Migrate to WPA3 or Enhanced Open with Transition Mode disabled so that all your clients use PMF.
Original Message:
Sent: Sep 11, 2024 05:07 AM
From: Swan Support
Subject: RAPIDS "Omerta Attack" shows one of my Access Points as the attacker?
So, how can we mitigate the issue and stop the attacker? Do we have any other commands or options to get more insights about the attacker?
Original Message:
Sent: Apr 23, 2012 11:03 AM
From: Plane
Subject: RAPIDS "Omerta Attack" shows one of my Access Points as the attacker?
It is actually neither. The Omerta attack involves an attacker injecting disassociation frames to the network. When it does it spoofs the source MAC address to match the AP of association for that client. So if a client with MAC address 00 associates to an AP with MAC address AA the victim will be 00 and the attacker will be AA.
The naming is a litlte odd. In this case the attacker is spoofing a valid AP so we don't know the true MAC address of the attacker, just the spoofed one that matches the AP of association. Displaying this info as the attacker has some benefits. It allows you to see if the attacks are localized to a certain area or AP which can be difficult to coorelate if you only have the victim MAC address.