04-08-2024 08:24 AM - last edited a month ago
I am testing with a netgear wifi router (open network with dhcp enabled) and linux rogue AP (open network but no DHCP enabled).
I see the airtermination but it looks like my laptop and phone are able to associate with both netgear and linux rogue AP and they grab an address from the netgear AP.
im trying to prevent people from obtaining credentials when connecting to one of our wpa2-enterprise SSIDs which they can connect using their AD credentials if they bring a roque AP.
the only alarms I see are these
i then created an alarm action rule based on these alarms
these are my filters ( airtermination was not working at all without the filters)
i then have it to send an email.
I am not sure if airtermination is working as intended as I'm able to associate to the AP and get an address. is this because it's an open network and there is no authentication?