Quick Reference Guide
Management and Monitoring
91
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP660
Disassociation flood • Attack. Multiple disassociation frames (5 or more) that use the
spoofed MAC address of the wireless access point are sent to a
legitimate client.
• Result.
The client is disconnected from the wireless access
point.
Note: The IDS detects this attack, but the IPS d
oes not take action
against this attack.
5 Trap
Malformed 802.11
pa
ckets detected
• Detection. Multiple malformed packets (5 or more) are sent to
the wireless access point.
• Result. Clie
nts behave unexpectedly or crash.
• Solution. T
he wireless access point drops the malformed
packets.
5 Trap
EAPOL-start attack • Attack.
Multiple EAPOL start frames (5 or more) are sent to the
wireless access point to initiate the RADIUS authentication
process for clients.
• Result.
Wireless service is disrupted.
• Solution. T
he wireless access point determines if the legitimate
clients have already been authenticated before processing
EAPOL start frames.
5 Trap
EAPOL-logoff attack • Attack. Sever
al EAPOL logoff frames (2 or more) that use the
spoofed MAC address of a legitimate client are sent to the
wireless access point to terminate a RADIUS-authenticated
session.
• Result.
The client is disconnected from the wireless access
point.
• Solution. T
he wireless access point determines if it still
receives traffic from the client before disconnecting the client.
2 Trap
Premature EAP
fail
ure attack
• Attack. Several premature EAP failure frames (2 or more) are
sent to a legitimate client to suggest RADIUS authentication
failure.
• Result. T
he client cannot be authenticated and cannot connect
to the wireless access point.
Note: The IDS detects this attack, but the IPS d
oes not take action
against this attack.
2 Trap
Premature EAP
su
ccess attack
• Attack. Several premature EAP success frames (2 or more) are
sent to a legitimate client to suggest RADIUS authentication
success.
• Result. T
he client cannot be authenticated and cannot connect
to the wireless access point.
Note: The IDS detects this attack, but the IPS d
oes not take action
against this attack.
2 Trap
Table 24. IDS/IPS policies and policy rules (continued)
Policy Description Policy Rule
Threshold Notification