a Home Owner who described the situation you do, I would immediately log-in and turn that feature off.  Most IT folks are reasonable.  Where you run into problems is when you run into that guy who needs approval from six different departments and change management before he will remedy the problem, or that guy who's job is not doing anything

If IT does not help, I would speak to someone at the management or executive level or write them.

Next, would be a complaint to your Government body that regulates the airwaves.  In the USA, that body is the FCC.  Although they have fined businesses like the Mariott for doing things like this, I am pretty sure it starts with a quick investigation and a sternly written letter.  In the UK supposedly Ofcom is your equivalent to the USA's FCC per an Internet search.  Ironically, enough the FCC utilizes a LOT of volunteers to do the independent investigations for them because they are very reliable and take their jobs extremely seriously.  For example, there are local volunteer Amateur Radio monitors.  If they see/hear abuse, they report the station's call-sign, date, time, etc.  What these folks have in common is many years of being licensed, involvement in their communities, attending field days, etc.  They basically warn someone and speak out about a problem, but if that does not fix it, they commonly fill out an FCC form where they make declarations as to what they witnessed or investigated.  Typically, it is a small group that sign it.  That is generally how this works in the USA.  A letter then goes out warning of possible enforcement action, and any further complaint or follow-up for the same violation not resolved usually involves a fine, which is contestable and/or negotiable.  The FCC is surprisingly fair as far as Government regulating bodies go.

Although it is hard to believe, a complaint of this nature would likely be investigated within 24 to 48 hours.  You might be surprised how helpful Ofcom might be using tax dollars to help you.

I hope that helps.
(Edited)
Photo of Simon King

Simon King

  • 4 Posts
  • 1 Reply Like
HI NETWizz, this is very helpful thank you. And pretty much all of what you described in the same in the UK but through Ofcom as you say. I will pay the nursery a visit as I agree I am not sure they know they are doing it, and hopefully, they will put me through to their system admin. Cheers!
Photo of Michael Brado

Michael Brado, Official Rep

  • 3025 Posts
  • 426 Reply Likes
As it is not an automatic feature, they definitely know they are doing it.
Explaining you are simply a friendly neighbor, and they need not fear you are trying to "hack" their network, is just as important as explaining that what they are doing *is* illegal, as you have equal rights to use unlicensed airspace. 
The nursery should use encryption/authentication on their WLAN(s), as usual wifi protection, and limit their coverage to just their property...
(Edited)