Security

Reply

Has anyone noticed how bad clearpass is at detecting Amazon Echo/Kindle devices

I've had a fair amount of success at rolling out custom fingerprints for devices connected to our wpa2-psk network.... with the exception of Amazon devices.. 

 

I seem to have 3 million ( well perhaps not that number) of devices that are identifed at Amazon Kindles, when I'm fairly sure they're not.  As an example when a user registers a device for our PSK network they have to tell us what it is. .. there's an awful lot of people registering what they say are amazon echos when clearpass thinks they are kindle devices.

 

Looknig at one such device, the user agent string says 

{"dhcp": {"option55": ["1,33,3,6,15,28,51,58,59,119"], "option60": ["dhcpcd-6.8.2:Linux-4.4.22+:armv7l:MT8167B"], "options": ["53,50,57,60,-111,55"]}, "host": {"mac_vendor": ["Amazon Technologies Inc."], "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.82 Safari/537.36"}}

So does the KHTML imply its a Kindle ?

 


Accepted Solutions
Highlighted
Moderator

Re: Has anyone noticed how bad clearpass is at detecting Amazon Echo/Kindle devices

They share the same fingerprint (similar to many Apple TVs and iPhones). Advanced fingerprinting would be required to detect this (CPDI).


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

View solution in original post


All Replies
Highlighted

Re: Has anyone noticed how bad clearpass is at detecting Amazon Echo/Kindle devices

Did you do some fingerprint override?

 

The mac-vendor in this example is  ["Amazon Technologies Inc."] are you sure this is not a kindle? can you give another example of a "false" kindle?



- - - - Aruba ACCX #748, ACDX #758, ACMP, ACEAP | HPE Master ASE - - - -
- - - - - - - Feel free to give kudos or accept as a solution! - - - - - - - - -
Highlighted
Moderator

Re: Has anyone noticed how bad clearpass is at detecting Amazon Echo/Kindle devices

They share the same fingerprint (similar to many Apple TVs and iPhones). Advanced fingerprinting would be required to detect this (CPDI).


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

View solution in original post

Highlighted

Re: Has anyone noticed how bad clearpass is at detecting Amazon Echo/Kindle devices

i do custom things yes, but not when it comes to amazon devices

 

Amazon Echo is the usual thing.

 

A while back I bought a brand new amazon echo ... first the OUI wasn't in the clearpass known list ... so got aruba to add it. ... and then clearpas came back and said the Echo on my desk was a kindle :-(

 

Always very twitchy about believing clearpas when it comes to different Amazon devices

A

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: