User's Manual
Table Of Contents
- Table of Contents
- List of Figures
- Introduction
- Installing the Wireless Array
- Installation Prerequisites
- Planning Your Installation
- Installation Workflow
- Installing Your Wireless Array
- Powering Up the Wireless Array
- Establishing Communication with the Array
- Entering the License
- Performing the Express Setup Procedure
- The Web Management Interface
- Viewing Status on the Wireless Array
- Configuring the Wireless Array
- Express Setup
- Network
- Services
- VLANs
- Tunnels
- Security
- SSIDs
- Groups
- IAPs
- WDS
- Filters
- Clusters
- Using Tools on the Wireless Array
Wireless Array
Configuring the Wireless Array 333
the specified number of seconds, then the Array declares that an attack
has been detected. You may modify the Threshold and Period.
For the Flood attack settings, you also have a choice of Auto or Manual.
• Manual mode — threshold and period settings are used to detect a
flood. Packets received are simply counted for the specified time
period and compared against the flood threshold. The default for all
of the floods is Manual mode.
• Auto mode — the Array analyzes current traffic for packets of a given
type versus traffic over the past hour to determine whether a packet
flood should be detected. In this mode, threshold and period settings
are ignored. This mode is useful for floods like beacon or probe
floods, where the numbers of such packets detected in the air can
vary greatly from installation to installation.
7. Duration Attack NAV (ms): For the duration attack, you may also modify
the default duration value that is used to determine whether a packet
may be part of an attack. If the number of packets having at least this
duration value exceeds the Threshold number in the specified Period, an
attack is detected.
Impersonation Detection Settings
8. Attack/Event:
The types of impersonation attack that you may detect are
described in Impersonation Attacks on page 330. Detection of each attack
type may be turned On or Off separately. For AP or Station
Impersonation attacks, a default Threshold and Period (seconds) are
specified. If the number of occurrences of the type of packet being
detected exceeds the threshold in the specified number of seconds, then
the Array declares that an attack has been detected. You may modify the
Threshold and Period.
9. Sequence number anomaly: You may specify whether to detect this type
of attack in Data traffic or in Management traffic, or turn Off this type of
detection.