Network Management

 View Only
last person joined: 22 hours ago 

Keep an informative eye on your network with HPE Aruba Networking network management solutions
Expand all | Collapse all

Broadcast Disassociation - FF:FF:FF:FF:FF:FF

This thread has been viewed 15 times
  • 1.  Broadcast Disassociation - FF:FF:FF:FF:FF:FF

    Posted Aug 15, 2022 01:50 PM

    I'm quite new to Aruba Wireless and trying to understand how to prevent/remedy these Disassociated Broadcast Attacks which are identified as exploits. 

    Currently Running Mobility Master>WLC's in a cluster on 8.7.16>Airwave is running and then we also have ClearPass.

    The biggest concern would be by sending disassociation frames to the broadcast address (FF:FF:FF:FF:FF:FF), an attacker can disconnect all stations on a network for a widespread DoS. It seems like it's happening from multiple MAC addresses within the "Attacker" column. Are these legitimate events/something I should look into more? How would I go about resolving this?

    Please let me know if any additional info might be needed.

    Thank you,
    Eric Berg

  • 2.  RE: Broadcast Disassociation - FF:FF:FF:FF:FF:FF
    Best Answer

    Posted Aug 15, 2022 03:16 PM
    In my experience, that signature is prone to false positives.

    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    HPE Design and Deploy Guides:

  • 3.  RE: Broadcast Disassociation - FF:FF:FF:FF:FF:FF

    Posted Aug 15, 2022 03:34 PM
    Ok that's good to know on this issue so I don't over analyze it.

    I've also discovered the Apple TV's broadcasting 00:25:00:ff:94:73 which seems to be part of the new "adhoc airplay" that Apple can do

    so getting all kinds of info that looks worrisome when it's not but that's good to know.