Wireless Access

Reply
Contributor I

Block deauth attack with Aruba WIPS

Hi community,

 

How can i to block deauth attack from a Kali running computer not connected to my network? I can detect the attack with the IDS signature but i can't block it. I attach an image from the security dashboard. Thanks in advance.

 

 

Guru Elite

Re: Block deauth attack with Aruba WIPS

What version of ArubaOS is this?

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Contributor I

Re: Block deauth attack with Aruba WIPS

Aruba OS 6.3.1.7.

Guru Elite

Re: Block deauth attack with Aruba WIPS

You can enable "DOS Protection" on your Virtual AP  http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/show_wlan_virtual_ap.htm

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Contributor I

Re: Block deauth attack with Aruba WIPS

Thanks but is already enabled and it doesn't work.

Guru Elite

Re: Block deauth attack with Aruba WIPS

When you say "does not work" what do you mean?  What is happening and what do you want to prevent?  DOS protection can only protect a deauth attack on an access point, not a client.  Only MFP (802.11w) or management frame protection can specifically protect clients from such an attack.  Of course, the client has to support 802.11w and you need to run ArubaOS 6.4 for a complete solution: http://www.arubanetworks.com/techdocs/ArubaOS_64_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/VirtualAPs/SSID_Profiles.htm?Highlight=802.11w


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase

Re: Block deauth attack with Aruba WIPS

Sorry to revive an old post, but this same question has recently come up with a customer I'm working with. 

 

In the 802.11w (MFP) link, it states that MFP is not supported on VAPs that are using Tunnel forarding model. Why doesn't it work with Tunneled mode and just to clarify, that means its only supported while using Bridged mode?



Michael Haring
If my answer is helpful, a Kudos is always appreciated!
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: