10-31-2016 10:48 AM
Again whilst investigating Airwave alerts I saw a huge number of Detect Malformed Frame-Large Duration from 02:00:00:00:00:00, about 10 000 a day, what are these and can they be ignored?
I've read the follwoing regarding changes in Android 6, though don't quite see how that correlates.
- To provide users with greater data protection, starting in this release, Android removes programmatic access to the device’s local hardware identifier for apps using the Wi-Fi and Bluetooth APIs. The WifiInfo.getMacAddress() and the BluetoothAdapter.getAddress() methods now return a constant value of 02:00:00:00:00:00.
Any light would be greatly appreciated.
Solved! Go to Solution.
10-31-2016 11:45 AM
11-01-2016 07:13 AM
I should have added that Airwave also reports Malformed Frame Large Duration attacks from MAC addresses other than 02:00:00:00:00:00 however these are considerably less in count. Is it still safe to turn off?
11-01-2016 07:50 AM
What version of ArubaOS
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
02-15-2017 06:54 AM
We have the same problem in our environment, with a packet capture I can see that a device(s) using this MAC address is requesting 29000 ms of airtime, which is an eternity. Anyway to correct this?