07-16-2009 12:08 PM
Every once in a while the DHCP/DNS server was DoS attacked and stop working. Sometime the guest network is down because this DoS attack.
Because the DHCP service is open to the public, anyone can associate to the guest essid and DHCP server will offer an ip address, does anyone have any better idea how to secure/improve this wireless guest access?
07-16-2009 01:27 PM
07-16-2009 03:22 PM
Deny inter-user bridging, inter-user traffic. - users can't communicate between each other. This prevents spoofing attacks.
Turn on DoS prevention on the SSID - blacklists clients for DoS attacks.
Protect your DHCP servers to only allow requests from clients on port 67.
07-16-2009 04:04 PM
Trihn was saying he's had DoS attacks were someone depleted his DHCP pool by sending many DHCP requests and taking all the addresses.
07-16-2009 05:15 PM
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
07-17-2009 07:30 AM
07-21-2009 02:16 PM
I was using DHCP server from my router and DNS was sent to the ISP. (We want to keep guest completely out from our business network) This is a bad configuration, because when the IP addresses from DHCP server was depleted and DoS was still going, DHCP server was still getting DHCP request, so it shutdown the guest network.
For the captive portal to function, both DNS and DHCP services must work before authentication; so DNS server can also be attacked the same way as DHCP server.
My solution (not a perfect one yet, but it helps): setup a dedicate DHCP and DNS server, so when the services are DoS attacked, the guest network is still working. Also as Greg suggestion, configure server to send alert script when the DHCP pool deplete.
Any better solutions any one?