We're an Aruba shop. We "blacklist" client devices that fail three consecutive auths for a period of 15 seconds. The thinking is that if you fail three times you need to do "something" to fix it and that something will take longer than 15 seconds. We think this approach is transparent to the user. It doesn't eliminate all the bad traffic, but when you consider that a client with a saved bad credential can fail authentication between three and ten times a second you can see that it significantly reduces it.
We used to blacklist for 60 seconds. Our reasoning was the same, but what we figured out was that some users fixed their problem in less than 60 seconds and were still blacklisted when they tried again. This led them to believe, falsely, that their fix didn't work. We've seen no adverse consequences to the 15 second blacklist since making that change. Chuck From: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]> On Behalf Of Hales, David Sent: Wednesday, November 20, 2019 12:21 PM To: [email protected] Subject: Re: [WIRELESS-LAN] rules for mis-behaving wireless clients Our wireless authentication system came with a default that would lock out clients that failed 10 authentication attempts in a row for an hour. It caused some pretty heavy helpdesk hate. If the lockout doesn't come with some way of notifying the user that they're locked out and how long the lockout lasts, I'd recommend keeping the lockout time fairly short. We moved ours to 10 minutes and it doesn't cause very much trouble for us now. Making sure the 1st line of support (helpdesk) knows how it works is critical to easing aggravation levels from customers. David Hales Network Systems Administrator Information Technology Services 1010 N. Peachtree Clement Hall 117 Cookeville, TN 38505 P 931-372-3983 F 931-372-6130 E [email protected]<mailto:[email protected]> www.tntech.edu/its<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.tntech.edu%2Fits&data=02%7C01%7Ccae104%40PSU.EDU%7C9ea6843f905e424813b008d76dde04cd%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637098672667142512&sdata=FJpM7rLVB4vCwIdsHzWsaCi8DKM2ZZoQhe2AnMaLyJg%3D&reserved=0> [Tennessee Tech Logo]<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.tntech.edu%2F&data=02%7C01%7Ccae104%40PSU.EDU%7C9ea6843f905e424813b008d76dde04cd%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637098672667152506&sdata=0RESna%2F999oIr5dwgw9yD6HJeukPfPDo6JWSJg8hY2U%3D&reserved=0> [TTU Facebook] <https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2Ftennesseetech%2F&data=02%7C01%7Ccae104%40PSU.EDU%7C9ea6843f905e424813b008d76dde04cd%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637098672667152506&sdata=qBwlphO2pD2F0WT09NGLtEXQ3KdeQHQNbAJykzmrx1Y%3D&reserved=0> [TTU Twitter] <https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Ftennesseetech&data=02%7C01%7Ccae104%40PSU.EDU%7C9ea6843f905e424813b008d76dde04cd%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637098672667162505&sdata=shLFy5iqa5BCicVCFh6EQfv00GDlRwAAr1OZgNomYR0%3D&reserved=0> [TTU Instagram] <https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.instagram.com%2Ftntechuniversity%2F&data=02%7C01%7Ccae104%40PSU.EDU%7C9ea6843f905e424813b008d76dde04cd%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637098672667162505&sdata=K252%2FdZR5fqMpztYgNFqA9MJhFsfnzVTp%2BvlXPrl7NA%3D&reserved=0> [TTU Youtube] <https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fuser%2Fttunews&data=02%7C01%7Ccae104%40PSU.EDU%7C9ea6843f905e424813b008d76dde04cd%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637098672667172495&sdata=jpHmt1HtNHR8pRkdGgeNmUL%2B%2FNQeBeJTJUK4URw6MRM%3D&reserved=0> [TTU Pintrest] <https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.pinterest.com%2Ftennesseetech%2F&data=02%7C01%7Ccae104%40PSU.EDU%7C9ea6843f905e424813b008d76dde04cd%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637098672667172495&sdata=fz2nvzmX%2BLbI3moBWw9QTz3K9d%2BBlowxhy9BJCuh4Mk%3D&reserved=0> From: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]> On Behalf Of Joseph M. Karam Sent: Wednesday, November 20, 2019 11:17 AM To: [email protected] Subject: [WIRELESS-LAN] rules for mis-behaving wireless clients External Email Warning This email originated from outside the university. Please use caution when opening attachments, clicking links, or responding to requests. ________________________________ Hello Everyone, Are there any general recommendations/best practices on rules for misconfigured wireless devices for connecting to your wireless infrastructure? For example, we have many mis-configured eduroam clients that are just continually sending authentication requests. We would like to define a rule in our wireless infrastructure that says something like, "if the device failed authentication 20 times in 1 minute, do not allow it to authenticate again for 10 minutes". Has anyone had good or bad experiences with defining these types of policies? Thank you, Joe ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ccae104%40PSU.EDU%7C9ea6843f905e424813b008d76dde04cd%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637098672667172495&sdata=CS5%2B8KNNhGBxGk1FGRuZwu%2BEBS8ipAArqR0XxR0CxDc%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ccae104%40PSU.EDU%7C9ea6843f905e424813b008d76dde04cd%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637098672667182488&sdata=WSWF1YF3Al65DArQI4Gb3khIkn7Ht3VUDnZ3%2Fms%2Bbu0%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
