Wireless Access

last person joined: 2 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.

should I ever see hotspotter attacks from my own ssids?

  • 1.  should I ever see hotspotter attacks from my own ssids?

    Posted Aug 28, 2014 01:34 PM

    well, the title really says about half of it. I recently turned on the hotspotter checkbox on my controller, and I am being inundated with IDS events that certainly appear to be from my own APs/SSIDs. Is that a 'better' AP trying to lure a client from a 'worse' AP, or something nefarious? If benign, can I filter those out?

     

    Secondly, since xfinitywifi and CableWifi have done their thing, I added them as legit SSIDs. Should I still be getting IDS events - noth hotspotter and Valid Client Misassociation - from those SSIDs now?

     

    thanks,

     

    Russell