De-Authentication Attacks - D-Link DWC-1000 User Manual

Section 8 - Viewing Status and Statistics
Field
MAC Address
ssiD
Physical Mode
Channel
Age
status
Path: Status > Wireless Information > Access Point > De-Authentication Attacks
The AP De-Authentication Attack page contains information about rogue APs that the Cluster Controller has
attacked by using the de‐authentication attack feature. The wireless controller can protect against rogue APs
by sending de‐authentication messages to the rogue AP. The de‐authentication attack feature must be globally
enabled in order for the wireless system to do this function. Make sure that no legitimate APs are classified as
rogues before enabling the attack feature. This feature is disabled by default.
The wireless system can conduct the de‐authentication attack against 16 APs at the same time. The intent of this
attack is to serve as a temporary measure until the rogue AP is located and disabled.
The de‐authentication attack is not effective for all rogue types, and therefore is not used on every detected
rogue. The following rogues are not subjected to the attack:
• If the detected rogue is spoofing the BSSID of the valid managed AP then the wireless system does not
attempt to use the attack because that attack may deny service to a legitimate AP and provide another
avenue for a hacker to attack the system.
• The de-authentication attack is not effective against Ad hoc networks because these networks do not
use authentication.
• The APs operating on channels outside of the country domain are not attacked because sending any
traffic on illegal channels is against the law.
The wireless controller maintains a list of BSSIDs against which it is conducting a de‐authentication attack. The
controller sends the list of BSSIDs and channels on which the rogue APs are operating to every managed AP.
D-Link DWC-1000 User Manual
Ethernet MAC address of the detected access point. This could be a physical
radio interface or VAP MAC.
The wireless name (Service Set Identifier) of the network, which is broadcast
in the detected beacon frame.
The 802.11 mode used on the access point.
Transmit channel of the access point.
Time since this access point was last detected in an RF scan. Status entries for
this page are collected at a point in time and eventually age out. The age value
for each entry shows how long ago the wireless controller recorded the entry.
Managed status of the access point. The valid values are:
• Managed = Neighbor access point is managed by the wireless system.
• Standalone = Access point is managed in standalone mode and
configured as a valid AP entry (local or RADIUS).
• Rogue = Access point is classified as a threat by one of the threat detection
algorithms.
• Unknown = Access point is detected in the network but is not classified
as a threat by the threat detection algorithms.

De-Authentication Attacks

Description
301