Meraki

Community

Tips on how to handle Air Mashal incidents

Karl_Jacobsen
Getting noticed
‎Oct 29 2024 5:32 AM
‎Oct 29 2024 5:32 AM

Tips on how to handle Air Mashal incidents

I've been seeing a few reports from Air Marshal about a reoccurring endpoint. I've see others that are, because of the name, clearly known devices (like a Roku from a smart TV, or a printer looking to direct connect). There is one called "The Net" that keeps popping up. I think this is a wifi network from a neighboring house but I'm not sure. I've told my AP to contain the threat. Is there anything else I can do? Any way of making sure it's from a neighbor?

Labels:
0 Kudos
1 Reply 1
GreenMan
Meraki Employee All-Star Meraki Employee All-Star
Meraki Employee All-Star
‎Oct 29 2024 8:32 AM
‎Oct 29 2024 8:32 AM

I'd be very careful about using containment, particularly if that SSID is not reported as a rogue (i.e. connected to your wired network);   it's potentially a DoS attack on your part, on a public unlicensed area of spectrum.  If it's just someone else's nearby network, check how it may or may not be affecting your own setup through co-channel interference (the Wireless > RF Spectrum menu)    If it's not overlapping greatly with the channels set on your AP(s) - or is only seen faintly - I'd just leave it TBH.   If it is interfering significantly, maybe have a look at wider spectrum usage where you are and maybe manually set channels (and things like channel width) in your RF Profile - under Wireless > Radio Settings

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.