Was wondering if anyone with a large Aruba deployment has enabled their "Tarpit
Shielding" feature for dealing with rogue issues (full description below for
anyone not familiar with it)? If so, is that working out for you? Has it
caused problems for folks unrelated to rogue units?
Inquiring minds etc. etc. Thanks in advance!
-- Jim Gogan
ITS Communication Technologies
UNC-Chapel Hill
description:
Tarpit Shielding
The Tarpit Shielding feature is a type of wireless containment. Detected
devices that are classified as rogues are contained by forcing client
association to a fake channel or BSSID. This method of tarpitting is more
efficient than rogue containment via repeated de-authorization requests. Tarpit
Sheilding works by spoofing frames from an AP to confuse a client about its
association. The confused client assumes it is associated to the AP on a
different (fake) channel than the channel that the AP is actually operating on,
and will attempt to communicate with the AP in the fake channel.
Tarpit Shielding works in conjunction with the deauth wireless containment
mechanism. The deauth mechanism triggers the client to generate probe request
and subsequent association request frames. The AP then responds with probe
response and association response frames. Once the monitoring AP sees these
frames, it will spoof the probe-response and association response frames, and
manipulates the content of the frames to confuse the client.
A station is determined to be in the Tarpit when we see it sending data frames
in the fake channel. With some clients, the station remains in tarpit state
until the user manually disables and re-enables the wireless interface.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
