Friday, November 5, 2021

Finding infected device on guest wifi network?

My threat management appliance keeps warning me about command and control activity on my guest wlan. All the devices on that network are mobile devices. The threat management appliance is blocking the traffic, but it's still annoying me.

I have guest isolation enabled, and don't have any visibility inside the actual guest wlan... I just monitor the traffic it's sending out. The wlan is managed by an Aruba Instant virtual controller, using the built in "guest network" feature.

Any suggestions where to start to identify what device is infected and blacklist it from the network completely?



No comments:

Post a Comment