Quick Reference Guide
Management and Monitoring
94
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP660
To enable and configure the IDS/IPS:
1. Select Configuration > IDS/IPS. The IDS/IPS screen displays:
Figure 54.
2. Select the Enable radio button. By default, the IDS/IPS is disabled.
Device probing for
access points
• Detection. Multiple probe requests (30 or more) are sent to
collect information about the wireless access point for possible
future attacks. For example, it is suspect when there are too
many probe requests with a different SSID from same MAC
address.
• R
esult.
An attack might occur, or wireless security might
become compromised.
• Solution. The w
ireless access point does not respond to probe
requests that do not contain its SSID.
30 Trap
PS poll flood attack • Attack. Mu
ltiple power save (PS)–Poll frames (50 or more) are
sent to the wireless access point from an address that has a
spoofed MAC address of a legitimate client.
• Result. T
raffic that is intended for the legitimate client is sent to
the attacking address and is lost.
• Solution. PS-Poll frames withou
t a corresponding traffic
indication map (TIM) are rejected.
50 Trap
Table 24. IDS/IPS policies and policy rules (continued)
Policy Description Policy Rule
Threshold Notification