Wireless Access Point
Configuring the Wireless AP 373
The AP provides a suite of intrusion detection and prevention options to improve
network security. You can separately enable detection of the following types of
problems:
Rogue Access Point Detection and Blocking
Unknown APs are detected, and may be automatically blocked based on
a number of criteria. See “About Blocking Rogue APs” on page 375.
Denial of Service (DoS) or Availability Attack Detection
A DoS attack attempts to flood an AP with communications requests so
that it cannot respond to legitimate traffic, or responds so slowly that it
becomes effectively unavailable. The AP can detect a number of types of
DoS attacks, as described in the table below. When an attack is detected,
the AP logs a Syslog message at the Alert level.
Impersonation Detection
These malicious attacks use various techniques to impersonate a
legitimate AP or station, often in order to eavesdrop on wireless
communications. The AP detects a number of types of impersonation
attacks, as described in the table below. When an attack is detected, the
AP logs a Syslog message at the Alert level.
Type of Attack Description
DoS Attacks
Beacon Flood Generating thousands of counterfeit 802.11 beacons to
make it hard for stations to find a legitimate AP.
Probe Request
Flood
Generating thousands of counterfeit 802.11 probe requests
to overburden the AP.
Authentication
Flood
Sending forged Authenticates from random MAC
addresses to fill the AP's association table.
Association
Flood
Sending forged Associates from random MAC addresses
to fill the AP's association table.
To Next Page
Loading...
Need help?
General
