Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Disconnect Station Attack: An AP detected a disconnect attack of client

  • 1.  Disconnect Station Attack: An AP detected a disconnect attack of client

    Posted Oct 29, 2015 06:21 PM

    We operate 2 x Aruba7220 (master & local) controllers running AOS 6.4.3.2 and deployed AP105/135/205 APs in various spaces.  Lately, an increasing number of clients are being constantly kicked off our reliable and secure Production-SSID to a slow and open Guest-SSID.  A closer inspection of the logs show a <WARN> of Disconnect Station Attack: An AP detected a disconnect attack of client.  Additional Info: Avg-Deauth-Disassoc-PktRate(pps):1.4; Interval(sec):10.  We use IDS default profile with IDS DoS default setting including  enabled Detect Disconnect Station Attack.  How best can we correct this situation?  



  • 2.  RE: Disconnect Station Attack: An AP detected a disconnect attack of client

    Posted Nov 03, 2015 06:42 PM

    You probably need to get at the root of your issue.  The Disconnect station attack can be subject to false positives.  We need to look at the RF to see what environments your clients are in and how your network is configured.



  • 3.  RE: Disconnect Station Attack: An AP detected a disconnect attack of client

    Posted Nov 03, 2015 08:23 PM

    Hello,

     

    Where do I go to look for this log?



  • 4.  RE: Disconnect Station Attack: An AP detected a disconnect attack of client

    Posted Nov 03, 2015 08:26 PM

    If you don't have the RF protect license, you won't see the message.  http://www.arubanetworks.com/products/security/wireless-intrusion-protection/