Wireless Access

last person joined: 18 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

"Power Save DoS Attack..." since upgrade

This thread has been viewed 2 times

  • 1.  "Power Save DoS Attack..." since upgrade

    Posted Sep 07, 2015 05:11 AM

    What is the impact of of these errors being reported, noticeably, since we upgraded to 6.3.1.17 form 6.3.1.2. 

     

    Power Save DoS Attack: An AP detected
    a Power Save DoS attack on client

     

    Also, grabbed these from a recently reported client with poor connectivity...

     

    Disconnect Station Attack: An AP
    detected a disconnect attack of client 

     

    and loads of these with it too...

     

    Sep 7 09:37:27 2015 ARUBA-LOCAL authmgr[3703]: <132093> <ERRS>
    <ARUBA-LOCAL > WPA2 Key message 2 from Station AP-04 did not match the replay
    counter 05 vs 07

     

    We have been getting reports of client not conecting, and Ive seen some very strange behaviour were clients are seeing good signal strength, but just wont joint the ssid....

     

    I have seen mention of this within the form, and advice to adjust one of the thresholds, as this  issue can be caused by over aggressing power saving clients.  But given that the only thing we have changed int he last 2 weeks is upgrading the controller, this links to when users say they have been seeing these issues, so I wonder if its a change in the threshold or a new feature, that didnt exist before...

     

    Could this explain the connectivity issue we are seeing with clients?



  • 2.  RE: "Power Save DoS Attack..." since upgrade

    EMPLOYEE
    Posted Sep 07, 2015 02:22 PM

    Yes and no.  A power save DOS attack is not necessarily common and in this situation, it could probably be a false positive.  The replay message is common in areas with poor RF, however.



  • 3.  RE: "Power Save DoS Attack..." since upgrade

    Posted Sep 08, 2015 03:20 AM

    I was hoping DoS may have been the reason why there seems to be lots of clients having issues, and also could expain some of the strange behaviour I have seen. 

     

    The explanation I had found of the error indicated that modern clients can be more aggressive when it comes to power saving, so the controller is seeing lots of diconnects/reconnects, so I assumed it may have been de-authing the clinet, or some other mechanism to block it from connecting. 

     

    There was a group of 4 laptops in the same area, all reporting excellent coverage, yet none of them would connect to the ssid, yet my laptop was fine.  No vlan, lease pool.. or other issues I could think of that could cause this issue, and not something I heard of or seen before we upgraded to .17.

     

    Ive also now turned off Client Match, in accordance witht he notes tagged to the .17 download page, which were not there when I was told to upgrade to it.....