7.6 The IDS Screen
Click Advanced > IDS to open this screen. This is where you can configure the NXC-8160's
response to denial of service type attacks on your network.
A denial of service attack is created by flooding a network with an overload of data traffic. A
DoS is identified by attack signatures or other factors, most of which are well-known and
documented in networking security circles. The IDS tab allows you to enable this detection
mechanism, set thresholds for identifying an attack and choose the type of attack to be
detected. When enabled, the NXC-8160 detects IEEE 802.11 duration attacks and IEEE
802.11 management message flooding attacks. Upon detection, the system sends an SNMP
trap message notifying you of the event and, if applicable, provides attacker details (such as
the attacker's MAC address, for example). You can then use this information to take action
and block malicious users.
Figure 42 Advanced > IDS
The following table describes the labels in this screen.
Table 36 Advanced > IDS
LABEL
Enable Intrusion
Detection System
Duration Attack
NXC-8160 User's Guide
DESCRIPTION
Select this to enable intrusion detection in the NXC-8160.
Wireless devices typically reserve a radio channel for a set duration of time.
This is known as the Network Allocation Vector (NAV) in IEEE 802.11. By
using high NAV values, an attacker can prevent other WLAN devices from
utilizing the wireless network.
Select this option to enable the NAV, and then allocate the maximum NAV
duration for the NXC-8160 to reserve the corresponding channels once an
attack has been detected.
Chapter 7 Advanced Settings
85