Disabling Or Reenabling Logging Of Rogues; Enabling Rogue And Countermeasures Notifications; Ids And Dos Alerts; Flood Attacks - Nortel 2360 Configuration Manual
Wlan-security switch 2300 series
Hide thumbs
Also See for 2360:
- Reference manual (480 pages) ,
- User manual (218 pages) ,
- Installation and basic configuration manual (172 pages)
Table of Contents
Advertisement
638 Rogue detection and counter measures
Disabling or reenabling logging of rogues
By default, a WSS generates a log message when a rogue is detected or disappears. To disable or reenable the log
messages, use the following command:
set rfdetect log {enable | disable}
To display log messages on a switch, use the following command:
show log buffer
(This command has optional parameters. For complete syntax information, see the
Series Command Line
Reference.)
Enabling rogue and countermeasures notifications
By default, all SNMP notifications (informs or traps) are disabled. To enable or disable notifications for rogue detection,
Intrusion Detection System (IDS), and Denial of Service (DoS) protection, configure a notification profile that sends all
the notification types for these features. (For syntax information and an example, see
(page
158).)
IDS and DoS alerts
WSS Software can detect illegitimate network access attempts and attempts to disrupt network service. In response,
WSS Software generates messages and SNMP notifications. The following sections describe the types of attacks and
security risks that WSS Software can detect.
For examples of the log messages that WSS Software generates when DoS attacks or other security risks are detected,
see
"IDS log message examples" (page
For information about the notifications, see
Note.
To detect DoS attacks, Scheduled RF Scanning must be enabled. (See
or reenabling Scheduled RF Scanning" (page
Flood attacks
A flood attack is a type of Denial of Service attack. During a flood attack, a rogue wireless device attempts to overwhelm
the resources of other wireless devices by continuously injecting management frames into the air. For example, a rogue
client can repeatedly send association requests to try to overwhelm APs that receive the requests.
The threshold for triggering a flood message is 100 frames of the same type from the same MAC address, within a
one-second period. If WSS Software detects more than 100 of the same type of wireless frame within one second, WSS
Software generates a log message. The message indicates the frame type, the MAC address of the sender, the listener
(AP and radio), channel number, and RSSI.
NN47250-500 (320657-F Version 02.01)
641).
"Configuring a notification profile" (page
637).)
Nortel WLAN Security Switch 2300
"Configuring a notification profile"
158).
"Disabling
- Quick Links:
- Using the Command-Line Interface
Hide quick links:
Advertisement
Table of Contents
