Security

 View Only

  • 1.  Has anyone noticed how bad clearpass is at detecting Amazon Echo/Kindle devices

    Posted Oct 14, 2019 08:09 AM

    I've had a fair amount of success at rolling out custom fingerprints for devices connected to our wpa2-psk network.... with the exception of Amazon devices.. 

     

    I seem to have 3 million ( well perhaps not that number) of devices that are identifed at Amazon Kindles, when I'm fairly sure they're not.  As an example when a user registers a device for our PSK network they have to tell us what it is. .. there's an awful lot of people registering what they say are amazon echos when clearpass thinks they are kindle devices.

     

    Looknig at one such device, the user agent string says 

    {"dhcp": {"option55": ["1,33,3,6,15,28,51,58,59,119"], "option60": ["dhcpcd-6.8.2:Linux-4.4.22+:armv7l:MT8167B"], "options": ["53,50,57,60,-111,55"]}, "host": {"mac_vendor": ["Amazon Technologies Inc."], "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.82 Safari/537.36"}}

    So does the KHTML imply its a Kindle ?

     



  • 2.  RE: Has anyone noticed how bad clearpass is at detecting Amazon Echo/Kindle devices

    Posted Oct 14, 2019 08:20 AM

    Did you do some fingerprint override?

     

    The mac-vendor in this example is  ["Amazon Technologies Inc."] are you sure this is not a kindle? can you give another example of a "false" kindle?



  • 3.  RE: Has anyone noticed how bad clearpass is at detecting Amazon Echo/Kindle devices

    Posted Oct 14, 2019 08:50 AM

    i do custom things yes, but not when it comes to amazon devices

     

    Amazon Echo is the usual thing.

     

    A while back I bought a brand new amazon echo ... first the OUI wasn't in the clearpass known list ... so got aruba to add it. ... and then clearpas came back and said the Echo on my desk was a kindle :-(

     

    Always very twitchy about believing clearpas when it comes to different Amazon devices

    A

     

     



  • 4.  RE: Has anyone noticed how bad clearpass is at detecting Amazon Echo/Kindle devices
    Best Answer

    Posted Oct 14, 2019 08:28 AM

    They share the same fingerprint (similar to many Apple TVs and iPhones). Advanced fingerprinting would be required to detect this (CPDI).



Related Content