We use it here at Western… it does the job well for us, especially mitigating ad-hocs using the school’s published SSIDs and rogues. We have not had any issues with clients connecting to Valid APs.
Mike H On Aug 11, 2014, at 6:42 AM, Gogan, James P <[email protected]> wrote: > Was wondering if anyone with a large Aruba deployment has enabled their > "Tarpit Shielding" feature for dealing with rogue issues (full description > below for anyone not familiar with it)? If so, is that working out for > you? Has it caused problems for folks unrelated to rogue units? > > Inquiring minds etc. etc. Thanks in advance! > > -- Jim Gogan > ITS Communication Technologies > UNC-Chapel Hill > > > description: > Tarpit Shielding > > The Tarpit Shielding feature is a type of wireless containment. Detected > devices that are classified as rogues are contained by forcing client > association to a fake channel or BSSID. This method of tarpitting is more > efficient than rogue containment via repeated de-authorization requests. > Tarpit Sheilding works by spoofing frames from an AP to confuse a client > about its association. The confused client assumes it is associated to the AP > on a different (fake) channel than the channel that the AP is actually > operating on, and will attempt to communicate with the AP in the fake channel. > > Tarpit Shielding works in conjunction with the deauth wireless containment > mechanism. The deauth mechanism triggers the client to generate probe request > and subsequent association request frames. The AP then responds with probe > response and association response frames. Once the monitoring AP sees these > frames, it will spoof the probe-response and association response frames, and > manipulates the content of the frames to confuse the client. > > A station is determined to be in the Tarpit when we see it sending data > frames in the fake channel. With some clients, the station remains in tarpit > state until the user manually disables and re-enables the wireless interface. > > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. Michael Hulko Network Analyst Western University Canada Network Operations Centre Information Technology Services 1393 Western Road, SSB 3300CC London, Ontario N6G 1G9 tel: 519-661-2111 x81390 e-mail: [email protected] ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
