Specifications

IDS and DoS Alerts

22-14 Rogue Detection and Countermeasures

• SpoofedAP—AroguedevicepretendstobeanEnterasysAPbysending packetswiththe

sourceMACaddressoftheEnterasysAP.Datafromclientsthata ssociat e withtherogue

devicecanbeaccessedbythehackercontrollingtheroguedevice.

Netstumbler and Wellenreiter Applications

NetstumblerandWellenreiterarewidelyavailableapplicationsthathackerscanusetogather

informationabouttheAPsinyournetwork,includinglocation,manufacturer,andencryption

settings.

Wireless Bridge

Awirelessbridgecanextendawirelessnetworkoutsidethedesiredarea.Forexample,someone

canplaceawirelessbridgenearanexteriorwalltoextendwirelesscoverageoutintotheparking

lot,whereahackercouldthengainaccesstothenetwork.

Ad-Hoc Network

Anad‐hocnetworkisestablisheddirectlyamongwirelessclientsanddoesnotusethe

infrastructurenetwork(anetworkusingan AP).AnAd‐hocnetworkmightnotbeanintentionally

maliciousattackonthenetwork,butitdoesstealbandwidthfromyourinfrastructureusers.

Weak WEP Key Used by Client

Aweakinitializationvector(IV)makesaWEPkeyeasiertohack.MSSalertsyouregardingclients

whoareusingweakWEPIVssothatyoucanstrengthentheencryptionontheseclientsorreplace

theclients.

Note: MSS detects a spoofed AP attack based on the fingerprint of the spoofed AP. Packets from

the real AP have the correct signature, while spoofed packets lack the signature. (See “Enabling AP

Signatures” on page 22-12.)