********************************************************************************************************* 1/27/2015 15:15:32 PM Target: AP01-WARWICK-18:64:72:c5:6e:b0 Command: show version ********************************************************************************************************* Aruba Operating System Software. ArubaOS (MODEL: 225), Version 6.4.2.0-4.1.1.0 Website: http://www.arubanetworks.com Copyright (c) 2002-2014, Aruba Networks, Inc. Compiled on 2014-09-17 at 07:10:58 PDT (build 46028) by p4build AP uptime is 4 days 17 hours 22 minutes 38 seconds Reboot Time and Cause: unknown ********************************************************************************************************* 1/27/2015 15:09:08 PM Target: AP01-WARWICK-18:64:72:c5:6e:b0 Command: show log security ********************************************************************************************************* Jan 27 15:06:39 stm[2639]: <132094> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| MIC failed in WPA2 Key Message 2 from Station 0c:8b:fd:a1:cc:05 18:64:72:d6:eb:10 AP01-WARWICK-18:64:72:c5:6e:b0 Jan 27 15:06:46 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=172.16.0.31 srcport=49175 dstip=172.16.1.255 dstport=8612, action=deny Jan 27 15:06:50 stm[2639]: <132094> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| MIC failed in WPA2 Key Message 2 from Station 6c:88:14:08:55:7c 18:64:72:d6:eb:00 AP01-WARWICK-18:64:72:c5:6e:b0 Jan 27 15:06:53 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=172.16.0.31 srcport=63516 dstip=172.16.1.255 dstport=8612, action=deny Jan 27 15:06:53 stm[2639]: <132094> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| MIC failed in WPA2 Key Message 2 from Station 6c:88:14:08:55:7c 18:64:72:d6:eb:00 AP01-WARWICK-18:64:72:c5:6e:b0 Jan 27 15:07:00 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=172.16.0.31 srcport=52071 dstip=172.16.1.255 dstport=8612, action=deny Jan 27 15:07:02 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=172.16.0.116 srcport=51035 dstip=10.44.22.25 dstport=53, action=deny Jan 27 15:07:03 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=172.16.0.116 srcport=51040 dstip=10.44.22.25 dstport=53, action=deny Jan 27 15:07:03 stm[2639]: <132094> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| MIC failed in WPA2 Key Message 2 from Station 6c:88:14:b6:69:3c 18:64:72:d6:eb:10 AP01-WARWICK-18:64:72:c5:6e:b0 Jan 27 15:07:04 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=172.16.0.116 srcport=51045 dstip=10.44.22.25 dstport=53, action=deny Jan 27 15:07:04 stm[2639]: <132094> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| MIC failed in WPA2 Key Message 2 from Station 6c:88:14:b6:69:3c 18:64:72:d6:eb:10 AP01-WARWICK-18:64:72:c5:6e:b0 Jan 27 15:07:07 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=172.16.0.31 srcport=52066 dstip=172.16.1.255 dstport=8612, action=deny Jan 27 15:07:07 stm[2639]: <132094> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| MIC failed in WPA2 Key Message 2 from Station 6c:88:14:b6:69:3c 18:64:72:d6:eb:10 AP01-WARWICK-18:64:72:c5:6e:b0 Jan 27 15:07:09 stm[2639]: <132094> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| MIC failed in WPA2 Key Message 2 from Station a4:4e:31:5d:66:44 18:64:72:d6:eb:10 AP01-WARWICK-18:64:72:c5:6e:b0 Jan 27 15:07:14 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=172.16.0.31 srcport=56393 dstip=172.16.1.255 dstport=8612, action=deny Jan 27 15:07:21 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=172.16.0.31 srcport=58416 dstip=172.16.1.255 dstport=8612, action=deny Jan 27 15:07:27 stm[2639]: <132094> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| MIC failed in WPA2 Key Message 2 from Station 6c:88:14:d6:b7:84 18:64:72:d6:eb:10 AP01-WARWICK-18:64:72:c5:6e:b0 Jan 27 15:07:28 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=172.16.0.31 srcport=59997 