06-24-2015 08:12 PM
I have a large number of rogues hitting the default classification in RAPIDS.
On inspection the problems seems to be with OUI score..
My rules are something like this:
1) Rogues = >-75, OUI score between 2 and 4
2) Sus. Rogues = >-75, OUI score 1
3) Otherwise unclassified
So when I look at a particular example it should have a OUI score of 3:
$grep 00-0B-6B /usr/local/airwave/lib/perl/Mercury/OUI/updates/ou
"00-0B-6B","Wistron Neweb Corp.","Wistron Neweb Corp.","1","1","1",""
But it clearly hits rule 3 due to a score of 0, since signal is > -75.
Otherwise the rules work as I can change them and rogues get reclassified. Am I missing something about the way OUI score works or is this an issue?
06-24-2015 09:43 PM
Following up, it certainly seems to an issue with Airwave.
Any working rule that has any combination of OUI score added to it produces no matches. Min of 1 should match anything but matches nothing, looking very much like OUI is 0 regardless or a broken score.
06-30-2015 05:32 PM
Don't really have the 4 hours of unpaid time this typically takes.
I believe this qualifies as an old feature that has become broken through an update and was probably not included as part of any automated test routines.