ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP660
Table 24. IDS/IPS policies and policy rules (continued)
Policy
Device probing for
access points
PS poll flood attack
To enable and configure the IDS/IPS:
1.
Select Configuration > IDS/IPS. The IDS/IPS screen displays:
Figure 54.
2.
Select the Enable radio button. By default, the IDS/IPS is disabled.
Description
•
Detection. Multiple probe requests (30 or more) are sent to
collect information about the wireless access point for possible
future attacks. For example, it is suspect when there are too
many probe requests with a different SSID from same MAC
address.
•
Result. An attack might occur, or wireless security might
become compromised.
•
Solution. The wireless access point does not respond to probe
requests that do not contain its SSID.
•
Attack. Multiple power save (PS)–Poll frames (50 or more) are
sent to the wireless access point from an address that has a
spoofed MAC address of a legitimate client.
•
Result. Traffic that is intended for the legitimate client is sent to
the attacking address and is lost.
•
Solution. PS-Poll frames without a corresponding traffic
indication map (TIM) are rejected.
Management and Monitoring
94
Policy Rule
Threshold
Notification
30
Trap
50
Trap