dstip=172.16.1.255 dstport=8612, action=deny Jan 27 15:07:29 stm[2639]: <132094> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| MIC failed in WPA2 Key Message 2 from Station 6c:88:14:d6:b7:84 18:64:72:d6:eb:10 AP01-WARWICK-18:64:72:c5:6e:b0 Jan 27 15:07:30 sapd[2634]: <127064> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 sapd| |ids-ap| AP(18:64:72:d6:eb:10): Client Flood Attack: An AP detected that the number of potential fake clients observed across all bands has exceeded the configured IDS threshold. Additional Info: Potential-Fake-Clients:256. Jan 27 15:07:30 sapd[2634]: <127064> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 sapd| |ids-ap| AP(18:64:72:d6:eb:00): Client Flood Attack: An AP detected that the number of potential fake clients observed across all bands has exceeded the configured IDS threshold. Additional Info: Potential-Fake-Clients:256. Jan 27 15:07:32 stm[2639]: <132094> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| MIC failed in WPA2 Key Message 2 from Station 6c:88:14:d6:b7:84 18:64:72:d6:eb:10 AP01-WARWICK-18:64:72:c5:6e:b0 Jan 27 15:07:35 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=172.16.0.31 srcport=57834 dstip=172.16.1.255 dstport=8612, action=deny Jan 27 15:07:43 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=172.16.0.31 srcport=56969 dstip=172.16.1.255 dstport=8612, action=deny Jan 27 15:07:43 stm[2639]: <132094> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| MIC failed in WPA2 Key Message 2 from Station 0c:8b:fd:a1:cc:05 18:64:72:d6:eb:10 AP01-WARWICK-18:64:72:c5:6e:b0 Jan 27 15:07:48 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=10.144.22.11 srcport=67 dstip=172.16.1.179 dstport=68, action=deny Jan 27 15:07:50 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=172.16.0.31 srcport=62802 dstip=172.16.1.255 dstport=8612, action=deny Jan 27 15:07:57 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=172.16.0.31 srcport=63376 dstip=172.16.1.255 dstport=8612, action=deny Jan 27 15:07:58 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| TCP srcip=79.125.22.208 srcport=5223 dstip=172.16.1.233 dstport=60689, action=deny Jan 27 15:08:04 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=172.16.0.31 srcport=60740 dstip=172.16.1.255 dstport=8612, action=deny Jan 27 15:08:11 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=172.16.0.31 srcport=57847 dstip=172.16.1.255 dstport=8612, action=deny Jan 27 15:08:11 stm[2639]: <132094> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| MIC failed in WPA2 Key Message 2 from Station 6c:88:14:b6:69:3c 18:64:72:d6:eb:10 AP01-WARWICK-18:64:72:c5:6e:b0 Jan 27 15:08:13 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| TCP srcip=79.125.22.208 srcport=5223 dstip=172.16.1.233 dstport=60689, action=deny Jan 27 15:08:13 stm[2639]: <132094> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| MIC failed in WPA2 Key Message 2 from Station 6c:88:14:b6:69:3c 18:64:72:d6:eb:10 AP01-WARWICK-18:64:72:c5:6e:b0 Jan 27 15:08:17 stm[2639]: <132094> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| MIC failed in WPA2 Key Message 2 from Station 0c:8b:fd:b9:73:c3 18:64:72:d6:eb:10 AP01-WARWICK-18:64:72:c5:6e:b0 Jan 27 15:08:18 stm[2639]: <132094> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| MIC failed in WPA2 Key Message 2 from Station a4:4e:31:5d:66:44 18:64:72:d6:eb:10 AP01-WARWICK-18:64:72:c5:6e:b0 Jan 27 15:08:18 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=172.16.0.31 srcport=56307 dstip=172.16.1.255 dstport=8612, action=deny Jan 27 15:08:19 stm[2639]: <132094> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| MIC failed in WPA2 Key Message 2 from Station 0c:8b:fd:b9:73:c3 18:64:72:d6:eb:10 AP01-WARWICK-18:64:72:c5:6e:b0 Jan 27 15:08:19 stm[2639]: <132094> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| MIC failed in WPA2 Key Message 2 from Station a4:4e:31:5d:66:44 