Manualshelf

Specifications

ManualsBrandsAlcatel ManualsComputer equipmentOmniAccess AP61
331332333334335336337338339340
OmniAccess Reference: AOS-W System Reference
314 Part 031652-00 May 2005
FIGURE 15-7 EAP Handshake Analysis
Configuration parameters are:
Enable EAP Handshake Analysis – Enables or disables the feature.
EAP Handshake Threshold – The number of EAP handshakes that must be
received within the EAP Time Interval in order to trigger an alarm.
EAP Time Interval – The time period in which a configured number of EAP
handshakes must be received.
EAP Rate Detection Quiet Time – After an alarm has been triggered, the
amount of time that must pass before another identical alarm may be triggered.
The equivalent CLI configuration for the above example is:
wms
ids-policy eap-check enable
ids-policy eap-rate-threshold 10
ids-policy eap-rate-time-interval 60
ids-policy eap-rate-quiet-time 900
Sequence Number Analysis
During an impersonation attack, the attacker will generally spoof the MAC
address of a client or AP. If two devices are active on the network with the
same MAC address, their 802.11 sequence numbers will not match – since the
sequence number is usually generated by the NIC firmware, even a custom
driver will not generally be able to modify these numbers. Sequence number
analysis will detect possible impersonation attacks by looking for anomalies
between sequence numbers seen in frames in the air. To configure sequence
number analysis, navigate to
Configuration > Wireless LAN Intrusion Detection >
Man-in-the-Middle > Sequence Number
, as shown in the figure below.