Quick Reference Guide
Management and Monitoring
92
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP660
CTS flood • Attack. Multiple clear-to-send (CTS) frames (60 or more) are
sent to the wireless access point.
• Result.
Wireless service is disrupted.
• Solution. The wi
reless access point sends a channel change
frame to the legitimate clients and uses automatic channel
selection to switch to a new clear channel.
60 Trap
RTS flood • Attack. Multipl
e request-to-send (RTS) frames (60 or more) are
sent to the wireless access point.
• Result.
Wireless service is disrupted.
• Solution. The wireless access point sends a channel change
frame to the legitimate clients and uses automatic channel
selection to switch to a new clear channel.
60 Trap
RF jamming attack • Attack. Mu
ltiple RF transmissions (100 or more) are sent to the
wireless access point, jamming the radio frequency.
• Result.
Wireless service is disrupted.
Note: The IDS detects this attack, but the IPS does not take action
agai
nst this attack.
100 Trap
Virtual carrier attack • Attack. Multipl
e frames (60 or more) with a large duration value
are sent to the wireless access point.
• Result.
Wireless service is disrupted.
• Solution. The wireless access point sends a channel change
frame to the legitimate clients and uses automatic channel
selection to switch to a new clear channel.
60 Trap
MAC spoofing • Attack. Severa
l frames (3 or more) that contain the spoofed
MAC address of the wireless access point itself or the spoofed
MAC address of a legitimate client are sent to the wireless
access point.
• R
esult. Wireless
security might be compromised.
Note: The IDS detects MAC spoofing, but the IPS does not take
ac
tion against MAC spoofing.
3 Trap
Rogue AP detection • Detection. A wireless access point is not in the managed AP
list (see View and Save Access Point Lists on p
age 87) and is
not connected to the secured wireless or wired network.
• Result. Wireless
security might be compromised.
Note: The IDS detects rogue APs, but the IPS does not take action
against rogue APs. For information about how to exclude rogue APs
from your network, see Enable Rogue AP Detection and Monitor
Access Points on pa
ge 85
.
0 Trap
Table 24. IDS/IPS policies and policy rules (continued)
Policy Description Policy Rule
Threshold Notification