Wireless Access

 View Only
last person joined: 15 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Aruba Central - Deauth and fake AP attacks on Aruba APs

This thread has been viewed 9 times
  • 1.  Aruba Central - Deauth and fake AP attacks on Aruba APs

    Posted May 17, 2022 01:02 PM
    After a pentest audit, our APs have been detected to be vulnerable to Fake AP and deauthentication attacks. Is there something which we can do to avoid these attacks? I am checking the IDS Protection configuration, and I have the following commands protections enabled:


    Any idea about if it is possible to stop these attacks? Thanks.

  • 2.  RE: Aruba Central - Deauth and fake AP attacks on Aruba APs

    Posted May 20, 2022 10:38 AM
    A good pentest should include suggestions on how the impact/importance of the detection, how to fix these issues or manage the risk associated to it. Did you get such guidance?

    Deauthentication attacks are part of the WLAN standard and fixed in WPA3 with mandatory Management Frame Protection (PMF/MFP). Further you can detect deauths with the IDS, but be prepared for false-positives.
    FakeAP attacks are not really an infrastructure issue, more a client configuration issue. Clients should reject connections to a fake/rogue AP. The protect-ssid / protect-ap-impersonation are probably best you can do, if you follow up on attacks.

    Herman Robers
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.