Wireless Access

 View Only
last person joined: 10 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Block Hotspot

This thread has been viewed 43 times

  • 1.  Block Hotspot

    Posted Feb 08, 2023 01:09 AM
      |   view attached
    Hi All,

    How do I block hotspot via WIDS or WIPS? Is it sufficient to enable the option which listed in the attachment or any more options required? 
    Any document on hotspot blocking I appreciate that.



    Cheers,
    Santhosh


  • 2.  RE: Block Hotspot

    EMPLOYEE
    Posted Feb 08, 2023 09:36 AM
    What you've got is aimed at ad-hoc and Windows Internet Sharing, neither of which are typical characteristics of a hotspot device.  At best a hotspot should be detected as a suspected rogue based on the signal strength, and any kind of automation would likely require AirWave for the additional rules and processing.

    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------

    Original Message


  • 3.  RE: Block Hotspot

    Posted Feb 08, 2023 11:52 AM
    Hi Santhosh,


    Please share what u have done while configuring wips and wids .

    Do you have dedicated Air Monitor ??

    Do you have RF Protect license installed ??

    Have u don't trapit for the valid station ?

    Kindly share the settings what u have done in wips wizard ??

     Have you configure the threshold for the confidence level ?

    Please share i can suggest you the best practices for the rogue ap containment .

    Best Regards,

    Rashed Basuleman


     




    Original Message


  • 4.  RE: Block Hotspot

    Posted Feb 09, 2023 12:13 PM

    Hi @chulcher and @rashedbuleman

                   Thanks for your response. I coordinated with the team to block hotspot and we try to implement air monitor in one of the AP's, but AP fails to boot as AM.  To block the hotspot one solution is tarpit containment and another is spectrum analysis & block interference. However, I'm waiting for the response from the team to get the updates. @chulcher can you share any links or docs to know airwave WIPS policy for hotspot blocking. Once i connected with my team, I will share the policy screenshot.

    -------------------------------------------



  • 5.  RE: Block Hotspot

    EMPLOYEE
    Posted Feb 09, 2023 12:18 PM

    I don't know of a specific guide, you'd have to create a set of conditions that match your environment and go from there.

    But be aware, intentionally blocking another's use of the spectrum is potentially illegal.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------

    Original Message


  • 6.  RE: Block Hotspot

    EMPLOYEE
    Posted Feb 14, 2023 05:08 AM

    What is it that you want to protect from? Or what risk do you want to mitigate?

    It may start by defining what you consider a hotspot. Would that be any SSID that is not your own, like any network of your neigbours? Or would that be a phone acting as a WiFi AP to provide cellular data connectivity? Or would that be an AP that someone puts in your network?

    And if you know this, would you want to block it for everyone (see remark about legal implications), or do just you want your own employees not to connect to the hotspot?

    And if you know that, how would you like to expect the network to behave as soon as your clients move outside of the coverage area of your own APs? There you can't do any protection, which means the solution would be quite close.

    Note that with WPA3 it is no longer possible to disconnect clients.

    Answering the question may not be as simple... your Aruba partner or local Aruba SE may be a good candidate to discuss the actual problem you try to solve and the possible solutions.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 7.  RE: Block Hotspot

    Posted Feb 14, 2023 06:08 AM
    Helo Herman,

    Let's take.one scenario that some one spoofing my AP Mac and trying to broadcast my same ssid which exist and trying my clients to connect to the spooofed mac id ap and trying to collect my data and hashes in this scenario what the settings we need to do in ssid wise and ids profile settings .

    Thanks in advance...


    Best Regards,

    Rashed Basuleman


     




    Original Message


  • 8.  RE: Block Hotspot

    EMPLOYEE
    Posted Feb 16, 2023 08:45 AM

    I would personally not define that as a hotspot but more AP/network impersonation. Here is a description for the different Wireless IDS/IPS options. And your would need 'Detect SSID misuse (detection)' and/or 'Protect SSID (Protect SSID enforces that valid or protected SSIDs are used only by valid APs. An offending AP is contained by preventing clients from associating to it.)' to detect and protect your own SSIDs.
    And you can consider 'Protect valid clients' as well (Protecting a valid client involves disconnecting that client if it is associated to a non-valid AP)

    Note that as soon as your clients move outside of the reach of your network, there is no detection or control anymore. Please consult your legal advisor before you start doing protection, because that may violate the law in some countries.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message