Weak WEP Key Used
by Client
Disallowed Devices or
SSIDs
Displaying Statistics
Counters
IDS Log Message
Examples
A weak initialization vector (IV) makes a WEP key easier to hack. MSS
alerts you regarding clients who are using weak WEP IVs so that you can
strengthen the encryption on these clients or replace the clients.
You can configure the following types of lists to explicitly allow specific
devices or SSIDs:
Permitted SSID list—MSS generates a message if an SSID that is not on
the list is detected.
Permitted vendor list—MSS generates a message if an AP or wireless
client with an OUI that is not on the list is detected.
Client black list—MSS prevents clients on the list from accessing the
network through a WX switch. If the client is placed on the black list
dynamically by MSS due to an association, reassociation or
disassociation flood, MSS generates a log message.
By default, these lists are empty and all SSIDs, vendors, and clients are
allowed. For more information, see "Summary of Rogue Detection
Features" on page 573.
To display IDS and DoS statistics counters, use the display rfdetect
counters commands. (See "Displaying Statistics Counters" on
page 587.)
Table 49 shows examples of the log messages generated by IDS.
Table 49 IDS and DoS Log Messages
Message Type
Probe message flood
Authentication
message flood
Null data message
flood
Example Log Message
Client aa:bb:cc:dd:ee:ff is sending probe message flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI
-53.
Client aa:bb:cc:dd:ee:ff is sending authentication message
flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI
-53.
Client aa:bb:cc:dd:ee:ff is sending null data message
flood.
Seen by AP on port 2, radio 1 on channel 11 with
RSSI -53.
IDS and DoS Alerts
587