Security

Hi community,

How can i to block deauth attack from a Kali running computer not connected to my network? I can detect the attack with the IDS signature but i can't block it. I attach an image from the security dashboard. Thanks in advance.

What version of ArubaOS is this?

Aruba OS 6.3.1.7.

You can enable "DOS Protection" on your Virtual AP  http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/show_wlan_virtual_ap.htm

Thanks but is already enabled and it doesn't work.

When you say "does not work" what do you mean?  What is happening and what do you want to prevent?  DOS protection can only protect a deauth attack on an access point, not a client.  Only MFP (802.11w) or management frame protection can specifically protect clients from such an attack.  Of course, the client has to support 802.11w and you need to run ArubaOS 6.4 for a complete solution: http://www.arubanetworks.com/techdocs/ArubaOS_64_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/VirtualAPs/SSID_Profiles.htm?Highlight=802.11w

Sorry to revive an old post, but this same question has recently come up with a customer I'm working with. 

In the 802.11w (MFP) link, it states that MFP is not supported on VAPs that are using Tunnel forarding model. Why doesn't it work with Tunneled mode and just to clarify, that means its only supported while using Bridged mode?

"me too".   Even in AoS 8.4 it won't allow MFP to be enabled, much to the chagrin of the customer.  Why?  Workaround?

What encryption and forwarding mode are you using?  What client are you also using?