By crmanski
Today I tried out a couple of the newer Linksys WAP200 wireless access points. These are a little more pricey than the older WAP54G that I’ve used. They include a lot more features such as: VLANs, Multiple SSIDs, expanded logging features, etc. The configuration is pretty much straight forward. The IP configure options have two more boxes for DNS servers configuration. These were not present in the older models. So thinking nothing too much it I filled those in, setup the security and some of the other options, made a backup and put them into the field. As the day was going on I noticed connections dropping to my DNS servers from my Big Brother system monitor. I received a huge logcheck email that was filled with tons of entries that looked like this…
System Events
=-=-=-=-=-=-=
May 22 14:02:03 legolas kernel: Inbound IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:70:30:46:54:08:00 src= DST= LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=61209 SEQ=16911
May 22 14:02:04 legolas kernel: Inbound IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:70:30:46:54:08:00 src= DST= LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=64780 SEQ=15654
May 22 14:02:05 legolas kernel: Inbound IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:70:30:46:54:08:00 src= DST= LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=64780 SEQ=15910
May 22 14:02:06 legolas kernel: Inbound IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:70:30:46:54:08:00 src= DST= LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=2324 SEQ=51481
May 22 14:02:07 legolas kernel: Inbound IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:70:30:46:54:08:00 src= DST= LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=2324 SEQ=51737
May 22 14:02:08 legolas kernel: Inbound IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:70:30:46:54:08:00 src= DST= LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=64780 SEQ=16678
May 22 14:02:09 legolas kernel: Inbound IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:70:30:46:54:08:00 src= DST= LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=64780 SEQ=16934
May 22 14:02:10 legolas kernel: Inbound IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:70:30:46:54:08:00 src= DST= LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=2324 SEQ=52505
May 22 14:02:11 legolas kernel: Inbound IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:70:30:46:54:08:00 src= DST= LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=21264 SEQ=26400
May 22 14:02:12 legolas kernel: Inbound IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:70:30:46:54:08:00 src= DST= LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=21264 SEQ=26656
May 22 14:02:13 legolas kernel: Inbound IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:70:30:46:54:08:00 src= DST= LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=64769 SEQ=38457
May 22 14:02:14 legolas kernel: Inbound IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:70:30:46:54:08:00 src= DST= LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=64769 SEQ=38713
After a few hours Big Brother looked like this for one of my DNS servers…
So to stop this insanity from happening to the network I removed the DNS entries from the network settings and the Default Gateway. The devices seem much quieter now.
Edit: Acutally this remedy did not work and the next morning I had the same problems. I sent these things back and got the older model (WAP54G) that is about 1/2 the price…