Wireless Access

Hello everyone,

I'm new to the forums and a beginner to intermediate in Aruba wireless tech, so hopefully I'm posting this in the right forum, and am not missing the answer right in front of me.

Recently while I was investigating some clients that were dropping from our wireless network, I came across the "Security" dashboard under our managed network on the MM. My eyes widened when I noticed that there were 100 events marked has high & medium in the last 24hrs. The majority of them are "Disconnect Station Attack" but there is a garden variety of other things being marked as well.

This high number of events per day goes back to Feb 2018, well before my time here, and I was wondering if this is a serious issue to look into or not. I would think that if these events were true, then there would be more reports going on, or someone in my position prior would have noticed these events or said something about them.

So, in general, are these events something I should take seriously, or are these more likely to be false positives being picked up? If they're false positives, is there a way to get the controllers and MM to not mark all of these events, so if something serious does occur we can find it faster?

We're currently running 8.3.0.7 on the controllers which an Aruba engineer recently told me should get updated due to it being quite old. Could this be a bug in the code that could be fixed with an update?

Much appreciated!

 

 

------------------------------
AH
------------------------------

"Disconnect Station attach" yields many false positives.  Either disable disconnect station attack detection in the IDS settings or ignore it completely.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Apr 16, 2021 02:13 PM
From: Alex Hanson
Subject: MM listing many security events daily

Hello everyone,

I'm new to the forums and a beginner to intermediate in Aruba wireless tech, so hopefully I'm posting this in the right forum, and am not missing the answer right in front of me.

Recently while I was investigating some clients that were dropping from our wireless network, I came across the "Security" dashboard under our managed network on the MM. My eyes widened when I noticed that there were 100 events marked has high & medium in the last 24hrs. The majority of them are "Disconnect Station Attack" but there is a garden variety of other things being marked as well.

This high number of events per day goes back to Feb 2018, well before my time here, and I was wondering if this is a serious issue to look into or not. I would think that if these events were true, then there would be more reports going on, or someone in my position prior would have noticed these events or said something about them.

So, in general, are these events something I should take seriously, or are these more likely to be false positives being picked up? If they're false positives, is there a way to get the controllers and MM to not mark all of these events, so if something serious does occur we can find it faster?

We're currently running 8.3.0.7 on the controllers which an Aruba engineer recently told me should get updated due to it being quite old. Could this be a bug in the code that could be fixed with an update?

Much appreciated!

 

 

------------------------------
AH
------------------------------