Quick Reference Guide
Management and Monitoring
90
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP660
Table 24. IDS/IPS policies and policy rules
Policy Description Policy Rule
Threshold Notification
Authentication flood • Attack. Multiple authentication requests (5 or more) that use
spoofed MAC addresses of legitimate clients are sent to the
wireless access point.
• R
esult.
The client association table overflows, causing
authentication requests from legitimate clients to be denied.
• Solution. The ol
dest clients that are stuck in the authentication
phase are removed from the table.
5 Trap
Association flood • Attack. Multiple association requests (5 or more) that use
spoofed MAC addresses of legitimate clients are sent to the
wireless access point.
• R
esult.
The client association table overflows, causing
association requests from legitimate clients to be denied.
• Solution. The ol
dest associations are removed from the table.
5 Trap
Unauthenticated
association
• Attack. Multiple unauthenticated association requests (5 or
more) that use spoofed MAC addresses of legitimate clients are
sent to the wireless access point.
• Result.
The client association table overflows, causing
authentication requests from legitimate clients to be denied.
• Solution. The ol
dest clients that are stuck in the authentication
phase are removed from the table.
5 Trap
Association table
ov
erflow
• Attack. Multiple clients (5 or more) that use spoofed MAC
addresses of legitimate clients attempt to connect to the
wireless access point.
• Result.
The client association table overflows, causing
association requests from legitimate clients to be denied.
• Solution. The ol
dest associations are removed from the table.
5 Trap
Authentication
failure att
ack
• Attack. Multiple invalid authentication requests (5 or more) that
use the spoofed MAC address of a legitimate client are sent to
the wireless access point.
• Result.
The client is disconnected from the wireless access
point.
• Solution. The
wireless access point determines if the legitimate
client is already connected before processing an authentication
request.
5 Trap
Deauthentication
broadcast att
ack
• Attack. Multiple deauthentication frames (5 or more) that use
the spoofed MAC address of the wireless access point are sent
to legitimate clients.
• Result. Client
s are disconnected from the wireless access
point.
Note: The IDS detects this attack, but the IPS does not take action
a
gai
nst this attack.
5 Trap