Wireless Instance
20-153
wips events [identical-
source-and-destination-
addresses |
impersonation-attack-
detected|non-changing-
wep-iv|replay-injection-
attack |
suspicious-ap-high-
rssi|tkip-mic-counter-
measures-caused-by-
station |transmitting-
device-using-invalid-mac
|unauthorized-ap-using-
authorized-
ssid|unencrypted-
station-transmission-
detected] {enable|filter-
out|threshold}
{authorized|ignored|unau
thorized}
• fake-ap-flood– Detects suspected ap flood (based on
number of APs observed in a minute)
• frames-from-unassociated-stations – Detects frames
from unassociated stations
• frames-with-bad-essids – filter-ageout <1-86400> –
Detects filters age-out duration for the mobile unit frames
with bad essids
• fuzzing-all-zero-mac-address-observed– Fuzzing: All zero
MAC address Observed
• fuzzing-invalid-frame-type-detected– Fuzzing: Invalid
Frame Type Detected
• fuzzing-invalid-management-frame – Fuzzing: Invalid
Management Frame
• fuzzing-invalid-sequence-number – Fuzzing: Invalid
Sequence Number
• identical-source-and-destination-addresses – Detects
identical source and destination addresses
• impersonation-attack-detected – Detects impersonation
attack
• invalid-8021x-frames – Detects invalid 802.1X frames
• non-changing-wep-iv – Detects non-changing wepiv
• replay-injection-attack – Detects replay injection attack
• suspicious-ap-high-rssi – Detects suspicious ap -high rssi
• tkip-mic-counter-measures-caused-by-station – Filters
mobile units causing tkip mic counter measures
• transmitting-device-using-invalid-mac – Detects
transmitting device using invalid MAC
• unauthorized-ap-using-authorized-ssid – Detects
unauthorized ap using authorized ssid
• unencrypted-station-transmission-detected – Detects
unencrypted wired leakage
To Next Page
Loading...
