Configuration Guide Configuring WIDS
auth: Indicates Authentication packets.
deauth: Indicates Deauthentication packets.
null-data: Indicates Null packets.
num: Indicates the packet threshold of flooding attack detection ranging from 1 to 5,000.
time: Indicates the interval of flooding attack detection ranging from 10 to 60 seconds.
All packet thresholds of flooding attack detection, by default, 300 for single-STA, 500 for multi-STA, and 10
seconds of the statistic interval
Configuring Spoofing Attack Detection
(Optional) Spoofing attack detection is disabled by default.
To configure the threshold and interval of a specified type of packets in spoofing attack detection, the same as above.
attack-detection spoof { threshold num |interval time }
threshold num: Indicates the packet threshold of spoofing attack detection ranging from 1 to 1,000.
interval time: Indicates the interval of spoofing attack detection ranging from 10 to 60 seconds.
By default, the packet threshold is 1 and the detection interval is 50 seconds.
Configuring Weak IV Attack Detection
(Optional) The Weak IV attack detection function is disabled by default.
To configure the thresholds and intervals for specified types of packets in Weak IV attack detection, the same as above.
attack-detection weak-iv { threshold num| interval time }
threshold num: Indicates the packet threshold of weak IV attack detection ranging from 1 to 10,000.
interval time: Indicates the interval of weak IV attack detection ranging from 1 to 60 seconds.
The default interval of Weak IV detection is 15 seconds, and the default detection threshold is 10.
Verification
Carry out related verifications based on the IDS attack detection type:
DDoS attack detection, detecting the ARP packet attack, ICMP packet attack and SYN packet attack.
Flooding attack detection, detecting the multi-STA flooding attack and single-STA flooding attack.
Spoofing attack detection, detecting the broadcast disassociation and deauthentication packet attacks.
To Next Page
Loading...
