ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP660
Table 24. IDS/IPS policies and policy rules
Policy
Description
Authentication flood •
Attack. Multiple authentication requests (5 or more) that use
spoofed MAC addresses of legitimate clients are sent to the
wireless access point.
•
Result. The client association table overflows, causing
authentication requests from legitimate clients to be denied.
•
Solution. The oldest clients that are stuck in the authentication
phase are removed from the table.
Association flood
•
Attack. Multiple association requests (5 or more) that use
spoofed MAC addresses of legitimate clients are sent to the
wireless access point.
•
Result. The client association table overflows, causing
association requests from legitimate clients to be denied.
•
Solution. The oldest associations are removed from the table.
Unauthenticated
•
Attack. Multiple unauthenticated association requests (5 or
association
more) that use spoofed MAC addresses of legitimate clients are
sent to the wireless access point.
•
Result. The client association table overflows, causing
authentication requests from legitimate clients to be denied.
•
Solution. The oldest clients that are stuck in the authentication
phase are removed from the table.
Association table
•
Attack. Multiple clients (5 or more) that use spoofed MAC
overflow
addresses of legitimate clients attempt to connect to the
wireless access point.
•
Result. The client association table overflows, causing
association requests from legitimate clients to be denied.
•
Solution. The oldest associations are removed from the table.
Authentication
•
Attack. Multiple invalid authentication requests (5 or more) that
failure attack
use the spoofed MAC address of a legitimate client are sent to
the wireless access point.
•
Result. The client is disconnected from the wireless access
point.
•
Solution. The wireless access point determines if the legitimate
client is already connected before processing an authentication
request.
Deauthentication
•
Attack. Multiple deauthentication frames (5 or more) that use
broadcast attack
the spoofed MAC address of the wireless access point are sent
to legitimate clients.
•
Result. Clients are disconnected from the wireless access
point.
Note:
against this attack.
The IDS detects this attack, but the IPS does not take action
Management and Monitoring
90
Policy Rule
Threshold
Notification
5
Trap
5
Trap
5
Trap
5
Trap
5
Trap
5
Trap