IDS log message examples
Table 2
shows examples of the log messages generated by IDS.
Message Type
Probe message flood
Authentication
message flood
Null data message
flood
Management frame 6
flood
Management frame 7
flood
Management frame D
flood
Management frame E
flood
Management frame F
flood
Associate request flood Client aa:bb:cc:dd:ee:ff is sending associate request flood on port 2
Reassociate request
flood
Disassociate request
flood
Weak WEP
initialization vector
(IV)
Decrypt errors
Spoofed
deauthentication
frames
Spoofed disassociation
frames
Null probe responses
Broadcast
deauthentications
Table 2.IDS and DoS log messages
Example Log Message
Client aa:bb:cc:dd:ee:ff is sending probe message flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Client aa:bb:cc:dd:ee:ff is sending authentication message flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Client aa:bb:cc:dd:ee:ff is sending null data message flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Client aa:bb:cc:dd:ee:ff is sending rsvd mgmt frame 6 message flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Client aa:bb:cc:dd:ee:ff is sending rsvd mgmt frame 7 message flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Client aa:bb:cc:dd:ee:ff is sending rsvd mgmt frame D message flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Client aa:bb:cc:dd:ee:ff is sending rsvd mgmt frame E message flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Client aa:bb:cc:dd:ee:ff is sending rsvd mgmt frame F message flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Client aa:bb:cc:dd:ee:ff is sending re-associate request flood on port 2
Client aa:bb:cc:dd:ee:ff is sending disassociate request flood on port 2
Client aa:bb:cc:dd:ee:ff is using weak wep initialization vector.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Client aa:bb:cc:dd:ee:ff is sending packets with decrypt errors.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Deauthentication frame from AP aa:bb:cc:dd:ee:ff is being spoofed.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Disassociation frame from AP aa:bb:cc:dd:ee:ff is being spoofed.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
AP aa:bb:cc:dd:ee:ff is sending null probe responses.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
AP aa:bb:cc:dd:ee:ff is sending broadcast deauthentications.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Nortel WLAN—Security Switch 2300 Series Configuration Guide
Rogue detection and counter measures 641