18:64:72:d6:eb:10 AP01-WARWICK-18:64:72:c5:6e:b0 Jan 27 15:08:20 stm[2639]: <132094> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| MIC failed in WPA2 Key Message 2 from Station 0c:8b:fd:b9:73:c3 18:64:72:d6:eb:10 AP01-WARWICK-18:64:72:c5:6e:b0 WPA2 Key Message 2 from Station 0c:8b:fd:b9:73:c3 18:64:72:d6:eb:10 AP01-WARWICK-18:64:72:c5:6e:b0 Jan 27 15:08:22 stm[2639]: <132094> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| MIC failed in WPA2 Key Message 2 from Station a4:4e:31:5d:66:44 18:64:72:d6:eb:10 AP01-WARWICK-18:64:72:c5:6e:b0 Jan 27 15:08:25 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=172.16.0.31 srcport=59425 dstip=172.16.1.255 dstport=8612, action=deny Jan 27 15:08:32 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=172.16.0.31 srcport=53627 dstip=172.16.1.255 dstport=8612, action=deny Jan 27 15:08:36 stm[2639]: <132094> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| MIC failed in WPA2 Key Message 2 from Station 6c:88:14:d6:b7:84 18:64:72:d6:eb:10 AP01-WARWICK-18:64:72:c5:6e:b0 Jan 27 15:08:39 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=172.16.0.31 srcport=57881 dstip=172.16.1.255 dstport=8612, action=deny Jan 27 15:08:40 stm[2639]: <132094> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| MIC failed in WPA2 Key Message 2 from Station 6c:88:14:d6:b7:84 18:64:72:d6:eb:10 AP01-WARWICK-18:64:72:c5:6e:b0 Jan 27 15:08:44 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=172.16.0.125 srcport=68 dstip=172.16.0.1 dstport=67, action=deny Jan 27 15:08:46 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=172.16.0.31 srcport=59487 dstip=172.16.1.255 dstport=8612, action=deny Jan 27 15:08:49 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=10.144.22.11 srcport=67 dstip=172.16.0.219 dstport=68, action=deny Jan 27 15:08:52 stm[2639]: <132094> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| MIC failed in WPA2 Key Message 2 from Station 0c:8b:fd:a1:cc:05 18:64:72:d6:eb:10 AP01-WARWICK-18:64:72:c5:6e:b0 Jan 27 15:08:54 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=172.16.0.31 srcport=63458 dstip=172.16.1.255 dstport=8612, action=deny Jan 27 15:08:54 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=10.144.22.11 srcport=67 dstip=172.16.0.219 dstport=68, action=deny Jan 27 15:08:55 stm[2639]: <132094> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| MIC failed in WPA2 Key Message 2 from Station 0c:8b:fd:a1:cc:05 18:64:72:d6:eb:10 AP01-WARWICK-18:64:72:c5:6e:b0 Jan 27 15:08:58 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=10.144.22.11 srcport=67 dstip=172.16.0.219 dstport=68, action=deny Jan 27 15:09:01 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=172.16.0.31 srcport=52404 dstip=172.16.1.255 dstport=8612, action=deny Jan 27 15:09:02 stm[2639]: <124006> |AP AP01-WARWICK-18:64:72:c5:6e:b0@10.144.22.11 stm| UDP srcip=10.144.22.11 srcport=67 dstip=172.16.0.219 dstport=68, action=deny ********************************************************************************************************* 1/27/2015 15:15:32 PM Target: AP02-WARWICK-18:64:72:c5:47:16 Command: show version ********************************************************************************************************* Aruba Operating System Software. ArubaOS (MODEL: 225), Version 6.4.2.0-4.1.1.0 Website: http://www.arubanetworks.com Copyright (c) 2002-2014, Aruba Networks, Inc. Compiled on 2014-09-17 at 07:10:58 PDT (build 46028) by p4build AP uptime is 2 days 15 hours 41 minutes 26 seconds Reboot Time and Cause: AP rebooted Sat Jan 24 23:33:26 UTC 2015; master transitioned to local (new master 10.144.22.16, uplink flaps 0, max beacon miss 8) ********************************************************************************************************* 1/27/2015 15:09:08 PM Target: AP02-WARWICK-18:64:72:c5:47:16 Command: show log security ********************************************************************************************************* Jan 27 15:05:04 stm[2522]: <132094> |AP AP02-WARWICK-18:64:72:c5:47:16@10.144.22.12 stm| MIC failed in WPA2 Key Message 2 from Station fc:f8:ae:5a:21:43 18:64:72:d4:71:70 AP02-WARWICK-18:64:72:c5:47:16 Jan 27 15:05:05 stm[2522]: <132094> |AP AP02-WARWICK-18:64:72:c5:47:16@10.144.22.12 stm| MIC failed in WPA2 Key Message 2 from Station 0c:8b:fd:f1:55:9a 18:64:72:d4:71:70 AP02-WARWICK-18:64:72:c5:47:16 Jan 27 15:05:06 stm[2522]: <132094> |AP AP02-WARWICK-18:64:72:c5:47:16@10.144.22.12 stm| MIC failed in WPA2 Key Message 2 from Station fc:f8:ae:5a:21:43 18:64:72:d4:71:70 AP02-WARWICK-18:64:72:c5:47:16 Jan 27 15:05:06 stm[2522]: <124006> |AP AP02-WARWICK-18:64:72:c5:47:16@10.144.22.12 stm| TCP srcip=92.123.82.217 srcport=443 dstip=172.16.1.90 dstport=56431, action=deny Jan 27 15:05:07 stm[2522]: <132094> |AP AP02-WARWICK-18:64:72:c5:47:16@10.144.22.12 stm| MIC failed in WPA2 Key Message 2 from Station 0c:8b:fd:f1:55:9a 18:64:72:d4:71:70 AP02-WARWICK-18:64:72:c5:47:16 Jan 27 15:05:07 stm[2522]: <132094> |AP AP02-WARWICK-18:64:72:c5:47:16@10.144.22.12 stm| MIC failed in WPA2 Key Message 2 from Station fc:f8:ae:5a:21:43 18:64:72:d4:71:70 AP02-WARWICK-18:64:72:c5:47:16 Jan 27 15:05:07 stm[2522]: <124006> |AP AP02-WARWICK-18:64:72:c5:47:16@10.144.22.12 stm| TCP srcip=92.123.82.217 srcport=443 dstip=172.16.1.90 dstport=56432, action=deny Jan 27 15:05:08 stm[2522]: <132094> |AP AP02-WARWICK-18:64:72:c5:47:16@10.144.22.12 stm| MIC failed in WPA2 Key Message 2 from Station 0c:8b:fd:f1:55:9a 18:64:72:d4:71:70 AP02-WARWICK-18:64:72:c5:47:16 Jan 27 15:05:09 stm[2522]: <132094> |AP AP02-WARWICK-18:64:72:c5:47:16@10.144.22.12 stm| MIC failed in WPA2 Key Message 2 from Station fc:f8:ae:5a:21:43 18:64:72:d4:71:70 AP02-WARWICK-18:64:72:c5:47:16 Jan 27 15:05:10 stm[2522]: <132094> |AP AP02-WARWICK-18:64:72:c5:47:16@10.144.22.12 stm| MIC failed in WPA2 Key Message 2 from Station 0c:8b:fd:f1:55:9a 18:64:72:d4:71:70 AP02-WARWICK-18:64:72:c5:47:16 Jan 27 15:05:20 stm[2522]: <132094> |AP AP02-WARWICK-18:64:72:c5:47:16@10.144.22.12 stm| MIC failed in WPA2 Key Message 2 from Station fc:f8:ae:5a:0d:5c 18:64:72:d4:71:70 AP02-WARWICK-18:64:72:c5:47:16 Jan 27 15:05:43 stm[2522]: <132094> |AP AP02-WARWICK-18:64:72:c5:47:16@10.144.22.12 stm| MIC failed in WPA2 Key Message 2 from Station f8:16:54:ae:85:6c 18:64:72:d4:71:70 AP02-WARWICK-18:64:72:c5:47:16 Jan 27 15:05:47 stm[2522]: <132094> |AP AP02-WARWICK-18:64:72:c5:47:16@10.144.22.12 stm| MIC failed in WPA2 Key Message 2 from Station 84:3a:4b:4b:1d:90 18:64:72:d4:71:60 AP02-WARWICK-18:64:72:c5:47:16 Jan 27 15:05:47 stm[2522]: <132094> |AP AP02-WARWICK-18:64:72:c5:47:16@10.144.22.12 stm| MIC failed in WPA2 Key Message 2 from Station f8:16:54:ae:85:6c 18:64:72:d4:71:70 AP02-WARWICK-18:64:72:c5:47:16 Jan 27 15:05:48 stm[2522]: <132094> |AP AP02-WARWICK-18:64:72:c5:47:16@10.144.22.12 stm| MIC failed in WPA2 Key Message 2 from Station 84:3a:4b:4b:1d:90 18:64:72:d4:71:60 AP02-WARWICK-18:64:72:c5:47:16 Jan 27 15:05:50 stm[2522]: <124006> |AP AP02-WARWICK-18:64:72:c5:47:16@10.144.22.12 stm| UDP srcip=10.144.22.12 srcport=67 dstip=172.16.0.70 dstport=68, action=deny Jan 27 15:05:51 stm[2522]: <132094> |AP AP02-WARWICK-18:64:72:c5:47:16@10.144.22.12 stm| MIC failed in WPA2 Key Message 2 from Station 84:3a:4b:4b:1d:90 18:64:72:d4:71:60 AP02-WARWICK-18:64:72:c5:47:16 Jan 27 15:05:52 stm[2522]: <124006> |AP AP02-WARWICK-18:64:72:c5:47:16@10.144.22.12 stm| UDP srcip=172.16.0.165 srcport=68 dstip=172.16.0.1 dstport=67, action=deny Jan 27 15:05:58 stm[2522]: <124006> |AP AP02-WARWICK-18:64:72:c5:47:16@10.144.22.12 stm| UDP srcip=10.144.22.12 srcport=67 dstip=172.16.0.70 dstport=68, action=deny Jan 27 15:06:10 stm[2522]: <124006> |AP AP02-WARWICK-18:64:72:c5:47:16@10.144.22.12 stm| TCP srcip=17.110.226.9 srcport=443 dstip=172.16.1.124 dstport=54923, action=deny