Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

IDS and DoS Alerts

22-16 Rogue Detection and Countermeasures

Disassociate request flood Client aa:bb:cc:dd:ee:ff is sending disassociate request flood on AP

Weak WEP initialization vector

(IV)

Client aa:bb:cc:dd:ee:ff is using weak wep initialization vector.

Seen by AP on radio 1 on channel 11 with RSSI -53.

Decrypt errors Client aa:bb:cc:dd:ee:ff is sending packets with decrypt errors.

Seen by AP on radio 1 on channel 11 with RSSI -53.

Spoofed deauthentication

frames

Deauthentication frame from AP aa:bb:cc:dd:ee:ff is being spoofed.

Seen by AP on radio 1 on channel 11 with RSSI -53.

Spoofed disassociation frames Disassociation frame from AP aa:bb:cc:dd:ee:ff is being spoofed.

Seen by AP on radio 1 on channel 11 with RSSI -53.

Null probe responses AP aa:bb:cc:dd:ee:ff is sending null probe responses.

Seen by AP on radio 1 on channel 11 with RSSI -53.

Broadcast deauthentications AP aa:bb:cc:dd:ee:ff is sending broadcast deauthentications.

Seen by AP on radio 1 on channel 11 with RSSI -53.

Fake AP SSID (when source

MAC address is known)

FakeAP SSID attack detected from aa:bb:cc:dd:ee:ff.

Seen by AP on radio 1 on channel 11 with RSSI -53 SSID myssid.

Fake AP SSID (when source

MAC address is not known)

FakeAP BSSID attack detected.

Seen by AP on radio 1 on channel 11 with RSSI -53 SSID myssid.

Spoofed SSID AP Mac aa:bb:cc:dd:ee:ff(ssid myssid) is masquerading our ssid used by

aa:bb:cc:dd:ee:fd.

Detected by listener aa:bb:cc:dd:ee:fc(radio 1), channel 11 with RSSI -53.

Wireless bridge detected Wireless bridge detected with address aa:bb:cc:dd:ee:ff.

Seen by AP on radio 1 on channel 11 with RSSI -53 SSID myssid.

Netstumbler detected Netstumbler detected from aa:bb:cc:dd:ee:ff.

Seen by AP on radio 1 on channel 11 with RSSI -53 SSID myssid.

Wellenreiter detected Wellenreiter detected from aa:bb:cc:dd:ee:ff.

Seen by AP on radio 1 on channel 11 with RSSI -53 SSID myssid.

Ad-hoc client frame detected Adhoc client frame detected from aa:bb:cc:dd:ee:ff.

Seen by AP on radio 1 on channel 11 with RSSI -53 SSID myssid.

Spoofed AP AP Mac aa:bb:cc:dd:ee:ff(ssid myssid) is being spoofed. Received

fingerprint 1122343 does not match our fingerprint 123344.

Detected by listener aa:bb:cc:dd:ee:fd(radio 1), channel 11 with RSSI -53.

Disallowed SSID detected AP Mac aa:bb:cc:dd:ee:ff(ssid myssid) is not part of ssid-list.

Detected by listener aa:bb:cc:dd:ee:fd( radio 1), channel 11 with RSSI -53.

AP from disallowed vendor

detected

AP Mac aa:bb:cc:dd:ee:ff(ssid myssid) is not part of vendor-list.

Detected by listener aa:bb:cc:dd:ee:fd( radio 1), channel 11 with RSSI -53.

Client from disallowed vendor

detected

Client Mac aa:bb:cc:dd:ee:ff is not part of vendor-list. Detected by listener

aa:bb:cc:dd:ee:fd( radio 1), channel 11 with RSSI -53.

Table 22-2 IDS and DoS Log Messages (continued)

Message Type Example Log Message