Solved: Securing Wireless LAN Controllers against management credential brute force attacks

shammock · ‎09-01-2020

What is the recommended way to secure WLCs against management brute force attacks from the same source MAC or IP address please? Need an autonomous way to recognize multiple failed attempts from a bad actor who moves to another login when an account locks & just continues to hammer away with credential brute force attack over SSH / WebGUI. Bad actor should be blocked without manual intervention.

Thanks in advance,

Sam

patoberli · ‎09-07-2020

There isn't much built in for that. The primary way is to limit the SSH access to the IP addresses of the managing computers and block all others.

The WLC will generate an snmp trap for every failed attempt (if I'm not mistaken) which you could process in your monitoring system.

View solution in original post

Leo Laohoo · ‎09-01-2020

From the same source and MAC address? Block the MAC address from joining the wireless network in the first place.

shammock · ‎09-03-2020

I'll rephrase the question...

What is the recommended way to secure WLCs against SSH brute force attacks by blocking the bad actor's source address please? It's not enough that an account is locked out after x number of failed login attempts. We need to also block/blacklist any bad actor's source address dynamically & autonomously after x number of failed login attempts.

TIA,

Sam

patoberli · ‎09-07-2020

There isn't much built in for that. The primary way is to limit the SSH access to the IP addresses of the managing computers and block all others.

The WLC will generate an snmp trap for every failed attempt (if I'm not mistaken) which you could process in your monitoring system.

YanBedia49446 · ‎09-03-2020

Hi Sam,

What is your network architecture?Do you have firewall?

Are you getting traps to your mail when someone blocked?

Yan Bedia