Jump to content

Detection by Cisco / Aruba


ZeteMkaa

Recommended Posts

Hi All,

I've done some test at our clients and it seems that Aruba and Cisco devices are unable to detect a rogue Jasager in there network. We first added a Sitecom router to their network which was detected in about 5 minutes. After that we planted the Jasager in there network but they where unable to detect this rogue accesspoint.

Are there any techniques in place that prevents Cisco/Aruba devices from detecting the Jasager ?

Thanks in advance.

Niels

Edited by ZeteMkaa
Link to comment
Share on other sites

Hi All,

I've done some test at our clients and it seems that Aruba and Cisco devices are unable to detect a rogue Jasager in there network. We first added a Sitecom router to their network which was detected in about 5 minutes. After that we planted the Jasager in there network but they where unable to detect this rogue accesspoint.

Are there any techniques in place that prevents Cisco/Aruba devices from detecting the Jasager ?

Thanks in advance.

Niels

Just to clarify, are you asking of we have taken direct steps to hide the Jasager from Cisco/Aruba devices?

In that case, the answer is no. We haven't targeted those companies to "hide" from their detection. My guess is that it is how Karma responds to probe requests. The Cisco/Aruba systems simply don't check for the right things to verify the AP -- or so it seems. I have never tried.

Link to comment
Share on other sites

Thx for your reply.

So the lack of detection is because they do not check for different MAC adresses outside their vendor pool but have them check on SSID and attack options.

Found it strange that both vendors were uncapable of detecting such a rogue device, but i love it :D

So setting up a whitelist and detecting the rest would be a solution to prevent Jasagers ?

Link to comment
Share on other sites

I am receiving my (completely free!) meraki access point today. It has a featured called "Air Marshal" which is their WIPS (zomg what an awesome name for it right?!). I will be testing karma on the raspberry pi along with the mark3 and mark4 pineapples extensively this weekend and in the coming weeks. Stay tuned!

telot

Link to comment
Share on other sites

Hi All,

I've done some test at our clients and it seems that Aruba and Cisco devices are unable to detect a rogue Jasager in there network. We first added a Sitecom router to their network which was detected in about 5 minutes. After that we planted the Jasager in there network but they where unable to detect this rogue accesspoint.

Are there any techniques in place that prevents Cisco/Aruba devices from detecting the Jasager ?

Thanks in advance.

Niels

This is actually something that I have been working on over the last week or two (specifically the Aruba Networks side). There were a few things that I came across, this included, that I have started digging into further.

Let me ask you this, with the Aruba equipment, what version of AOS are you seeing this in and are you specifically talking about the controller not finding the device or are you also using Airwave? I have been testing on 6.1.3.x as well as some testing on the early release of 6.2.0.2.

Jeremy

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...