Blocking client connecting to an ssid Windows Bridging

Topic

Hello,
Can Stellar in Enterprise mode, block valid clients connecting to an SSID created by Windows Bridging(hotspot software like connectify)? In my setup stellar was not able to classify it as rouge. Further I manually added the SSID as Rouge, still clients were able to connect to it.

Date
20.02.2019
answers
6
views
54
Author
Asked by dengling

Answers

The feature works but I have realized that takes at least 1 hour to detect and react against a simple attack like too many Authentication fails in a period of time that you can set on the WIPS Policy, during my tests the attack was detected and cancelled automatically but after almost 1 hour, I'm talking with the Dev Team about this huge delay which turns this feature non reliable to protect the network.

Date
20.02.2019
Author
Add Comment
Vote

I had some success with newer code (3.0.2.x): I put an AP1101 at home at test, and forgot to turn out the automatic enforcement. Result: I got kicked out from my home AP every now and then :)

Date
20.02.2019
Author
Add Comment
Vote

OV running on 4.2.2 R01-81 AP on 3.0.0.63

Date
20.02.2019
Author
Asked by dengling
Add Comment
Vote

Did those tests with older code and I could not get it to work too.

Date
20.02.2019
Author
Asked by ahbekka
Add Comment
Vote

Attack Policy set to High and Dynamic Client Black List enabled while testing...Still the issue..

Date
20.02.2019
Author
Asked by dengling
Add Comment
Vote

Hi, There is 2 conditions to the WIPS be able to cancel automatically a threat: First edit the Client and/or AP attack policy to the appropriate level and the attack you want to cancel be part of the attacks data base. Second you need to enable the “Dynamic Client Black List” So In this case please be sure that the AP WIPS policy includes enabled the Wireless Bridge attack and the Dynamic Client Blacklist is enabled and let us know

Date
20.02.2019
Author
Add Comment
Vote