Wireless Access

Reply
Contributor I
Posts: 50
Registered: ‎05-15-2012

Block deauth attack with Aruba WIPS

Hi community,

 

How can i to block deauth attack from a Kali running computer not connected to my network? I can detect the attack with the IDS signature but i can't block it. I attach an image from the security dashboard. Thanks in advance.

 

 

Guru Elite
Posts: 21,037
Registered: ‎03-29-2007

Re: Block deauth attack with Aruba WIPS

What version of ArubaOS is this?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 50
Registered: ‎05-15-2012

Re: Block deauth attack with Aruba WIPS

Aruba OS 6.3.1.7.

Guru Elite
Posts: 21,037
Registered: ‎03-29-2007

Re: Block deauth attack with Aruba WIPS

You can enable "DOS Protection" on your Virtual AP  http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/show_wlan_virtual_ap.htm

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 50
Registered: ‎05-15-2012

Re: Block deauth attack with Aruba WIPS

Thanks but is already enabled and it doesn't work.

Guru Elite
Posts: 21,037
Registered: ‎03-29-2007

Re: Block deauth attack with Aruba WIPS

When you say "does not work" what do you mean?  What is happening and what do you want to prevent?  DOS protection can only protect a deauth attack on an access point, not a client.  Only MFP (802.11w) or management frame protection can specifically protect clients from such an attack.  Of course, the client has to support 802.11w and you need to run ArubaOS 6.4 for a complete solution: http://www.arubanetworks.com/techdocs/ArubaOS_64_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/VirtualAPs/SSID_Profiles.htm?Highlight=802.11w



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 376
Registered: ‎05-09-2013

Re: Block deauth attack with Aruba WIPS

Sorry to revive an old post, but this same question has recently come up with a customer I'm working with. 

 

In the 802.11w (MFP) link, it states that MFP is not supported on VAPs that are using Tunnel forarding model. Why doesn't it work with Tunneled mode and just to clarify, that means its only supported while using Bridged mode?


Michael Haring | Senior Network Engineer
Comm Solutions, an Optiv Security Company
www.commsolutions.com | www.optiv.com
Search Airheads
Showing results for 
Search instead for 
Did you mean: