If you implement WPA3, that has mandatory MFP/PMF/11w.
If you know when it happens, and where it happens (near which APs and at what signal strength), you may be able to determine the location within a few meters and catch this person. Be aware that some broken client devices may behave weird and send de-auths for itself. RFProtect may assist to more effectively detect (and alert) de-auths.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Mar 21, 2023 03:38 AM
From: GordonFresh
Subject: Preventing deauthentication attacks on controllers 7220/7205
I am helpless against some kiddy with backtrack who repeatedly uses aireplay-ng to deauthenticate legitimate users on my Wi-Fi work network.
I captured and analyzed the network traffic on my Wi-Fi work network, and I noticed a remarkable amount of 802.11 deauth packets. I realize it may not be possible to catch him, or even know where the attack came from.
I just want to know: Is there any way to prevent such an attack?
Perhaps it is possible to enable the IEEE 802.11w standard, also known as Management Frame Protection on my Aruba Controllers Cluster?
I have a cluster which consists of an Aruba Controllers 7220 and 7205.