can meraki mr prevent or disable device in "Ad hoc mode" ?

naltakeb
New here

can meraki mr prevent or disable device in "Ad hoc mode" ?

i mean if some smartphone or smart device can re-broadcasting the SSID of acting as a wireless bridge.

can MR disable or prevent?

2 Replies 2
jdsilva
Kind of a big deal

Meraki has a set of WIPS features called Air Marshall that cover what you're asking about. 

 

https://documentation.meraki.com/MR/Monitoring_and_Reporting/Air_Marshal

 

I'll insert the obligatory "Don't contain SSID's unless you completely understand what you're doing, why you're doing it, and what your local laws are around such activity" message here.

 

🙂

NolanHerring
Kind of a big deal

Air Marshal can email alert you for rogue detection and spoofing. However, the rogue detection portion is a tad broken because if you have a mobile device, say an iPhone on your wireless. If that iPhone for whatever reason leaves your wireless, and decides it wants to spin up its own hotpot.

 

The system will detect this as a rogue for one reason, which is 'seen on LAN'. However this obviously isn't true because its an iPhone, which cannot actually connect to the LAN side. It's a shortcoming with the way the system works in how it 'thinks' it is on the LAN, only because it was previously on your network via using your wireless.

I consider those to be false positives, and ignore them.

 

The spoofing part however seems to work rather well in that it will automatically determine if someone is spoofing based on any of your SSID's that you have operating, and alert you as such.

 

As @jdsilva mentioned, you will need to be very cautious because legally (in the USA at least) your not allowed to block/deny anyone because its an unlicensed spectrum and doing so is against FCC regulation. The only time that I'm aware of in which you can 'sort of legally' do it is if they are maliciously spoofing your SSID (man-in-the-middle/honeypot style). Even then I still prefer to play it safe and be alerted and take physical action vs blocking automatically.

Nolan Herring | nolanwifi.com
TwitterLinkedIn
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels