Security

last person joined: 20 minutes ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Block deauth attack with Aruba WIPS

  • 1.  Block deauth attack with Aruba WIPS

    Posted May 27, 2014 11:06 PM
      |   view attached

    Hi community,

     

    How can i to block deauth attack from a Kali running computer not connected to my network? I can detect the attack with the IDS signature but i can't block it. I attach an image from the security dashboard. Thanks in advance.

     

     



  • 2.  RE: Block deauth attack with Aruba WIPS

    Posted May 27, 2014 11:17 PM

    What version of ArubaOS is this?

     



  • 3.  RE: Block deauth attack with Aruba WIPS

    Posted May 27, 2014 11:23 PM

    Aruba OS 6.3.1.7.



  • 4.  RE: Block deauth attack with Aruba WIPS

    Posted May 27, 2014 11:24 PM


  • 5.  RE: Block deauth attack with Aruba WIPS

    Posted May 27, 2014 11:48 PM

    Thanks but is already enabled and it doesn't work.



  • 6.  RE: Block deauth attack with Aruba WIPS

    Posted May 27, 2014 11:54 PM

    When you say "does not work" what do you mean?  What is happening and what do you want to prevent?  DOS protection can only protect a deauth attack on an access point, not a client.  Only MFP (802.11w) or management frame protection can specifically protect clients from such an attack.  Of course, the client has to support 802.11w and you need to run ArubaOS 6.4 for a complete solution: http://www.arubanetworks.com/techdocs/ArubaOS_64_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/VirtualAPs/SSID_Profiles.htm?Highlight=802.11w



  • 7.  RE: Block deauth attack with Aruba WIPS

    Posted Apr 24, 2017 10:54 AM

    Sorry to revive an old post, but this same question has recently come up with a customer I'm working with. 

     

    In the 802.11w (MFP) link, it states that MFP is not supported on VAPs that are using Tunnel forarding model. Why doesn't it work with Tunneled mode and just to clarify, that means its only supported while using Bridged mode?



  • 8.  RE: Block deauth attack with Aruba WIPS

    Posted Apr 10, 2019 12:51 PM

    "me too".   Even in AoS 8.4 it won't allow MFP to be enabled, much to the chagrin of the customer.  Why?  Workaround?



  • 9.  RE: Block deauth attack with Aruba WIPS

    Posted Apr 10, 2019 02:08 PM

    What encryption and forwarding mode are you using?  What client are you also using?